Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

nt32.exe, 315load32.exe, load32.exe killing my access to almost everything


  • This topic is locked This topic is locked
21 replies to this topic

#1 Dice20

Dice20

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 12 February 2014 - 10:40 AM

I don't know how to get it off my PC
 
My PC started not wanting to download torrents or open certain files so i looked into it a bit and saw some files had been added onto my PC tried to run the spybot program and it would just open and close right away. At this point I knew their had to be an issue. So I brought up task manager and and watched what process were running and tried opening it again and wouldn't you know it the 315load32.exe popped up. and would allow it to run. So i tracked the sucker down in my PC and tried to delete it. I figured I'd look up some info on it since I hadn't ever seen it before and everywhere I looked said the nt32.exe and the load32.exe would be there as well. So I started going through my C drive and they were there. tried deleting them but when i restarted my PC and checked again they were there again so I figured I'd approach the community for some help.  There was another person who was going thru something similar so I tried to follow the first step in thiers and got this error when I attempted to download and run a program "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access them" I am running my PC as an admin so not sure how I don't have access. Any and all help would be helpful.
 
I tried to run MBAM and Spybot but it keeps saying I have no access says I don't have the right permissions 
 
http://www.bleepingcomputer.com/forums/t/523778/nt32exe-315load32exe-load32exe-killing-my-access-help-please/ 
 
 
It's done something new now it has now has my Win7 show it's not Genuine

Hello again now it's done something even newer. I went to sleep last night (with my PC on because you raid not to do anything else to it) and when I woke up this morning it was off. Thought it was a bit edite, so I turned it back on. It said it was installing some update and then turned on to nothing but a black screen. Selected cntrl+alt+delete and was able to bring up my task manager but that is all. Looking in the task manager I can see my files but I can't access them. Any thoughts.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428
Run by user at 10:25:37 on 2014-02-12
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.8055.5607 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskmgr.exe
C:\ProgramData\NTKernel\nt32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\WScript.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uWinlogon: Shell = explorer.exe,"C:\ProgramData\load32.exe"
uWindows: Load = C:\NTKernel\nt32.exe
mWinlogon: Userinit = userinit.exe
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
mRun: [NT Kernel Service] C:\NTKernel\nt32.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows"
StartupFolder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url
StartupFolder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wuapp.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{C4E37798-C52C-4151-94F4-058E72A0CC5A} : DHCPNameServer = 192.168.0.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: AvastSvc.exe - C:\Users\user\Documents\315load32.exe
IFEO: AvastUI.exe - C:\Users\user\Documents\315load32.exe
IFEO: avcenter.exe - C:\Users\user\Documents\315load32.exe
IFEO: avconfig.exe - C:\Users\user\Documents\315load32.exe
IFEO: avgcsrvx.exe - C:\Users\user\Documents\315load32.exe
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: AvastSvc.exe - C:\Users\user\Documents\315load32.exe
x64-IFEO: AvastUI.exe - C:\Users\user\Documents\315load32.exe
x64-IFEO: avcenter.exe - C:\Users\user\Documents\315load32.exe
x64-IFEO: avconfig.exe - C:\Users\user\Documents\315load32.exe
x64-IFEO: avgcsrvx.exe - C:\Users\user\Documents\315load32.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-3 203776]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-3 13336]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-11-3 635416]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-3 2320920]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-11-12 283064]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-11-3 56344]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-3 346144]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2013/10/02 20:31:04;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2013-10-2 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 NIS;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [?]
S2 NOBU;Norton Online Backup;"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE --> C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [?]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-2-9 3921880]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-2-9 1042272]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-2-9 171416]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-18 19456]
S3 SaiH8000;SaiH8000;C:\Windows\System32\drivers\SaiH8000.sys [2008-4-4 178560]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-18 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-17 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-02-12 15:24:10 -------- d--h--w- C:\ProgramData\NTKernel
2014-02-12 12:28:19 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-12 12:28:19 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-12 12:28:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 03:52:40 6172 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2014-02-09 23:54:45 -------- d-----w- C:\Program Files (x86)\Lavasoft
2014-02-09 23:48:30 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-02-09 23:47:21 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-09 19:40:07 -------- d-----w- C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
2014-02-09 05:15:59 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1309BA1-2AD1-4453-9B31-DDE46864FE9E}\mpengine.dll
2014-02-09 02:24:58 -------- d-----w- C:\Users\user\AppData\Roaming\Spybot - Search & Destroy
2014-02-07 23:31:57 -------- d-----w- C:\define
2014-02-07 04:21:18 244224 --sha-r- C:\ProgramData\load32.exe
2014-02-07 04:21:18 244224 --sha-r- C:\315load32.exe
2014-01-24 03:08:09 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2014-01-24 02:10:52 -------- d-----w- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-23 11:10:25 -------- d-sh--w- C:\Cypher License Information LT
2014-01-23 11:10:21 -------- d-----w- C:\Users\user\AppData\Roaming\DMM
2014-01-15 08:04:50 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 08:04:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 08:04:49 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 08:04:49 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 08:04:49 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 08:04:49 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 08:04:49 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 08:04:45 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 08:04:44 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
.
==================== Find3M  ====================
.
2014-02-05 02:43:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 02:43:12 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-16 14:59:44 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
.
============= FINISH: 10:26:10.46 ===============

Attached Files


Edited by Dice20, 13 February 2014 - 05:32 AM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:07 AM

Posted 13 February 2014 - 09:14 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Dice20

Dice20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 13 February 2014 - 10:35 AM

I can only access my desktop thru my task manager atm

 

when I was doing the first scan my PC rebooted in the middle of it by itself  so I ran it a second time and this is result

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-13 09:38:28
-----------------------------
09:38:28.520    OS Version: Windows x64 6.1.7601 Service Pack 1
09:38:28.520    Number of processors: 4 586 0x2505
09:38:28.522    ComputerName: USER-HP  UserName: user
09:38:30.800    Initialize success
09:38:48.944    AVAST engine defs: 14021300
09:38:51.279    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:38:51.282    Disk 0 Vendor: ST1000DM HP33 Size: 953869MB BusType: 8
09:38:51.368    Disk 0 MBR read successfully
09:38:51.372    Disk 0 MBR scan
09:38:51.378    Disk 0 unknown MBR code
09:38:51.383    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
09:38:51.398    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       941423 MB offset 206848
09:38:51.430    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        12344 MB offset 1928241152
09:38:51.471    Disk 0 scanning C:\Windows\system32\drivers
09:39:03.568    Service scanning
09:39:13.185    Service NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\ENG64.SYS **LOCKED** 5
09:39:13.682    Service NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\EX64.SYS **LOCKED** 5
09:39:23.423    Modules scanning
09:39:23.433    Disk 0 trace - called modules:
09:39:23.447    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
09:39:23.454    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a8e060]
09:39:23.461    3 CLASSPNP.SYS[fffff88001ad743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800771c050]
09:39:25.291    AVAST engine scan C:\Windows
09:39:29.808    AVAST engine scan C:\Windows\system32
09:44:02.523    AVAST engine scan C:\Windows\system32\drivers
09:44:25.709    AVAST engine scan C:\Users\user
09:54:17.048    File: C:\Users\user\AppData\Local\Temp\15756  **INFECTED** MSIL:Crypt-TW [Trj]
09:54:17.307    File: C:\Users\user\AppData\Local\Temp\38807  **INFECTED** MSIL:Crypt-TW [Trj]
09:54:17.458    File: C:\Users\user\AppData\Local\Temp\4257  **INFECTED** MSIL:Crypt-TW [Trj]
09:54:17.761    File: C:\Users\user\AppData\Local\Temp\69595  **INFECTED** MSIL:Crypt-TW [Trj]
09:54:17.831    File: C:\Users\user\AppData\Local\Temp\78714  **INFECTED** MSIL:Crypt-TW [Trj]
09:57:39.039    File: C:\Users\user\Documents\315load32.exe  **INFECTED** MSIL:Crypt-TW [Trj]
10:03:52.279    AVAST engine scan C:\ProgramData
10:06:06.228    File: C:\ProgramData\load32.exe  **INFECTED** MSIL:Crypt-TW [Trj]
10:06:46.316    File: C:\ProgramData\NTKernel\nt32.exe  **INFECTED** MSIL:Crypt-TW [Trj]
10:07:46.075    Scan finished successfully
10:30:02.028    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
10:30:02.038    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:07 AM

Posted 13 February 2014 - 11:18 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Dice20

Dice20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 13 February 2014 - 11:51 AM

the nt32.exe, load32.exe, and the  315load32.exe is blocking it from loading it will not even let me access my downloads folder anymore the error I'm getting is server execution failed


Edited by Dice20, 13 February 2014 - 12:01 PM.


#6 Dice20

Dice20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 13 February 2014 - 05:36 PM

....


Edited by Dice20, 13 February 2014 - 06:10 PM.


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:07 AM

Posted 14 February 2014 - 03:03 AM

Reboot into safe mode and try again, please


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 Dice20

Dice20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 14 February 2014 - 06:24 AM

tried it but saying I do not have permission still and the desktop is a black screen.



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:07 AM

Posted 14 February 2014 - 06:57 AM

OK, then we have to do this from outside:

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 Dice20

Dice20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 16 February 2014 - 07:42 AM

Sorry for the long response time

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by SYSTEM on MININT-K2GAN4Q on 16-02-2014 07:29:37
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM-x32\...\Run: [NT Kernel Service] - C:\NTKernel\nt32.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows"
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Guest\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\user\...\CurrentVersion\Windows: [Load] C:\NTKernel\nt32.exe <===== ATTENTION
HKU\user\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\load32.exe" [244224 2014-02-06] () <==== ATTENTION
IFEO\AvastSvc.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\AvastUI.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avcenter.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avconfig.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avgidsagent.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avgnt.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avgrsx.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avguard.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avgui.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avp.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avscan.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\bdagent.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\ccSvcHst.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\ccuac.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\ComboFix.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\egui.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\explorer.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\hijackthis.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\InstStub.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\instup.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\keyscrambler.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\mbam.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\mbamgui.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\mbampt.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\mbamservice.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\MSASCui.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\MsMpEng.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\msseces.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\NOBuAgent.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\rstrui.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\SDFiles.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\SDFSSvc.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\SDScan.exe: [Debugger] \315load32.exe
IFEO\SDTray.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\SDUpdSvc.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\SDWelcome.exe: [Debugger] \315load32.exe
IFEO\SDWSCSvc.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\spybotsd.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\wireshark.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\zlclient.exe: [Debugger] C:\Users\user\Documents\315load32.exe
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wuapp.exe ()

==================== Services (Whitelisted) =================

S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [241648 2011-03-22] (CyberLink)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-09-05] ()
S2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\diMaster.dll" /prefetch:1
S2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [X]
S2 SDScannerService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [X]
S2 SDUpdateService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [X]

==================== Drivers (Whitelisted) ====================

S3 Cpqdfw; C:\Windows\System32\drivers\cpqdfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] ()
S3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-12] (Disc Soft Ltd)
S3 SaiH8000; C:\Windows\System32\DRIVERS\SaiH8000.sys [178560 2008-04-04] (Saitek)
S1 SRTSP; C:\Windows\system32\drivers\NISx64\1200000.080\SRTSP64.SYS [701800 2010-05-23] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1200000.080\SRTSPX64.SYS [38248 2010-05-23] (Symantec Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20100528.021\EX64.SYS [X]
S3 scmsupp; \??\C:\Users\user\AppData\Local\Temp\scmsupp.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-16 07:29 - 2014-02-16 07:29 - 00000000 ____D () C:\FRST
2014-02-16 01:43 - 2014-02-16 01:45 - 258651298 ____R () C:\Users\user\Downloads\[Doki] Sakura Trick - 06 (1280x720 Hi10P AAC) [3D7AE39B].mkv
2014-02-15 21:51 - 2014-02-15 21:57 - 364353942 _____ () C:\Users\user\Downloads\[Commie] Log Horizon - 20 [8A10FF64].mkv
2014-02-15 19:21 - 2014-02-15 19:22 - 16566086 ____R () C:\Users\user\Downloads\[UTW]_Chuunibyou_demo_Koi_ga_bleepai!_Ren_Lite_-_04_[D21A3049].mkv
2014-02-15 16:08 - 2014-02-15 16:12 - 576038018 ____R () C:\Users\user\Downloads\[HorribleSubs] Wake Up, Girls! - 06 [1080p].mkv
2014-02-15 16:07 - 2014-02-15 16:31 - 407278779 _____ () C:\Users\user\Downloads\[Underwater-Vivid] Nagi no Asukara - 19 (720p) [0428A4BE].mkv
2014-02-15 16:07 - 2014-02-15 16:13 - 250295499 ____R () C:\Users\user\Downloads\[WhyNot] Silver Spoon S2 - 06 [6E10A2DA].mkv
2014-02-15 16:06 - 2014-02-15 16:21 - 470189131 _____ () C:\Users\user\Downloads\[FFF] Mahou Sensou - 06 [45BFF82E].mkv
2014-02-15 16:06 - 2014-02-15 16:16 - 385661305 ____R () C:\Users\user\Downloads\[FFF] Golden Time - 18 [B04AC735].mkv
2014-02-15 16:06 - 2014-02-15 16:13 - 289029013 ____R () C:\Users\user\Downloads\[FFF] Strike the Blood - 18 [21EC9180].mkv
2014-02-15 16:05 - 2014-02-15 16:07 - 207611588 _____ () C:\Users\user\Downloads\[Commie] Space Brothers - 94 [3A4222EA].mkv
2014-02-13 20:32 - 2014-02-13 20:33 - 87371823 _____ () C:\Users\user\Downloads\[Vivid] Pupa - 06 [A53701EB].mkv
2014-02-13 20:31 - 2014-02-13 20:41 - 675918952 ____R () C:\Users\user\Downloads\[Underwater] KILL la KILL - 18 (720p) [F435803D].mkv
2014-02-13 20:31 - 2014-02-13 20:38 - 432667492 ____R () C:\Users\user\Downloads\[FTW]_Chuunibyou_demo_Koi_ga_bleepai!_Ren_-_06_[720p][6A43A850].mkv
2014-02-13 20:30 - 2014-02-13 20:43 - 306201591 ____R () C:\Users\user\Downloads\[gg]_Tokyo_Ravens_-_18_[0D707E08].mkv
2014-02-13 20:30 - 2014-02-13 20:38 - 319682805 _____ () C:\Users\user\Downloads\[FFF] Nisekoi - 05 [5BC26FA9].mkv
2014-02-13 20:30 - 2014-02-13 20:37 - 285960460 _____ () C:\Users\user\Downloads\[Commie] Samurai Flamenco - 17 [4A81F54F].mkv
2014-02-13 14:36 - 2014-02-13 14:36 - 05180679 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-02-13 11:11 - 2014-02-13 11:20 - 514568459 _____ () C:\Users\user\Downloads\[SubDESU-H] Oni Chichi - 02 (BD 1080p x264 10bit FLAC) [ED483D3B].mkv
2014-02-13 11:11 - 2014-02-13 11:15 - 621779739 _____ () C:\Users\user\Downloads\[SubDESU-H] Oni Chichi - 01 (BD 1080p x264 10bit FLAC) [C47ED3C2].mkv
2014-02-13 08:48 - 2014-02-14 02:27 - 00000000 ___HD () C:\NTKernel
2014-02-13 08:46 - 2014-02-13 08:47 - 05180679 _____ (Swearware) C:\Users\user\Desktop\ComboFix.exe
2014-02-13 08:07 - 2014-02-13 08:12 - 377230294 _____ () C:\Users\user\Downloads\[Underwater] Mikakunin de Shinkoukei - Engaged to the Unidentified - 06 (720p) [v2][CCDA2800].mkv
2014-02-13 08:07 - 2014-02-13 08:09 - 77162041 ____R () C:\Users\user\Downloads\[Asenshi] Onee-chan ga Kita! - 06 [AEC1AE3F].mkv
2014-02-13 08:05 - 2014-02-13 08:13 - 382939754 ____R () C:\Users\user\Downloads\[Anime-Koi] Inari, Konkon, Koi Iroha - 05 [h264-720p][4EBC46B2].mkv
2014-02-13 07:30 - 2014-02-13 07:30 - 00002968 _____ () C:\Users\user\Desktop\aswMBR.txt
2014-02-13 07:30 - 2014-02-13 07:30 - 00000512 _____ () C:\Users\user\Desktop\MBR.dat
2014-02-13 06:36 - 2014-02-13 06:36 - 00274664 _____ () C:\Windows\Minidump\021314-15334-01.dmp
2014-02-13 06:29 - 2014-02-13 06:29 - 04745728 _____ (AVAST Software) C:\Users\user\Desktop\aswmbr.exe
2014-02-13 06:28 - 2014-02-13 06:28 - 04745728 _____ (AVAST Software) C:\Users\user\Downloads\aswmbr.exe
2014-02-13 02:46 - 2014-02-13 06:36 - 00000000 ____D () C:\Windows\Minidump
2014-02-13 02:46 - 2014-02-13 06:35 - 637108580 _____ () C:\Windows\MEMORY.DMP
2014-02-13 02:46 - 2014-02-13 02:46 - 00274664 _____ () C:\Windows\Minidump\021314-13072-01.dmp
2014-02-13 02:03 - 2013-12-31 15:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 02:03 - 2013-12-31 15:04 - 00420008 _____ () C:\Windows\System32\locale.nls
2014-02-13 02:03 - 2013-12-03 18:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\System32\secproc.dll
2014-02-13 02:03 - 2013-12-03 18:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2014-02-13 02:03 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2014-02-13 02:03 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2014-02-13 02:03 - 2013-12-03 18:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\System32\msdrm.dll
2014-02-13 02:03 - 2013-12-03 18:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2014-02-13 02:03 - 2013-12-03 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2014-02-13 02:03 - 2013-12-03 18:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2014-02-13 02:03 - 2013-12-03 18:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2014-02-13 02:03 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 02:03 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 02:03 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 02:03 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 02:03 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 02:03 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 02:03 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 02:03 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 02:03 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 20:50 - 2014-02-06 04:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-12 20:50 - 2014-02-06 03:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-12 20:50 - 2014-02-06 03:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-12 20:50 - 2014-02-06 03:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-12 20:50 - 2014-02-06 03:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-12 20:50 - 2014-02-06 03:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-12 20:50 - 2014-02-06 02:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-12 20:50 - 2014-02-06 02:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-12 20:50 - 2014-02-06 02:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-12 20:50 - 2014-02-06 02:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-12 20:50 - 2014-02-06 02:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-12 20:50 - 2014-02-06 02:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-12 20:50 - 2014-02-06 02:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 20:50 - 2014-02-06 02:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-12 20:50 - 2014-02-06 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 20:50 - 2014-02-06 02:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-12 20:50 - 2014-02-06 02:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-12 20:50 - 2014-02-06 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 20:50 - 2014-02-06 02:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 20:50 - 2014-02-06 01:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 20:50 - 2014-02-06 01:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-12 20:50 - 2014-02-06 01:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 20:50 - 2014-02-06 01:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 20:50 - 2014-02-06 01:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-12 20:50 - 2014-02-06 01:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 20:50 - 2014-02-06 01:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 20:50 - 2014-02-06 01:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 20:50 - 2014-02-06 01:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 20:50 - 2014-02-06 01:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 20:50 - 2014-02-06 01:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-12 20:50 - 2014-02-06 01:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-12 20:50 - 2014-02-06 01:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 20:50 - 2014-02-06 01:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 20:50 - 2014-02-06 01:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 20:50 - 2014-02-06 00:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-12 20:50 - 2014-02-06 00:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 20:50 - 2014-02-06 00:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-12 20:50 - 2014-02-06 00:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 20:50 - 2014-02-06 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 20:50 - 2013-12-21 01:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-02-12 20:50 - 2013-12-21 00:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 12:41 - 2014-02-12 12:43 - 150587910 _____ () C:\Users\user\Downloads\[SubDESU-H] Tenioha! Onna no Ko datte Honto wa Ecchi Da yo - 02 (852x480 x264 8bit AC3) [F58F0304].mp4
2014-02-12 07:26 - 2014-02-12 07:26 - 00030078 _____ () C:\Users\user\Desktop\attach.txt
2014-02-12 07:26 - 2014-02-12 07:26 - 00014867 _____ () C:\Users\user\Desktop\dds.txt
2014-02-12 07:24 - 2014-02-14 16:03 - 00000000 ___HD () C:\ProgramData\NTKernel
2014-02-12 07:23 - 2014-02-12 07:23 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.com
2014-02-12 07:22 - 2014-02-12 07:22 - 00688992 _____ (Swearware) C:\Users\user\Downloads\dds.com
2014-02-12 07:20 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 07:20 - 2013-12-24 14:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2014-02-12 07:20 - 2013-12-05 18:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-02-12 07:20 - 2013-12-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-02-12 07:20 - 2013-12-05 18:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 07:20 - 2013-12-05 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 07:20 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 07:20 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2014-02-12 04:48 - 2014-02-12 04:49 - 00000013 _____ () C:\Users\user\AppData\Roaming\mbam.context.scan
2014-02-12 04:36 - 2014-02-12 04:36 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\user\Downloads\rkill (1).exe
2014-02-12 04:32 - 2014-02-12 04:36 - 00003918 _____ () C:\Users\user\Desktop\Rkill.txt
2014-02-12 04:32 - 2014-02-12 04:36 - 00000000 ____D () C:\Users\user\Desktop\rkill
2014-02-12 04:31 - 2014-02-12 04:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\user\Downloads\rkill.exe
2014-02-12 04:31 - 2014-02-12 04:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\user\Downloads\rkill.com
2014-02-12 04:28 - 2014-02-12 04:28 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-12 04:28 - 2014-02-12 04:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 04:28 - 2014-02-12 04:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 04:28 - 2013-04-04 11:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-02-12 04:22 - 2014-02-12 04:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-12 04:22 - 2014-02-12 04:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-12 01:46 - 2014-02-12 01:46 - 00000000 ____D () C:\Users\user\Documents\ProcAlyzer Dumps
2014-02-12 01:31 - 2014-02-12 01:31 - 00000046 _____ () C:\Update.Microsoft.com.url
2014-02-11 23:05 - 2014-02-11 23:13 - 473617373 _____ () C:\Users\user\Downloads\[Vivid] D-Frag! - 06 [DC4FFD01].mkv
2014-02-11 23:02 - 2014-02-11 23:17 - 489832355 _____ () C:\Users\user\Downloads\[Hatsuyuki]_Magi_S2_-_19_[10bit][1280x720][D6BA875C].mkv
2014-02-11 23:01 - 2014-02-11 23:06 - 286624791 _____ () C:\Users\user\Downloads\[Watashi-Koi]_Wizard_Barristers_Benmashi_Cecil_-_05_[720p][425D0478].mkv
2014-02-11 23:01 - 2014-02-11 23:03 - 36828028 ____R () C:\Users\user\Downloads\[Doki] The iDOLM@STER - Onegai Cinderella (640x480 h264 AAC) [2FF25BF7].mkv
2014-02-11 23:00 - 2014-02-11 23:11 - 387271867 _____ () C:\Users\user\Downloads\[Anime-Koi] Hamatora - 06 [h264-720p][4016254E].mkv
2014-02-11 23:00 - 2014-02-11 23:06 - 566854495 ____R () C:\Users\user\Downloads\[HorribleSubs] Hunter X Hunter - 116 [1080p].mkv
2014-02-11 22:59 - 2014-02-11 23:11 - 496891459 ____R () C:\Users\user\Downloads\[FFF] Noragami - 06 [61065F88].mkv
2014-02-11 22:59 - 2014-02-11 23:10 - 547998053 ____R () C:\Users\user\Downloads\[FFF] Witch Craft Works - 06 [0B27DAB5].mkv
2014-02-11 22:59 - 2014-02-11 23:07 - 394399787 ____R () C:\Users\user\Downloads\[FFF] Sekai Seifuku ~Bouryaku no Zvezda~ - 05 [D2907CFC].mkv
2014-02-11 21:59 - 2014-02-11 21:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf27b78d07a6e8.job
2014-02-11 19:52 - 2014-02-14 16:07 - 00006172 _____ () C:\Windows\System32\PerfStringBackup.TMP
2014-02-11 19:47 - 2014-02-15 01:11 - 00005984 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-11 19:47 - 2014-02-15 01:11 - 00005984 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-11 19:47 - 2014-02-11 19:47 - 00000552 _____ () C:\Windows\System32\spsys.log
2014-02-10 15:25 - 2014-02-10 15:34 - 390237174 _____ () C:\Users\user\Downloads\[SubDESU-H] Ane Jiru Core Mix (852x480 x264 8bit AC3) [F039269A].mp4
2014-02-10 15:17 - 2014-02-10 15:26 - 314484990 ____R () C:\Users\user\Downloads\[A-Destiny] Kingdom S2 - 36 (1280x720 Hi10p AAC) [DC3202D4].mkv
2014-02-10 15:16 - 2014-02-10 15:36 - 511475912 _____ () C:\Users\user\Downloads\[WhyNot] Phi Brain - Kami no Puzzle S3 - 19 [F5A16076].mkv
2014-02-10 15:15 - 2014-02-10 15:32 - 558874168 _____ () C:\Users\user\Downloads\[UTW]_Seitokai_Yakuindomo_Bleep_-_06_[h264-720p][D681DF84].mkv
2014-02-10 15:14 - 2014-02-10 15:21 - 406209296 ____R () C:\Users\user\Downloads\[Anime-Koi] Buddy Complex - 06 [h264-720p][E49F901B].mkv
2014-02-10 15:13 - 2014-02-10 15:21 - 568568024 _____ () C:\Users\user\Downloads\[HorribleSubs] SoniAni - SUPER SONICO THE ANIMATION - 06 [1080p].mkv
2014-02-10 15:10 - 2014-02-10 15:20 - 202316202 ____R () C:\Users\user\Downloads\[Commie] Toaru Hikuushi e no Koiuta - 06 [1EC68D1E].mkv
2014-02-10 15:09 - 2014-02-10 15:25 - 652091722 ____R () C:\Users\user\Downloads\[Commie] Space Dandy - 06 [4C16135B].mkv
2014-02-10 15:09 - 2014-02-10 15:18 - 445502466 _____ () C:\Users\user\Downloads\[Commie] Nobunaga the Fool - 06 [D5ABAEF3].mkv
2014-02-10 15:09 - 2014-02-10 15:15 - 356158730 _____ () C:\Users\user\Downloads\[Commie] Yowamushi Pedal - 18 [90AD0774].mkv
2014-02-10 02:17 - 2014-02-10 02:17 - 00450770 ____R () C:\Windows\System32\Drivers\etc\hosts.20140210-051716.backup
2014-02-10 01:10 - 2014-02-10 01:10 - 00000000 ____D () C:\Users\user\Downloads\140207-1A-RJ129346
2014-02-09 19:58 - 2014-02-09 20:05 - 334920103 _____ () C:\Users\user\Downloads\140207-1A-RJ129346.rar
2014-02-09 17:11 - 2014-02-09 17:17 - 372970797 _____ () C:\Users\user\Downloads\[ChihiroDesuYo] Nourin - 05 (1280x720 10bit AAC) [4A7A622D].mkv
2014-02-09 17:09 - 2014-02-09 17:11 - 86354477 _____ () C:\Users\user\Downloads\[Vivid] Tonari no Seki-kun - 07 [CB375BE9].mkv
2014-02-09 17:08 - 2014-02-09 17:13 - 547908223 ____R () C:\Users\user\Downloads\[HorribleSubs] Hajime no Ippo - Rising - 18 [1080p].mkv
2014-02-09 17:07 - 2014-02-09 17:11 - 309731597 _____ () C:\Users\user\Downloads\[UTW-Mazui]_Motto_Marutto_Railgun_-_IV_[BD][h264-1080p][FLAC][0EC38929].mkv
2014-02-09 15:54 - 2014-02-09 15:54 - 00001198 _____ () C:\Users\Public\Desktop\Ad-Watch SE Professional.lnk
2014-02-09 15:54 - 2014-02-09 15:54 - 00001198 _____ () C:\Users\Public\Desktop\Ad-Aware SE Professional.lnk
2014-02-09 15:54 - 2014-02-09 15:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\Lavasoft
2014-02-09 15:54 - 2014-02-09 15:54 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-02-09 15:48 - 2014-02-09 15:48 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-09 15:48 - 2014-02-09 15:48 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-02-09 15:48 - 2014-02-09 15:48 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-02-09 15:48 - 2014-02-09 15:48 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-02-09 15:48 - 2013-09-20 07:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2014-02-09 15:47 - 2014-02-11 19:48 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-09 15:30 - 2014-02-09 15:32 - 00027462 _____ () C:\Users\user\Downloads\Result.txt
2014-02-09 15:29 - 2014-02-09 15:29 - 00982016 _____ (Farbar) C:\Users\user\Downloads\MiniToolBox.exe
2014-02-09 15:27 - 2014-02-09 15:27 - 00453632 _____ (Farbar) C:\Users\user\Downloads\FSS.exe
2014-02-09 15:27 - 2014-02-09 15:27 - 00002082 _____ () C:\Users\user\Downloads\FSS.txt
2014-02-09 12:33 - 2014-02-09 15:43 - 00000000 _____ () C:\Users\user\Downloads\SecurityCheck (1).exe
2014-02-09 12:30 - 2014-02-09 12:30 - 00987425 _____ () C:\Users\user\Desktop\SecurityCheck.exe
2014-02-09 12:07 - 2014-02-09 12:07 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\user\Downloads\spybot-2.2.exe
2014-02-09 11:40 - 2014-02-09 11:40 - 00000000 ____D () C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
2014-02-09 10:08 - 2014-02-09 10:08 - 00000000 _____ () C:\Users\user\Downloads\[HorribleSubs] Hajime no Ippo - Rising - 18 [1080p].mkv.torrent.v14j9xj.partial
2014-02-09 10:07 - 2014-02-09 10:11 - 566256937 ____R () C:\Users\user\Downloads\[HorribleSubs] Nobunagun - 06 [1080p].mkv
2014-02-09 05:32 - 2014-02-09 05:38 - 317825925 ____R () C:\Users\user\Downloads\[Commie] Ace of the Diamond - 18 [A91A42A0].mkv
2014-02-09 05:32 - 2014-02-09 05:37 - 496034077 ____R () C:\Users\user\Downloads\[Commie] Log Horizon - 19 [AB984D84].mkv
2014-02-08 18:24 - 2014-02-08 18:24 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spybot - Search & Destroy
2014-02-08 15:06 - 2014-02-08 15:12 - 284139059 _____ () C:\Users\user\Downloads\[FFF] Golden Time - 17 [169ED5FA].mkv
2014-02-08 15:06 - 2014-02-08 15:10 - 309945348 ____R () C:\Users\user\Downloads\[FFF] Strike the Blood - 17 [9C8FF21F].mkv
2014-02-08 15:05 - 2014-02-08 15:10 - 476143035 _____ () C:\Users\user\Downloads\[FFF] Mahou Sensou - 05 [695235E2].mkv
2014-02-08 15:05 - 2014-02-08 15:08 - 183512289 ____R () C:\Users\user\Downloads\[Commie] Space Brothers - 93 [1EE7095D].mkv
2014-02-07 20:31 - 2014-02-07 20:41 - 537989585 _____ () C:\Users\user\Downloads\[Underwater-Vivid] Nagi no Asukara - 18 (720p) [9945FB8A].mkv
2014-02-07 19:46 - 2014-02-07 19:49 - 574289973 ____R () C:\Users\user\Downloads\[HorribleSubs] ZX IGNITION - 05 [1080p].mkv
2014-02-07 19:00 - 2014-02-07 19:06 - 575465365 ____R () C:\Users\user\Downloads\[HorribleSubs] Wake Up, Girls! - 05 [1080p].mkv
2014-02-07 15:31 - 2014-02-07 15:31 - 00000000 ____D () C:\Users\user\Downloads\3_Hypn0t1sms
2014-02-07 15:31 - 2014-02-07 15:31 - 00000000 ____D () C:\define
2014-02-07 14:44 - 2014-02-07 14:47 - 268838278 _____ () C:\Users\user\Downloads\[Doki] Sakura Trick - 05 (1280x720 Hi10P AAC) [BC6D7093].mkv
2014-02-07 14:44 - 2014-02-07 14:47 - 251567508 _____ () C:\Users\user\Downloads\[WhyNot] Silver Spoon S2 - 05 [D319074B].mkv
2014-02-07 14:43 - 2014-02-07 14:47 - 379496407 ____R () C:\Users\user\Downloads\[Underwater] KILL la KILL - 17 (720p) [F8059CB2].mkv
2014-02-06 20:21 - 2014-02-14 02:02 - 00000000 _____ () C:\Users\user\Documents\315load32.exe
2014-02-06 20:21 - 2014-02-06 20:20 - 00244224 __RSH () C:\ProgramData\load32.exe
2014-02-06 20:21 - 2014-02-06 20:20 - 00244224 __RSH () C:\315load32.exe
2014-02-06 20:15 - 2014-02-06 21:13 - 250822647 _____ () C:\Users\user\Downloads\3_Hypn0t1sms.part2.rar
2014-02-06 18:50 - 2014-02-06 20:04 - 315000000 _____ () C:\Users\user\Downloads\3_Hypn0t1sms.part1.rar
2014-02-06 18:38 - 2014-02-06 18:40 - 105917281 _____ () C:\Users\user\Downloads\[Vivid] Pupa - 05 [E49BF40E].mkv
2014-02-06 18:37 - 2014-02-06 18:39 - 172286586 _____ () C:\Users\user\Downloads\[Commie] Samurai Flamenco - 16 [9C194CDA].mkv
2014-02-06 07:09 - 2014-02-06 07:16 - 490544117 ____R () C:\Users\user\Downloads\[FTW]_Chuunibyou_demo_Koi_ga_bleepai!_Ren_-_05_[720p][A74AB2C0].mkv
2014-02-06 07:08 - 2014-02-06 07:12 - 235780251 _____ () C:\Users\user\Downloads\[Underwater] Mikakunin de Shinkoukei - Engaged to the Unidentified - 05 (720p) [68AC3599].mkv
2014-02-05 01:38 - 2014-02-05 01:43 - 522226896 ____R () C:\Users\user\Downloads\[FFF] Hoozuki no Reitetsu - 04 [1683E062].mkv
2014-02-05 01:37 - 2014-02-05 01:50 - 408461452 ____R () C:\Users\user\Downloads\[gg]_Tokyo_Ravens_-_17_[3EE79492].mkv
2014-02-03 17:05 - 2014-02-03 17:12 - 307138859 ____R () C:\Users\user\Downloads\[FFF] Nisekoi - 04 [DD174685].mkv
2014-02-02 18:15 - 2014-02-02 18:24 - 500305693 _____ () C:\Users\user\Downloads\[Asenshi] Kuroko no Basuke 2 - 17 [FFC6DA48].mkv
2014-02-01 02:07 - 2014-02-01 02:08 - 15362863 ____R () C:\Users\user\Downloads\[UTW]_Chuunibyou_demo_Koi_ga_bleepai!_Ren_Lite_-_03_[3470CCC3].mkv
2014-01-31 15:33 - 2014-01-31 15:34 - 32765906 _____ () C:\Users\user\Downloads\[Migoto] Strange+ - 04 (1280x720 Hi10P AAC) [927A83C3].mkv
2014-01-26 06:34 - 2014-01-26 06:47 - 00000000 ____D () C:\Users\user\Downloads\[DameDesuYo] Yuusha ni Narenakatta Ore wa Shibushibu Shuushoku wo Ketsui Shimableepa - Vol. 1 Bonus CD (FLAC)
2014-01-26 06:32 - 2014-01-26 06:46 - 00000000 ____D () C:\Users\user\Downloads\[DameDesuYo] Yuushibu - Vol. 1 (BD 1080p 10bit FLAC)
2014-01-26 02:36 - 2014-01-26 02:44 - 455755726 _____ () C:\Users\user\Downloads\[くるるるる] スクール水着の淫乱発情JKと汗だくねっとりエッチ!オナホ感覚で妹の身体を遊んでみた.rar
2014-01-25 16:21 - 2014-01-25 18:47 - 00000000 ____D () C:\Users\user\Downloads\yoshino
2014-01-25 05:46 - 2014-01-25 05:46 - 00000000 ____D () C:\Users\user\Downloads\(同人ソフト) [液魂研究会] ないしょのはだかあぞび (DMM version)
2014-01-23 19:08 - 2014-01-23 19:08 - 00000000 ____D () C:\Program Files (x86)\Combined Community Codec Pack
2014-01-23 18:18 - 2014-01-23 18:18 - 00002219 _____ () C:\Users\user\Desktop\HP Support Assistant.lnk
2014-01-23 18:10 - 2014-01-23 18:10 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-23 03:10 - 2014-01-23 03:10 - 00000000 __SHD () C:\Cypher License Information LT
2014-01-23 03:10 - 2014-01-23 03:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\DMM
2014-01-23 03:10 - 2014-01-23 03:10 - 00000000 _____ () C:\Windows\AI6WIN.INI
2014-01-21 21:52 - 2014-01-21 21:53 - 78747063 _____ () C:\Users\user\Downloads\[Anime-Koi] Wooser no Sono Higurashi Kakusei Hen - 02 [h264-720p][EC409F35].mkv
2014-01-19 09:19 - 2014-01-23 03:03 - 00000000 ____D () C:\Users\user\Downloads\[130808] [エルフ] 麻呂の患者はガテン系2 [Cracked Version]
2014-01-19 09:18 - 2014-01-23 03:03 - 00000000 ____D () C:\Users\user\Downloads\[130425] [エルフ] 麻呂の患者はガテン系 [Cracked Version]
2014-01-19 04:40 - 2014-01-19 04:46 - 533165488 _____ () C:\Users\user\Downloads\(同人ソフト) [液魂研究会] ないしょのはだかあぞび (DMM version).rar
2014-01-18 17:15 - 2014-01-18 17:19 - 00000000 ____D () C:\Users\user\Downloads\[gg]_Corpse_Party_Tortured_Souls_(BD,1080p)

==================== One Month Modified Files and Folders =======

2014-02-16 07:29 - 2014-02-16 07:29 - 00000000 ____D () C:\FRST
2014-02-16 04:24 - 2013-08-16 17:45 - 00000000 ____D () C:\Users\user\AppData\Roaming\BitTorrent
2014-02-16 04:24 - 2011-11-03 00:46 - 01829502 _____ () C:\Windows\WindowsUpdate.log
2014-02-16 04:24 - 2009-07-13 20:51 - 00037579 _____ () C:\Windows\setupact.log
2014-02-16 01:45 - 2014-02-16 01:43 - 258651298 ____R () C:\Users\user\Downloads\[Doki] Sakura Trick - 06 (1280x720 Hi10P AAC) [3D7AE39B].mkv
2014-02-16 00:03 - 2013-08-16 17:19 - 00000000 ____D () C:\Windows\System32\MRT
2014-02-16 00:00 - 2013-08-16 17:19 - 88567024 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-02-15 21:57 - 2014-02-15 21:51 - 364353942 _____ () C:\Users\user\Downloads\[Commie] Log Horizon - 20 [8A10FF64].mkv
2014-02-15 19:22 - 2014-02-15 19:21 - 16566086 ____R () C:\Users\user\Downloads\[UTW]_Chuunibyou_demo_Koi_ga_bleepai!_Ren_Lite_-_04_[D21A3049].mkv
2014-02-15 16:31 - 2014-02-15 16:07 - 407278779 _____ () C:\Users\user\Downloads\[Underwater-Vivid] Nagi no Asukara - 19 (720p) [0428A4BE].mkv
2014-02-15 16:21 - 2014-02-15 16:06 - 470189131 _____ () C:\Users\user\Downloads\[FFF] Mahou Sensou - 06 [45BFF82E].mkv
2014-02-15 16:16 - 2014-02-15 16:06 - 385661305 ____R () C:\Users\user\Downloads\[FFF] Golden Time - 18 [B04AC735].mkv
2014-02-15 16:13 - 2014-02-15 16:07 - 250295499 ____R () C:\Users\user\Downloads\[WhyNot] Silver Spoon S2 - 06 [6E10A2DA].mkv
2014-02-15 16:13 - 2014-02-15 16:06 - 289029013 ____R () C:\Users\user\Downloads\[FFF] Strike the Blood - 18 [21EC9180].mkv
2014-02-15 16:12 - 2014-02-15 16:08 - 576038018 ____R () C:\Users\user\Downloads\[HorribleSubs] Wake Up, Girls! - 06 [1080p].mkv
2014-02-15 16:07 - 2014-02-15 16:05 - 207611588 _____ () C:\Users\user\Downloads\[Commie] Space Brothers - 94 [3A4222EA].mkv
2014-02-15 01:11 - 2014-02-11 19:47 - 00005984 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-15 01:11 - 2014-02-11 19:47 - 00005984 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-14 16:07 - 2014-02-11 19:52 - 00006172 _____ () C:\Windows\System32\PerfStringBackup.TMP
2014-02-14 16:03 - 2014-02-12 07:24 - 00000000 ___HD () C:\ProgramData\NTKernel
2014-02-14 02:27 - 2014-02-13 08:48 - 00000000 ___HD () C:\NTKernel
2014-02-14 02:02 - 2014-02-06 20:21 - 00000000 _____ () C:\Users\user\Documents\315load32.exe
2014-02-13 21:54 - 2011-11-03 00:47 - 00000000 ____D () C:\ProgramData\PDFC
2014-02-13 20:43 - 2014-02-13 20:30 - 306201591 ____R () C:\Users\user\Downloads\[gg]_Tokyo_Ravens_-_18_[0D707E08].mkv
2014-02-13 20:41 - 2014-02-13 20:31 - 675918952 ____R () C:\Users\user\Downloads\[Underwater] KILL la KILL - 18 (720p) [F435803D].mkv
2014-02-13 20:38 - 2014-02-13 20:31 - 432667492 ____R () C:\Users\user\Downloads\[FTW]_Chuunibyou_demo_Koi_ga_bleepai!_Ren_-_06_[720p][6A43A850].mkv
2014-02-13 20:38 - 2014-02-13 20:30 - 319682805 _____ () C:\Users\user\Downloads\[FFF] Nisekoi - 05 [5BC26FA9].mkv
2014-02-13 20:37 - 2014-02-13 20:30 - 285960460 _____ () C:\Users\user\Downloads\[Commie] Samurai Flamenco - 17 [4A81F54F].mkv
2014-02-13 20:33 - 2014-02-13 20:32 - 87371823 _____ () C:\Users\user\Downloads\[Vivid] Pupa - 06 [A53701EB].mkv
2014-02-13 14:36 - 2014-02-13 14:36 - 05180679 _____ (Swearware) C:\Users\user\Downloads\ComboFix.exe
2014-02-13 11:20 - 2014-02-13 11:11 - 514568459 _____ () C:\Users\user\Downloads\[SubDESU-H] Oni Chichi - 02 (BD 1080p x264 10bit FLAC) [ED483D3B].mkv
2014-02-13 11:15 - 2014-02-13 11:11 - 621779739 _____ () C:\Users\user\Downloads\[SubDESU-H] Oni Chichi - 01 (BD 1080p x264 10bit FLAC) [C47ED3C2].mkv
2014-02-13 08:47 - 2014-02-13 08:46 - 05180679 _____ (Swearware) C:\Users\user\Desktop\ComboFix.exe
2014-02-13 08:13 - 2014-02-13 08:05 - 382939754 ____R () C:\Users\user\Downloads\[Anime-Koi] Inari, Konkon, Koi Iroha - 05 [h264-720p][4EBC46B2].mkv
2014-02-13 08:12 - 2014-02-13 08:07 - 377230294 _____ () C:\Users\user\Downloads\[Underwater] Mikakunin de Shinkoukei - Engaged to the Unidentified - 06 (720p) [v2][CCDA2800].mkv
2014-02-13 08:09 - 2014-02-13 08:07 - 77162041 ____R () C:\Users\user\Downloads\[Asenshi] Onee-chan ga Kita! - 06 [AEC1AE3F].mkv
2014-02-13 07:30 - 2014-02-13 07:30 - 00002968 _____ () C:\Users\user\Desktop\aswMBR.txt
2014-02-13 07:30 - 2014-02-13 07:30 - 00000512 _____ () C:\Users\user\Desktop\MBR.dat
2014-02-13 06:36 - 2014-02-13 06:36 - 00274664 _____ () C:\Windows\Minidump\021314-15334-01.dmp
2014-02-13 06:36 - 2014-02-13 02:46 - 00000000 ____D () C:\Windows\Minidump
2014-02-13 06:35 - 2014-02-13 02:46 - 637108580 _____ () C:\Windows\MEMORY.DMP
2014-02-13 06:29 - 2014-02-13 06:29 - 04745728 _____ (AVAST Software) C:\Users\user\Desktop\aswmbr.exe
2014-02-13 06:28 - 2014-02-13 06:28 - 04745728 _____ (AVAST Software) C:\Users\user\Downloads\aswmbr.exe
2014-02-13 02:46 - 2014-02-13 02:46 - 00274664 _____ () C:\Windows\Minidump\021314-13072-01.dmp
2014-02-12 12:43 - 2014-02-12 12:41 - 150587910 _____ () C:\Users\user\Downloads\[SubDESU-H] Tenioha! Onna no Ko datte Honto wa Ecchi Da yo - 02 (852x480 x264 8bit AC3) [F58F0304].mp4
2014-02-12 07:26 - 2014-02-12 07:26 - 00030078 _____ () C:\Users\user\Desktop\attach.txt
2014-02-12 07:26 - 2014-02-12 07:26 - 00014867 _____ () C:\Users\user\Desktop\dds.txt
2014-02-12 07:23 - 2014-02-12 07:23 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.com
2014-02-12 07:22 - 2014-02-12 07:22 - 00688992 _____ (Swearware) C:\Users\user\Downloads\dds.com
2014-02-12 04:49 - 2014-02-12 04:48 - 00000013 _____ () C:\Users\user\AppData\Roaming\mbam.context.scan
2014-02-12 04:36 - 2014-02-12 04:36 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\user\Downloads\rkill (1).exe
2014-02-12 04:36 - 2014-02-12 04:32 - 00003918 _____ () C:\Users\user\Desktop\Rkill.txt
2014-02-12 04:36 - 2014-02-12 04:32 - 00000000 ____D () C:\Users\user\Desktop\rkill
2014-02-12 04:31 - 2014-02-12 04:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\user\Downloads\rkill.exe
2014-02-12 04:31 - 2014-02-12 04:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\user\Downloads\rkill.com
2014-02-12 04:28 - 2014-02-12 04:28 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-12 04:28 - 2014-02-12 04:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 04:28 - 2014-02-12 04:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 04:22 - 2014-02-12 04:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-12 04:22 - 2014-02-12 04:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-12 01:46 - 2014-02-12 01:46 - 00000000 ____D () C:\Users\user\Documents\ProcAlyzer Dumps
2014-02-12 01:46 - 2013-10-10 02:18 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-12 01:31 - 2014-02-12 01:31 - 00000046 _____ () C:\Update.Microsoft.com.url
2014-02-11 23:17 - 2014-02-11 23:02 - 489832355 _____ () C:\Users\user\Downloads\[Hatsuyuki]_Magi_S2_-_19_[10bit][1280x720][D6BA875C].mkv
2014-02-11 23:13 - 2014-02-11 23:05 - 473617373 _____ () C:\Users\user\Downloads\[Vivid] D-Frag! - 06 [DC4FFD01].mkv
2014-02-11 23:11 - 2014-02-11 23:00 - 387271867 _____ () C:\Users\user\Downloads\[Anime-Koi] Hamatora - 06 [h264-720p][4016254E].mkv
2014-02-11 23:11 - 2014-02-11 22:59 - 496891459 ____R () C:\Users\user\Downloads\[FFF] Noragami - 06 [61065F88].mkv
2014-02-11 23:10 - 2014-02-11 22:59 - 547998053 ____R () C:\Users\user\Downloads\[FFF] Witch Craft Works - 06 [0B27DAB5].mkv
2014-02-11 23:07 - 2014-02-11 22:59 - 394399787 ____R () C:\Users\user\Downloads\[FFF] Sekai Seifuku ~Bouryaku no Zvezda~ - 05 [D2907CFC].mkv
2014-02-11 23:06 - 2014-02-11 23:01 - 286624791 _____ () C:\Users\user\Downloads\[Watashi-Koi]_Wizard_Barristers_Benmashi_Cecil_-_05_[720p][425D0478].mkv
2014-02-11 23:06 - 2014-02-11 23:00 - 566854495 ____R () C:\Users\user\Downloads\[HorribleSubs] Hunter X Hunter - 116 [1080p].mkv
2014-02-11 23:03 - 2014-02-11 23:01 - 36828028 ____R () C:\Users\user\Downloads\[Doki] The iDOLM@STER - Onegai Cinderella (640x480 h264 AAC) [2FF25BF7].mkv
2014-02-11 21:59 - 2014-02-11 21:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf27b78d07a6e8.job
2014-02-11 19:48 - 2014-02-09 15:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-11 19:47 - 2014-02-11 19:47 - 00000552 _____ () C:\Windows\System32\spsys.log
2014-02-10 15:36 - 2014-02-10 15:16 - 511475912 _____ () C:\Users\user\Downloads\[WhyNot] Phi Brain - Kami no Puzzle S3 - 19 [F5A16076].mkv
2014-02-10 15:34 - 2014-02-10 15:25 - 390237174 _____ () C:\Users\user\Downloads\[SubDESU-H] Ane Jiru Core Mix (852x480 x264 8bit AC3) [F039269A].mp4
2014-02-10 15:32 - 2014-02-10 15:15 - 558874168 _____ () C:\Users\user\Downloads\[UTW]_Seitokai_Yakuindomo_Bleep_-_06_[h264-720p][D681DF84].mkv
2014-02-10 15:26 - 2014-02-10 15:17 - 314484990 ____R () C:\Users\user\Downloads\[A-Destiny] Kingdom S2 - 36 (1280x720 Hi10p AAC) [DC3202D4].mkv
2014-02-10 15:25 - 2014-02-10 15:09 - 652091722 ____R () C:\Users\user\Downloads\[Commie] Space Dandy - 06 [4C16135B].mkv
2014-02-10 15:21 - 2014-02-10 15:14 - 406209296 ____R () C:\Users\user\Downloads\[Anime-Koi] Buddy Complex - 06 [h264-720p][E49F901B].mkv
2014-02-10 15:21 - 2014-02-10 15:13 - 568568024 _____ () C:\Users\user\Downloads\[HorribleSubs] SoniAni - SUPER SONICO THE ANIMATION - 06 [1080p].mkv
2014-02-10 15:20 - 2014-02-10 15:10 - 202316202 ____R () C:\Users\user\Downloads\[Commie] Toaru Hikuushi e no Koiuta - 06 [1EC68D1E].mkv
2014-02-10 15:18 - 2014-02-10 15:09 - 445502466 _____ () C:\Users\user\Downloads\[Commie] Nobunaga the Fool - 06 [D5ABAEF3].mkv
2014-02-10 15:15 - 2014-02-10 15:09 - 356158730 _____ () C:\Users\user\Downloads\[Commie] Yowamushi Pedal - 18 [90AD0774].mkv
2014-02-10 02:17 - 2014-02-10 02:17 - 00450770 ____R () C:\Windows\System32\Drivers\etc\hosts.20140210-051716.backup
2014-02-10 02:17 - 2011-11-03 01:52 - 00201702 _____ () C:\Windows\PFRO.log
2014-02-10 02:16 - 2013-11-28 20:52 - 00000000 ____D () C:\users\Guest
2014-02-10 01:45 - 2013-08-16 17:43 - 00000000 ___RD () C:\Users\user\Desktop\New Folder
2014-02-10 01:10 - 2014-02-10 01:10 - 00000000 ____D () C:\Users\user\Downloads\140207-1A-RJ129346
2014-02-09 20:05 - 2014-02-09 19:58 - 334920103 _____ () C:\Users\user\Downloads\140207-1A-RJ129346.rar
2014-02-09 17:17 - 2014-02-09 17:11 - 372970797 _____ () C:\Users\user\Downloads\[ChihiroDesuYo] Nourin - 05 (1280x720 10bit AAC) [4A7A622D].mkv
2014-02-09 17:13 - 2014-02-09 17:08 - 547908223 ____R () C:\Users\user\Downloads\[HorribleSubs] Hajime no Ippo - Rising - 18 [1080p].mkv
2014-02-09 17:11 - 2014-02-09 17:09 - 86354477 _____ () C:\Users\user\Downloads\[Vivid] Tonari no Seki-kun - 07 [CB375BE9].mkv
2014-02-09 17:11 - 2014-02-09 17:07 - 309731597 _____ () C:\Users\user\Downloads\[UTW-Mazui]_Motto_Marutto_Railgun_-_IV_[BD][h264-1080p][FLAC][0EC38929].mkv
2014-02-09 15:54 - 2014-02-09 15:54 - 00001198 _____ () C:\Users\Public\Desktop\Ad-Watch SE Professional.lnk
2014-02-09 15:54 - 2014-02-09 15:54 - 00001198 _____ () C:\Users\Public\Desktop\Ad-Aware SE Professional.lnk
2014-02-09 15:54 - 2014-02-09 15:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\Lavasoft
2014-02-09 15:54 - 2014-02-09 15:54 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-02-09 15:52 - 2009-07-13 18:34 - 00450770 ____R () C:\Windows\System32\Drivers\etc\hosts.20140210-051700.backup
2014-02-09 15:48 - 2014-02-09 15:48 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-09 15:48 - 2014-02-09 15:48 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-02-09 15:48 - 2014-02-09 15:48 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-02-09 15:48 - 2014-02-09 15:48 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-02-09 15:43 - 2014-02-09 12:33 - 00000000 _____ () C:\Users\user\Downloads\SecurityCheck (1).exe
2014-02-09 15:32 - 2014-02-09 15:30 - 00027462 _____ () C:\Users\user\Downloads\Result.txt
2014-02-09 15:29 - 2014-02-09 15:29 - 00982016 _____ (Farbar) C:\Users\user\Downloads\MiniToolBox.exe
2014-02-09 15:27 - 2014-02-09 15:27 - 00453632 _____ (Farbar) C:\Users\user\Downloads\FSS.exe
2014-02-09 15:27 - 2014-02-09 15:27 - 00002082 _____ () C:\Users\user\Downloads\FSS.txt
2014-02-09 12:30 - 2014-02-09 12:30 - 00987425 _____ () C:\Users\user\Desktop\SecurityCheck.exe
2014-02-09 12:07 - 2014-02-09 12:07 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\user\Downloads\spybot-2.2.exe
2014-02-09 11:40 - 2014-02-09 11:40 - 00000000 ____D () C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
2014-02-09 10:11 - 2014-02-09 10:07 - 566256937 ____R () C:\Users\user\Downloads\[HorribleSubs] Nobunagun - 06 [1080p].mkv
2014-02-09 10:08 - 2014-02-09 10:08 - 00000000 _____ () C:\Users\user\Downloads\[HorribleSubs] Hajime no Ippo - Rising - 18 [1080p].mkv.torrent.v14j9xj.partial
2014-02-09 07:08 - 2013-10-07 01:14 - 00000000 ____D () C:\Program Files (x86)\Erogos
2014-02-09 05:38 - 2014-02-09 05:32 - 317825925 ____R () C:\Users\user\Downloads\[Commie] Ace of the Diamond - 18 [A91A42A0].mkv
2014-02-09 05:37 - 2014-02-09 05:32 - 496034077 ____R () C:\Users\user\Downloads\[Commie] Log Horizon - 19 [AB984D84].mkv
2014-02-08 18:24 - 2014-02-08 18:24 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spybot - Search & Destroy
2014-02-08 15:57 - 2013-08-16 22:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-08 15:43 - 2013-08-16 22:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-08 15:12 - 2014-02-08 15:06 - 284139059 _____ () C:\Users\user\Downloads\[FFF] Golden Time - 17 [169ED5FA].mkv
2014-02-08 15:10 - 2014-02-08 15:06 - 309945348 ____R () C:\Users\user\Downloads\[FFF] Strike the Blood - 17 [9C8FF21F].mkv
2014-02-08 15:10 - 2014-02-08 15:05 - 476143035 _____ () C:\Users\user\Downloads\[FFF] Mahou Sensou - 05 [695235E2].mkv
2014-02-08 15:08 - 2014-02-08 15:05 - 183512289 ____R () C:\Users\user\Downloads\[Commie] Space Brothers - 93 [1EE7095D].mkv
2014-02-07 20:41 - 2014-02-07 20:31 - 537989585 _____ () C:\Users\user\Downloads\[Underwater-Vivid] Nagi no Asukara - 18 (720p) [9945FB8A].mkv
2014-02-07 19:49 - 2014-02-07 19:46 - 574289973 ____R () C:\Users\user\Downloads\[HorribleSubs] ZX IGNITION - 05 [1080p].mkv
2014-02-07 19:06 - 2014-02-07 19:00 - 575465365 ____R () C:\Users\user\Downloads\[HorribleSubs] Wake Up, Girls! - 05 [1080p].mkv
2014-02-07 15:31 - 2014-02-07 15:31 - 00000000 ____D () C:\Users\user\Downloads\3_Hypn0t1sms
2014-02-07 15:31 - 2014-02-07 15:31 - 00000000 ____D () C:\define
2014-02-07 14:47 - 2014-02-07 14:44 - 268838278 _____ () C:\Users\user\Downloads\[Doki] Sakura Trick - 05 (1280x720 Hi10P AAC) [BC6D7093].mkv
2014-02-07 14:47 - 2014-02-07 14:44 - 251567508 _____ () C:\Users\user\Downloads\[WhyNot] Silver Spoon S2 - 05 [D319074B].mkv
2014-02-07 14:47 - 2014-02-07 14:43 - 379496407 ____R () C:\Users\user\Downloads\[Underwater] KILL la KILL - 17 (720p) [F8059CB2].mkv
2014-02-06 21:13 - 2014-02-06 20:15 - 250822647 _____ () C:\Users\user\Downloads\3_Hypn0t1sms.part2.rar
2014-02-06 20:20 - 2014-02-06 20:21 - 00244224 __RSH () C:\ProgramData\load32.exe
2014-02-06 20:20 - 2014-02-06 20:21 - 00244224 __RSH () C:\315load32.exe
2014-02-06 20:04 - 2014-02-06 18:50 - 315000000 _____ () C:\Users\user\Downloads\3_Hypn0t1sms.part1.rar
2014-02-06 18:40 - 2014-02-06 18:38 - 105917281 _____ () C:\Users\user\Downloads\[Vivid] Pupa - 05 [E49BF40E].mkv
2014-02-06 18:39 - 2014-02-06 18:37 - 172286586 _____ () C:\Users\user\Downloads\[Commie] Samurai Flamenco - 16 [9C194CDA].mkv
2014-02-06 07:16 - 2014-02-06 07:09 - 490544117 ____R () C:\Users\user\Downloads\[FTW]_Chuunibyou_demo_Koi_ga_bleepai!_Ren_-_05_[720p][A74AB2C0].mkv
2014-02-06 07:12 - 2014-02-06 07:08 - 235780251 _____ () C:\Users\user\Downloads\[Underwater] Mikakunin de Shinkoukei - Engaged to the Unidentified - 05 (720p) [68AC3599].mkv
2014-02-06 04:16 - 2014-02-12 20:50 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-06 03:30 - 2014-02-12 20:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-06 03:30 - 2014-02-12 20:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 03:12 - 2014-02-12 20:50 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-06 03:07 - 2014-02-12 20:50 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-06 03:06 - 2014-02-12 20:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-12 20:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-06 02:56 - 2014-02-12 20:50 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-06 02:52 - 2014-02-12 20:50 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-06 02:49 - 2014-02-12 20:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-06 02:48 - 2014-02-12 20:50 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-06 02:48 - 2014-02-12 20:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-06 02:38 - 2014-02-12 20:50 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 02:32 - 2014-02-12 20:50 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-06 02:20 - 2014-02-12 20:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 02:17 - 2014-02-12 20:50 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-06 02:11 - 2014-02-12 20:50 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-06 02:01 - 2014-02-12 20:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 02:00 - 2014-02-12 20:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 01:57 - 2014-02-12 20:50 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 01:57 - 2014-02-12 20:50 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-06 01:52 - 2014-02-12 20:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 01:52 - 2014-02-12 20:50 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 01:50 - 2014-02-12 20:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-06 01:49 - 2014-02-12 20:50 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 01:47 - 2014-02-12 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 01:46 - 2014-02-12 20:50 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 01:25 - 2014-02-12 20:50 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 01:25 - 2014-02-12 20:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 01:24 - 2014-02-12 20:50 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-06 01:22 - 2014-02-12 20:50 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-06 01:13 - 2014-02-12 20:50 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 01:09 - 2014-02-12 20:50 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 01:03 - 2014-02-12 20:50 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 00:55 - 2014-02-12 20:50 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-06 00:41 - 2014-02-12 20:50 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 00:40 - 2014-02-12 20:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-06 00:36 - 2014-02-12 20:50 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 00:34 - 2014-02-12 20:50 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 05:12 - 2013-08-16 17:04 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-05 01:50 - 2014-02-05 01:37 - 408461452 ____R () C:\Users\user\Downloads\[gg]_Tokyo_Ravens_-_17_[3EE79492].mkv
2014-02-05 01:43 - 2014-02-05 01:38 - 522226896 ____R () C:\Users\user\Downloads\[FFF] Hoozuki no Reitetsu - 04 [1683E062].mkv
2014-02-04 18:43 - 2013-08-16 22:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-04 18:43 - 2013-08-16 22:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 18:43 - 2013-08-16 22:42 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 18:19 - 2013-08-16 17:16 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForuser.job
2014-02-04 17:00 - 2013-08-17 04:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-04 16:58 - 2009-07-13 21:08 - 00000006 _____ () C:\Windows\Tasks\SA.DAT
2014-02-03 21:08 - 2013-08-16 22:41 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-03 17:12 - 2014-02-03 17:05 - 307138859 ____R () C:\Users\user\Downloads\[FFF] Nisekoi - 04 [DD174685].mkv
2014-02-02 18:24 - 2014-02-02 18:15 - 500305693 _____ () C:\Users\user\Downloads\[Asenshi] Kuroko no Basuke 2 - 17 [FFC6DA48].mkv
2014-02-01 02:08 - 2014-02-01 02:07 - 15362863 ____R () C:\Users\user\Downloads\[UTW]_Chuunibyou_demo_Koi_ga_bleepai!_Ren_Lite_-_03_[3470CCC3].mkv
2014-01-31 15:34 - 2014-01-31 15:33 - 32765906 _____ () C:\Users\user\Downloads\[Migoto] Strange+ - 04 (1280x720 Hi10P AAC) [927A83C3].mkv
2014-01-26 06:47 - 2014-01-26 06:34 - 00000000 ____D () C:\Users\user\Downloads\[DameDesuYo] Yuusha ni Narenakatta Ore wa Shibushibu Shuushoku wo Ketsui Shimableepa - Vol. 1 Bonus CD (FLAC)
2014-01-26 06:46 - 2014-01-26 06:32 - 00000000 ____D () C:\Users\user\Downloads\[DameDesuYo] Yuushibu - Vol. 1 (BD 1080p 10bit FLAC)
2014-01-26 02:44 - 2014-01-26 02:36 - 455755726 _____ () C:\Users\user\Downloads\[くるるるる] スクール水着の淫乱発情JKと汗だくねっとりエッチ!オナホ感覚で妹の身体を遊んでみた.rar
2014-01-25 18:47 - 2014-01-25 16:21 - 00000000 ____D () C:\Users\user\Downloads\yoshino
2014-01-25 05:46 - 2014-01-25 05:46 - 00000000 ____D () C:\Users\user\Downloads\(同人ソフト) [液魂研究会] ないしょのはだかあぞび (DMM version)
2014-01-23 19:08 - 2014-01-23 19:08 - 00000000 ____D () C:\Program Files (x86)\Combined Community Codec Pack
2014-01-23 18:18 - 2014-01-23 18:18 - 00002219 _____ () C:\Users\user\Desktop\HP Support Assistant.lnk
2014-01-23 18:18 - 2011-11-03 00:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-23 18:18 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Help
2014-01-23 18:12 - 2011-11-03 00:45 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-01-23 18:10 - 2014-01-23 18:10 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-23 18:09 - 2011-11-03 00:46 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-01-23 18:07 - 2011-11-03 00:46 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard
2014-01-23 18:07 - 2010-06-14 18:07 - 00000000 ____D () C:\swsetup
2014-01-23 03:10 - 2014-01-23 03:10 - 00000000 __SHD () C:\Cypher License Information LT
2014-01-23 03:10 - 2014-01-23 03:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\DMM
2014-01-23 03:10 - 2014-01-23 03:10 - 00000000 _____ () C:\Windows\AI6WIN.INI
2014-01-23 03:05 - 2014-01-07 17:39 - 00000000 ____D () C:\Users\user\Downloads\同人ゲーム x3
2014-01-23 03:03 - 2014-01-19 09:19 - 00000000 ____D () C:\Users\user\Downloads\[130808] [エルフ] 麻呂の患者はガテン系2 [Cracked Version]
2014-01-23 03:03 - 2014-01-19 09:18 - 00000000 ____D () C:\Users\user\Downloads\[130425] [エルフ] 麻呂の患者はガテン系 [Cracked Version]
2014-01-22 05:30 - 2013-08-16 17:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\HP Support Assistant
2014-01-22 05:30 - 2013-08-16 16:52 - 00000000 ____D () C:\Users\user\AppData\Roaming\HpUpdate
2014-01-21 21:53 - 2014-01-21 21:52 - 78747063 _____ () C:\Users\user\Downloads\[Anime-Koi] Wooser no Sono Higurashi Kakusei Hen - 02 [h264-720p][EC409F35].mkv
2014-01-19 04:46 - 2014-01-19 04:40 - 533165488 _____ () C:\Users\user\Downloads\(同人ソフト) [液魂研究会] ないしょのはだかあぞび (DMM version).rar
2014-01-18 17:19 - 2014-01-18 17:15 - 00000000 ____D () C:\Users\user\Downloads\[gg]_Corpse_Party_Tortured_Souls_(BD,1080p)

Files to move or delete:
====================
C:\ProgramData\load32.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-02-13 11:09:58
Restore point made on: 2014-02-13 15:33:21
Restore point made on: 2014-02-16 00:00:35

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 8055.08 MB
Available physical RAM: 7003.09 MB
Total Pagefile: 8053.23 MB
Available Pagefile: 6987.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.36 GB) (Free:6.05 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:12.05 GB) (Free:1.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (USB20FD) (Removable) (Total:7.59 GB) (Free:7.59 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 23110207)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0C)

LastRegBack: 2014-02-08 00:13

==================== End Of Log ============================



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:07 AM

Posted 17 February 2014 - 06:22 AM

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKU\user\...\CurrentVersion\Windows: [Load] C:\NTKernel\nt32.exe <===== ATTENTION
    HKU\user\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\load32.exe" [244224 2014-02-06] () <==== ATTENTION
    IFEO\AvastSvc.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\AvastUI.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\avcenter.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\avconfig.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\avgcsrvx.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\avgidsagent.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\avgnt.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\avgrsx.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\avguard.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\avgui.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\avgwdsvc.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\avp.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\avscan.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\bdagent.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\ccSvcHst.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\ccuac.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\ComboFix.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\egui.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\explorer.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\hijackthis.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\InstStub.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\instup.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\keyscrambler.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\mbam.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\mbamgui.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\mbampt.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\mbamscheduler.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\mbamservice.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\MpCmdRun.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\MSASCui.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\MsMpEng.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\msseces.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\NOBuAgent.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\rstrui.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\SDFiles.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\SDFSSvc.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\SDScan.exe: [Debugger] \315load32.exe
    IFEO\SDTray.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\SDUpdSvc.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\SDWelcome.exe: [Debugger] \315load32.exe
    IFEO\SDWSCSvc.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\spybotsd.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\wireshark.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    IFEO\zlclient.exe: [Debugger] C:\Users\user\Documents\315load32.exe
    Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url ()
    Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wuapp.exe ()
    
    C:\ProgramData\NTKernel
    C:\NTKernel
    C:\NTKernel\nt32.exe
    C:\ProgramData\load32.exe
    C:\Users\user\Documents\315load32.exe
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wuapp.exe
    C:\315load32.exe
    C:\Update.Microsoft.com.url

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

 

Then boot into windows and run combofix.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Dice20

Dice20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 17 February 2014 - 07:47 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01
Ran by SYSTEM at 2014-02-17 19:42:25 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\user\...\CurrentVersion\Windows: [Load] C:\NTKernel\nt32.exe <===== ATTENTION
HKU\user\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\load32.exe" [244224 2014-02-06] () <==== ATTENTION
IFEO\AvastSvc.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\AvastUI.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avcenter.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avconfig.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avgidsagent.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avgnt.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avgrsx.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avguard.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avgui.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avp.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\avscan.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\bdagent.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\ccSvcHst.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\ccuac.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\ComboFix.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\egui.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\explorer.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\hijackthis.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\InstStub.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\instup.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\keyscrambler.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\mbam.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\mbamgui.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\mbampt.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\mbamservice.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\MSASCui.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\MsMpEng.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\msseces.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\NOBuAgent.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\rstrui.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\SDFiles.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\SDFSSvc.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\SDScan.exe: [Debugger] \315load32.exe
IFEO\SDTray.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\SDUpdSvc.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\SDWelcome.exe: [Debugger] \315load32.exe
IFEO\SDWSCSvc.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\spybotsd.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\wireshark.exe: [Debugger] C:\Users\user\Documents\315load32.exe
IFEO\zlclient.exe: [Debugger] C:\Users\user\Documents\315load32.exe
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wuapp.exe ()

C:\ProgramData\NTKernel
C:\NTKernel
C:\NTKernel\nt32.exe
C:\ProgramData\load32.exe
C:\Users\user\Documents\315load32.exe
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wuapp.exe
C:\315load32.exe
C:\Update.Microsoft.com.url
*****************

HKU\user\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
HKU\user\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Unable to delete value
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccSvcHst.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\explorer.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\InstStub.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\NOBuAgent.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDFiles.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDFSSvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDScan.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDTray.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDUpdSvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDWelcome.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDWSCSvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe => Key deleted successfully.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url => Moved successfully.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wuapp.exe => Moved successfully.
C:\ProgramData\NTKernel => Moved successfully.
C:\NTKernel => Moved successfully.
"C:\NTKernel\nt32.exe" => File/Directory not found.
C:\ProgramData\load32.exe => Moved successfully.
C:\Users\user\Documents\315load32.exe => Moved successfully.
"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url" => File/Directory not found.
"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wuapp.exe" => File/Directory not found.
C:\315load32.exe => Moved successfully.
C:\Update.Microsoft.com.url => Moved successfully.

==== End of Fixlog ====



#13 Dice20

Dice20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 17 February 2014 - 08:14 PM

combo fix log (wasn't sure if you wanted this or not)

 

ComboFix 14-02-16.01 - user 7/2014 Mon  19:53:01.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.8055.6837 [GMT -5:00]
Running from: c:\users\user\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Roaming\BDL+D
c:\users\user\AppData\Roaming\BDL+D\GETCHU(JB)\103495\____.hld
c:\users\user\AppData\Roaming\BDL+D\GETCHU(JB)\103495\____.sys
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\IsUn0411.exe
c:\windows\PFRO.log
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-18 to 2014-02-18  )))))))))))))))))))))))))))))))
.
.
2014-02-18 00:58 . 2014-02-18 00:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-18 00:58 . 2014-02-18 00:58 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-02-16 15:29 . 2014-02-18 03:42 -------- d-----w- C:\FRST
2014-02-15 00:06 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2AD88572-0B9B-4AFE-8F8F-C10080474823}\mpengine.dll
2014-02-13 04:50 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 15:20 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 15:20 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 15:20 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-12 15:20 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-12 15:20 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-12 15:20 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 15:20 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-12 15:20 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-12 12:28 . 2014-02-12 12:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-12 12:28 . 2014-02-12 12:28 -------- d-----w- c:\programdata\Malwarebytes
2014-02-12 12:28 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-12 03:52 . 2014-02-18 00:55 6172 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2014-02-09 23:54 . 2014-02-09 23:54 -------- d-----w- c:\users\user\AppData\Roaming\Lavasoft
2014-02-09 23:54 . 2014-02-09 23:54 -------- d-----w- c:\program files (x86)\Lavasoft
2014-02-09 23:48 . 2013-09-20 15:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-02-09 23:47 . 2014-02-12 03:48 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-02-09 19:40 . 2014-02-09 19:40 -------- d-----w- c:\program files (x86)\TeaTimer (Spybot - Search & Destroy)
2014-02-09 02:24 . 2014-02-09 02:24 -------- d-----w- c:\users\user\AppData\Roaming\Spybot - Search & Destroy
2014-02-07 23:31 . 2014-02-07 23:31 -------- d-----w- C:\define
2014-01-24 03:08 . 2014-01-24 03:08 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2014-01-24 02:10 . 2014-01-24 02:10 -------- d-----w- c:\programdata\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-23 11:10 . 2014-01-23 11:10 -------- d-----w- C:\Cypher License Information LT
2014-01-23 11:10 . 2014-01-23 11:10 -------- d-----w- c:\users\user\AppData\Roaming\DMM
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-16 08:00 . 2013-08-17 01:19 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-05 02:43 . 2013-08-17 06:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 02:43 . 2013-08-17 06:42 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-16 14:59 . 2013-08-17 00:53 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-05 19:22 . 2013-12-05 19:22 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-05 19:22 . 2013-12-05 19:22 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-05 19:22 . 2013-12-05 19:22 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-05 19:22 . 2013-12-05 19:22 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-05 19:22 . 2013-12-05 19:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-05 19:22 . 2013-12-05 19:22 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-05 19:22 . 2013-12-05 19:22 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-05 19:22 . 2013-12-05 19:22 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-05 19:22 . 2013-12-05 19:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-05 19:22 . 2013-12-05 19:22 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-05 19:22 . 2013-12-05 19:22 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-05 19:22 . 2013-12-05 19:22 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-05 19:22 . 2013-12-05 19:22 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-05 19:22 . 2013-12-05 19:22 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-05 19:22 . 2013-12-05 19:22 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-05 19:22 . 2013-12-05 19:22 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-05 19:22 . 2013-12-05 19:22 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-05 19:22 . 2013-12-05 19:22 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-05 19:22 . 2013-12-05 19:22 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-05 19:22 . 2013-12-05 19:22 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-05 19:22 . 2013-12-05 19:22 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-05 19:22 . 2013-12-05 19:22 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-05 19:22 . 2013-12-05 19:22 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-05 19:22 . 2013-12-05 19:22 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-05 19:22 . 2013-12-05 19:22 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-05 19:22 . 2013-12-05 19:22 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-05 19:22 . 2013-12-05 19:22 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-05 19:22 . 2013-12-05 19:22 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-05 19:22 . 2013-12-05 19:22 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-05 19:22 . 2013-12-05 19:22 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-05 19:22 . 2013-12-05 19:22 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-05 19:22 . 2013-12-05 19:22 413696 ----a-w- c:\windows\system32\html.iec
2013-12-05 19:22 . 2013-12-05 19:22 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-05 19:22 . 2013-12-05 19:22 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-05 19:22 . 2013-12-05 19:22 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-05 19:22 . 2013-12-05 19:22 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-05 19:22 . 2013-12-05 19:22 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-05 19:22 . 2013-12-05 19:22 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-05 19:22 . 2013-12-05 19:22 235520 ----a-w- c:\windows\system32\url.dll
2013-12-05 19:22 . 2013-12-05 19:22 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-05 19:22 . 2013-12-05 19:22 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-05 19:22 . 2013-12-05 19:22 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-05 19:22 . 2013-12-05 19:22 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-05 19:22 . 2013-12-05 19:22 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-05 19:22 . 2013-12-05 19:22 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-05 19:22 . 2013-12-05 19:22 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-05 19:22 . 2013-12-05 19:22 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-05 19:22 . 2013-12-05 19:22 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-05 19:22 . 2013-12-05 19:22 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-05 19:22 . 2013-12-05 19:22 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-05 19:22 . 2013-12-05 19:22 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-05 19:22 . 2013-12-05 19:22 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-27 01:41 . 2014-01-15 08:04 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 08:04 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 08:04 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 08:04 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 08:04 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 08:04 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 08:04 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 08:04 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 08:04 3156480 ----a-w- c:\windows\system32\win32k.sys
2013-11-23 18:26 . 2013-12-11 18:46 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 18:46 465920 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\users\user\AppData\Roaming\BitTorrent\BitTorrent.exe" [2013-11-19 899160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-6-17 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
R2 CLKMSVC10_C6F09094;CyberLink Product - 2013/10/02 20:31;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [x]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH8000.sys [x]
R3 scmsupp;ETD SCM Support Driver;c:\users\user\AppData\Local\Temp\scmsupp.sys;c:\users\user\AppData\Local\Temp\scmsupp.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_C6F09094
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 05:05 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-17 02:43]
.
2014-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf27b78d07a6e8.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-17 06:41]
.
2014-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-17 06:41]
.
2014-02-05 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-01-29 21720]
.
------- Supplementary Scan -------
.
uStart Page = about:Tabs
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NT Kernel Service - c:\ntkernel\nt32.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Ad-Aware SE Professional - c:\progra~2\Lavasoft\AD-AWA~1\UNWISE.EXE
AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files (x86)\Malwarebytes' Anti-Malware\unins000.exe
AddRemove-NIS - c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.0.0.128\InstStub.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_pg.exe
AddRemove-WinAce Archiver - c:\program files (x86)\WinAce\SXUNINST.EXE
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1 - c:\program files (x86)\Spybot - Search & Destroy 2\unins000.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.0.0.128\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-17  20:00:46
ComboFix-quarantined-files.txt  2014-02-18 01:00
.
Pre-Run: 26,489,618,432 bytes free
Post-Run: 26,530,066,432 bytes free
.
- - End Of File - - 0CF4C6100C56D1F5E3A14D079F910634


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:07 AM

Posted 18 February 2014 - 05:13 AM

Try to run MBAM now:

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Dice20

Dice20
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 18 February 2014 - 07:39 PM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.18.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
user :: USER-HP [administrator]
 
Protection: Enabled
 
2/18/2014 5:31:02 AM
mbam-log-2014-02-18 (05-31-02).txt
 
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 461174
Time elapsed: 1 hour(s), 7 minute(s), 56 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 5
C:\FRST\Quarantine\315load32.exe17-02-2014_19-42-29 (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\load32.exe17-02-2014_19-42-29 (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\NTKernel17-02-2014_19-42-29\nt32.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\NTKernel17-02-2014_19-42-29\NTKernel\nt32.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BDN3V3DW\()(18)[][011122][ainos]__(ccd_rr3_)[1].exe (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
 
(end)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users