Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads playing in the background


  • This topic is locked This topic is locked
8 replies to this topic

#1 SimGameIt

SimGameIt

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 18 April 2014 - 11:52 AM

Ok so ive been looking through your forums. If im not mistaken i know the drill here. Heres the log. LoL
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by Desktop (administrator) on DESKTOP-PC on 18-04-2014 11:51:11
Running from C:\Users\Desktop\Desktop\New folder
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\SndVol.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2866301550-4198817169-727782656-1000\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36151360 2014-02-23] (ooVoo LLC)
HKU\S-1-5-21-2866301550-4198817169-727782656-1000\...\MountPoints2: {745e4880-5f6e-11e3-8d3d-d43d7e555088} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-2866301550-4198817169-727782656-1000\...\MountPoints2: {dfb3a448-5372-11e3-9134-d43d7e555088} - E:\TL-Bootstrap.exe
Startup: C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4D4B92ACA0E5CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EyDyDyDtDzzzz0D0EyC0DtN0D0Tzu0SyCzytCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=321898555&ir=", "hxxp://google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Battlelog Game Launcher) - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-19]
CHR Extension: (Google Drive) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-19]
CHR Extension: (YouTube) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-19]
CHR Extension: (Adblock Plus) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-20]
CHR Extension: (Google Search) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-19]
CHR Extension: (Google Wallet) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-11-20]
CHR Extension: (Gmail) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-19]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Desktop\AppData\Local\mysearchdial-speeddial.crx [2013-11-21]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Desktop\AppData\Local\mysearchdial-speeddial.crx [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Desktop\AppData\Local\mysearchdial-speeddial.crx [2013-11-21]
 
==================== Services (Whitelisted) =================
 
S4 ACTIVEWEBCAM; C:\Program Files\Active WebCam\WebCam.exe [6057280 2007-11-13] (PY Software)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-20] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
S3 htcusbnet; C:\Windows\System32\DRIVERS\htcusbnet.sys [154624 2011-08-04] (QUALCOMM Incorporated)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 SaiH0160; C:\Windows\System32\DRIVERS\SaiH0160.sys [179584 2008-11-24] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-18 11:47 - 2014-04-18 11:47 - 00000511 _____ () C:\Users\Desktop\Downloads\fixlist (1).txt
2014-04-18 11:34 - 2014-04-18 11:51 - 00000000 ____D () C:\FRST
2014-04-18 11:34 - 2014-04-18 11:34 - 00001603 _____ () C:\Users\Desktop\Downloads\fixlist.txt
2014-04-18 11:31 - 2014-04-18 11:51 - 00000000 ____D () C:\Users\Desktop\Desktop\New folder
2014-04-18 11:30 - 2014-04-18 11:30 - 02158592 _____ (Farbar) C:\Users\Desktop\Downloads\FRST64.exe
2014-04-18 03:05 - 2014-04-18 03:05 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-18 02:36 - 2014-04-18 02:36 - 00900815 _____ () C:\Users\Desktop\AppData\Local\census.cache
2014-04-18 02:35 - 2014-04-18 02:35 - 00164270 _____ () C:\Users\Desktop\AppData\Local\ars.cache
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\olepro32.dll
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\nvspcap.dll
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\nvd3dum.dll
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\nvapi.dll
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\crtdll.dll
2014-04-18 02:09 - 2014-04-18 02:09 - 00000010 _____ () C:\Users\Desktop\AppData\Local\sponge.last.runtime.cache
2014-04-18 02:05 - 2014-04-18 02:05 - 02467424 _____ (Trend Micro Inc.) C:\Users\Desktop\Downloads\HousecallLauncher64.exe
2014-04-18 02:05 - 2014-04-18 02:05 - 00000036 _____ () C:\Users\Desktop\AppData\Local\housecall.guid.cache
2014-04-18 02:05 - 2013-09-02 02:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-04-18 01:03 - 2014-04-18 11:38 - 00000288 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-04-18 01:03 - 2014-04-18 11:38 - 00000280 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-04-18 01:03 - 2014-04-18 01:03 - 00003038 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-04-18 01:03 - 2014-04-18 01:03 - 00002882 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-04-18 01:03 - 2014-04-18 01:03 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\systweak
2014-04-18 01:03 - 2014-04-18 01:03 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-04-18 01:03 - 2014-01-03 13:16 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-04-17 18:04 - 2014-04-18 11:48 - 00000080 _____ () C:\Windows\system32\kdnxjyd.glk
2014-04-17 17:31 - 2014-04-18 11:48 - 00037888 _____ () C:\Windows\system32\lkvhe.qiz
2014-04-17 17:25 - 2014-04-18 11:48 - 00000103 _____ () C:\Windows\system32\rhjyum.sfx
2014-04-17 17:25 - 2014-04-17 17:25 - 00000064 _____ () C:\Windows\system32\wwdyfc.rcq
2014-04-17 17:10 - 2014-04-17 17:10 - 00301959 ____S () C:\Windows\system32\bbljx.dpk
2014-04-14 18:07 - 2014-04-14 18:07 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Apple Computer
2014-04-08 12:59 - 2014-03-30 20:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-08 12:59 - 2014-03-30 20:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-08 12:59 - 2014-03-30 19:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-08 12:59 - 2014-03-30 18:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-08 12:58 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 12:58 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 12:58 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 12:58 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 12:58 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 12:58 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 12:58 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 12:58 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 12:58 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 12:58 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 12:58 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 12:58 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 12:58 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 12:58 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 12:58 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 12:58 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 12:58 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-05 21:39 - 2014-04-05 21:41 - 00000000 ____D () C:\Users\Public\CyberLink
2014-04-05 21:10 - 2014-04-05 21:10 - 00000000 ____D () C:\Users\Desktop\Documents\CyberLink
2014-04-05 21:08 - 2014-04-05 21:39 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\CyberLink
2014-04-05 21:05 - 2014-04-05 21:06 - 00000000 ____D () C:\ProgramData\SmartSound Software Inc
2014-04-05 21:05 - 2014-04-05 21:05 - 00000000 ____D () C:\ProgramData\eSellerate
2014-04-05 21:05 - 2014-04-05 21:05 - 00000000 ____D () C:\Program Files (x86)\SmartSound Software
2014-04-05 21:00 - 2014-04-05 21:01 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-05 21:00 - 2014-04-05 21:00 - 00000000 ____D () C:\Users\Desktop\AppData\Local\Apple
2014-04-05 21:00 - 2014-04-05 21:00 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-05 21:00 - 2014-04-05 21:00 - 00000000 ____D () C:\ProgramData\Apple
2014-04-05 21:00 - 2014-04-05 21:00 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-04-05 20:59 - 2014-04-05 21:06 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2014-04-05 20:57 - 2014-04-05 21:40 - 00000000 ____D () C:\ProgramData\CyberLink
2014-04-05 20:57 - 2014-04-05 21:35 - 00000000 ____D () C:\Program Files\CyberLink
2014-04-05 20:57 - 2014-04-05 21:06 - 00000000 ____D () C:\ProgramData\install_clap
2014-04-05 16:33 - 2014-04-05 16:33 - 00000000 ____D () C:\ProgramData\DVD Shrink
2014-04-05 16:33 - 2014-04-05 16:33 - 00000000 ____D () C:\Program Files (x86)\DVD Shrink
2014-04-04 23:05 - 2014-04-04 23:05 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Oracle
2014-04-04 23:03 - 2014-04-04 23:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-04 12:13 - 2014-04-04 12:13 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-28 13:52 - 2014-03-28 13:52 - 00002532 _____ () C:\Users\Desktop\Documents\MyPlan.gml
2014-03-27 17:04 - 2014-03-27 17:04 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\com.smallblueprinter.gardenPlanner3
2014-03-27 17:04 - 2014-03-27 17:04 - 00000000 ____D () C:\Program Files (x86)\Garden Planner 3
2014-03-27 15:22 - 2014-03-28 15:19 - 00000000 ____D () C:\GAO40S
2014-03-27 15:22 - 2014-03-27 15:22 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GARDEN ORGANIZER DELUXE
2014-03-27 15:22 - 2014-03-27 15:22 - 00000000 ____D () C:\Users\Desktop\AppData\Local\Downloaded Installations
 
==================== One Month Modified Files and Folders =======
 
2014-04-18 11:51 - 2014-04-18 11:34 - 00000000 ____D () C:\FRST
2014-04-18 11:51 - 2014-04-18 11:31 - 00000000 ____D () C:\Users\Desktop\Desktop\New folder
2014-04-18 11:48 - 2014-04-17 18:04 - 00000080 _____ () C:\Windows\system32\kdnxjyd.glk
2014-04-18 11:48 - 2014-04-17 17:31 - 00037888 _____ () C:\Windows\system32\lkvhe.qiz
2014-04-18 11:48 - 2014-04-17 17:25 - 00000103 _____ () C:\Windows\system32\rhjyum.sfx
2014-04-18 11:47 - 2014-04-18 11:47 - 00000511 _____ () C:\Users\Desktop\Downloads\fixlist (1).txt
2014-04-18 11:45 - 2009-07-13 23:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 11:45 - 2009-07-13 23:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 11:44 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-18 11:41 - 2013-11-20 00:15 - 01072506 _____ () C:\Windows\WindowsUpdate.log
2014-04-18 11:38 - 2014-04-18 01:03 - 00000288 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-04-18 11:38 - 2014-04-18 01:03 - 00000280 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-04-18 11:38 - 2013-11-19 23:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-18 11:38 - 2013-11-19 22:30 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-18 11:38 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-18 11:38 - 2009-07-13 23:51 - 00066748 _____ () C:\Windows\setupact.log
2014-04-18 11:34 - 2014-04-18 11:34 - 00001603 _____ () C:\Users\Desktop\Downloads\fixlist.txt
2014-04-18 11:30 - 2014-04-18 11:30 - 02158592 _____ (Farbar) C:\Users\Desktop\Downloads\FRST64.exe
2014-04-18 10:57 - 2013-11-19 22:30 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-18 03:05 - 2014-04-18 03:05 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-18 02:36 - 2014-04-18 02:36 - 00900815 _____ () C:\Users\Desktop\AppData\Local\census.cache
2014-04-18 02:35 - 2014-04-18 02:35 - 00164270 _____ () C:\Users\Desktop\AppData\Local\ars.cache
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\olepro32.dll
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\nvspcap.dll
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\nvd3dum.dll
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\nvapi.dll
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\crtdll.dll
2014-04-18 02:09 - 2014-04-18 02:09 - 00000010 _____ () C:\Users\Desktop\AppData\Local\sponge.last.runtime.cache
2014-04-18 02:05 - 2014-04-18 02:05 - 02467424 _____ (Trend Micro Inc.) C:\Users\Desktop\Downloads\HousecallLauncher64.exe
2014-04-18 02:05 - 2014-04-18 02:05 - 00000036 _____ () C:\Users\Desktop\AppData\Local\housecall.guid.cache
2014-04-18 01:07 - 2013-11-21 00:14 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\uTorrent
2014-04-18 01:03 - 2014-04-18 01:03 - 00003038 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-04-18 01:03 - 2014-04-18 01:03 - 00002882 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-04-18 01:03 - 2014-04-18 01:03 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\systweak
2014-04-18 01:03 - 2014-04-18 01:03 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-04-18 00:17 - 2014-01-11 17:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-17 17:48 - 2013-11-19 22:23 - 00000000 ____D () C:\Windows\pss
2014-04-17 17:48 - 2013-11-19 22:22 - 00000000 ___RD () C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-17 17:25 - 2014-04-17 17:25 - 00000064 _____ () C:\Windows\system32\wwdyfc.rcq
2014-04-17 17:10 - 2014-04-17 17:10 - 00301959 ____S () C:\Windows\system32\bbljx.dpk
2014-04-17 17:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-14 18:07 - 2014-04-14 18:07 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Apple Computer
2014-04-09 03:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-04-09 03:17 - 2009-07-13 23:45 - 04843112 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-05 21:41 - 2014-04-05 21:39 - 00000000 ____D () C:\Users\Public\CyberLink
2014-04-05 21:40 - 2014-04-05 20:57 - 00000000 ____D () C:\ProgramData\CyberLink
2014-04-05 21:39 - 2014-04-05 21:08 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\CyberLink
2014-04-05 21:39 - 2013-11-23 21:46 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\NVIDIA
2014-04-05 21:37 - 2013-11-19 22:30 - 00065960 _____ () C:\Users\Desktop\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-05 21:35 - 2014-04-05 20:57 - 00000000 ____D () C:\Program Files\CyberLink
2014-04-05 21:10 - 2014-04-05 21:10 - 00000000 ____D () C:\Users\Desktop\Documents\CyberLink
2014-04-05 21:10 - 2013-11-19 22:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-05 21:06 - 2014-04-05 21:05 - 00000000 ____D () C:\ProgramData\SmartSound Software Inc
2014-04-05 21:06 - 2014-04-05 20:59 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2014-04-05 21:06 - 2014-04-05 20:57 - 00000000 ____D () C:\ProgramData\install_clap
2014-04-05 21:05 - 2014-04-05 21:05 - 00000000 ____D () C:\ProgramData\eSellerate
2014-04-05 21:05 - 2014-04-05 21:05 - 00000000 ____D () C:\Program Files (x86)\SmartSound Software
2014-04-05 21:01 - 2014-04-05 21:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-05 21:00 - 2014-04-05 21:00 - 00000000 ____D () C:\Users\Desktop\AppData\Local\Apple
2014-04-05 21:00 - 2014-04-05 21:00 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-05 21:00 - 2014-04-05 21:00 - 00000000 ____D () C:\ProgramData\Apple
2014-04-05 21:00 - 2014-04-05 21:00 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-04-05 16:33 - 2014-04-05 16:33 - 00000000 ____D () C:\ProgramData\DVD Shrink
2014-04-05 16:33 - 2014-04-05 16:33 - 00000000 ____D () C:\Program Files (x86)\DVD Shrink
2014-04-04 23:05 - 2014-04-04 23:05 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Oracle
2014-04-04 23:04 - 2013-11-21 00:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-04 23:03 - 2014-04-04 23:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-04 12:13 - 2014-04-04 12:13 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-04-01 16:54 - 2010-11-20 22:47 - 00012320 _____ () C:\Windows\PFRO.log
2014-03-31 09:35 - 2010-11-20 22:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-30 20:16 - 2014-04-08 12:59 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 20:13 - 2014-04-08 12:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 19:13 - 2014-04-08 12:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 18:57 - 2014-04-08 12:59 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 01:52 - 2013-11-19 22:30 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 01:52 - 2013-11-19 22:30 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 15:19 - 2014-03-27 15:22 - 00000000 ____D () C:\GAO40S
2014-03-28 15:19 - 2013-11-19 22:22 - 00000000 ____D () C:\Users\Desktop\AppData\Local\VirtualStore
2014-03-28 13:52 - 2014-03-28 13:52 - 00002532 _____ () C:\Users\Desktop\Documents\MyPlan.gml
2014-03-27 17:04 - 2014-03-27 17:04 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\com.smallblueprinter.gardenPlanner3
2014-03-27 17:04 - 2014-03-27 17:04 - 00000000 ____D () C:\Program Files (x86)\Garden Planner 3
2014-03-27 16:36 - 2013-12-07 14:58 - 00000000 ____D () C:\Program Files (x86)\ooVoo
2014-03-27 15:22 - 2014-03-27 15:22 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GARDEN ORGANIZER DELUXE
2014-03-27 15:22 - 2014-03-27 15:22 - 00000000 ____D () C:\Users\Desktop\AppData\Local\Downloaded Installations
 
Files to move or delete:
====================
C:\Users\Desktop\AppData\Roaming\CamLayout.ini
C:\Users\Desktop\AppData\Roaming\CamShapes.ini
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-09 00:15
 
==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   33.86KB   0 downloads


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:48 PM

Posted 18 April 2014 - 12:13 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer. Make sure that Addition.txt is ticked as well.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • Next please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi


cXfZ4wS.png


#3 SimGameIt

SimGameIt
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 18 April 2014 - 12:16 PM

Ok i tried running some of the other fix files before i did that scan. I looked at what you guys were doing and i went into safe mode and deleted 2 files that were added yesterday which was when the issue started. These are the 2 files i deleted. Im waiting to see if the ad audio comes back. I hope im not making issues worse. I like to learn and i think im catching on to how you guys are doing this lol. These are the 2 files i got rid of.
 

2014-04-17 17:25 - 2014-04-17 17:25 - 00000064 _____ () C:\Windows\system32\wwdyfc.rcq
2014-04-17 17:10 - 2014-04-17 17:10 - 00301959 ____S () C:\Windows\system32\bbljx.dpk


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:48 PM

Posted 18 April 2014 - 12:21 PM

Hello,

 

You are are going down on the danger road by doing things on your own. Doing so can severely cripple or render your computer. Please refrain from doing so.
Keep calm, removing malware isn't a quick process.
Just because there are similar topics it doesn't mean it's safe to follow the instructions written for other users.

 

Please post the logs when possible.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 SimGameIt

SimGameIt
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 18 April 2014 - 12:23 PM

LoL yea i know. Here is what happens when i follow instructions. LoL
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by Desktop (administrator) on DESKTOP-PC on 18-04-2014 12:17:59
Running from C:\Users\Desktop\Desktop\New folder
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\system32\SndVol.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2866301550-4198817169-727782656-1000\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36151360 2014-02-23] (ooVoo LLC)
HKU\S-1-5-21-2866301550-4198817169-727782656-1000\...\MountPoints2: {745e4880-5f6e-11e3-8d3d-d43d7e555088} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-2866301550-4198817169-727782656-1000\...\MountPoints2: {dfb3a448-5372-11e3-9134-d43d7e555088} - E:\TL-Bootstrap.exe
Startup: C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4D4B92ACA0E5CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EyDyDyDtDzzzz0D0EyC0DtN0D0Tzu0SyCzytCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=321898555&ir=", "hxxp://google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Battlelog Game Launcher) - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-19]
CHR Extension: (Google Drive) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-19]
CHR Extension: (YouTube) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-19]
CHR Extension: (Adblock Plus) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-20]
CHR Extension: (Google Search) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-19]
CHR Extension: (Google Wallet) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-11-20]
CHR Extension: (Gmail) - C:\Users\Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-19]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Desktop\AppData\Local\mysearchdial-speeddial.crx [2013-11-21]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Desktop\AppData\Local\mysearchdial-speeddial.crx [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Desktop\AppData\Local\mysearchdial-speeddial.crx [2013-11-21]
 
==================== Services (Whitelisted) =================
 
S4 ACTIVEWEBCAM; C:\Program Files\Active WebCam\WebCam.exe [6057280 2007-11-13] (PY Software)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-20] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
S3 htcusbnet; C:\Windows\System32\DRIVERS\htcusbnet.sys [154624 2011-08-04] (QUALCOMM Incorporated)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 SaiH0160; C:\Windows\System32\DRIVERS\SaiH0160.sys [179584 2008-11-24] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-18 11:47 - 2014-04-18 11:47 - 00000511 _____ () C:\Users\Desktop\Downloads\fixlist (1).txt
2014-04-18 11:34 - 2014-04-18 12:17 - 00000000 ____D () C:\FRST
2014-04-18 11:34 - 2014-04-18 11:34 - 00001603 _____ () C:\Users\Desktop\Downloads\fixlist.txt
2014-04-18 11:31 - 2014-04-18 12:17 - 00000000 ____D () C:\Users\Desktop\Desktop\New folder
2014-04-18 11:30 - 2014-04-18 11:30 - 02158592 _____ (Farbar) C:\Users\Desktop\Downloads\FRST64.exe
2014-04-18 03:05 - 2014-04-18 03:05 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-18 02:36 - 2014-04-18 02:36 - 00900815 _____ () C:\Users\Desktop\AppData\Local\census.cache
2014-04-18 02:35 - 2014-04-18 02:35 - 00164270 _____ () C:\Users\Desktop\AppData\Local\ars.cache
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\olepro32.dll
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\nvspcap.dll
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\nvd3dum.dll
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\nvapi.dll
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\crtdll.dll
2014-04-18 02:09 - 2014-04-18 02:09 - 00000010 _____ () C:\Users\Desktop\AppData\Local\sponge.last.runtime.cache
2014-04-18 02:05 - 2014-04-18 02:05 - 02467424 _____ (Trend Micro Inc.) C:\Users\Desktop\Downloads\HousecallLauncher64.exe
2014-04-18 02:05 - 2014-04-18 02:05 - 00000036 _____ () C:\Users\Desktop\AppData\Local\housecall.guid.cache
2014-04-18 02:05 - 2013-09-02 02:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-04-18 01:03 - 2014-04-18 11:38 - 00000288 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-04-18 01:03 - 2014-04-18 11:38 - 00000280 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-04-18 01:03 - 2014-04-18 01:03 - 00003038 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-04-18 01:03 - 2014-04-18 01:03 - 00002882 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-04-18 01:03 - 2014-04-18 01:03 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\systweak
2014-04-18 01:03 - 2014-04-18 01:03 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-04-18 01:03 - 2014-01-03 13:16 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-04-17 18:04 - 2014-04-18 11:48 - 00000080 _____ () C:\Windows\system32\kdnxjyd.glk
2014-04-17 17:31 - 2014-04-18 12:03 - 00037888 _____ () C:\Windows\system32\lkvhe.qiz
2014-04-17 17:25 - 2014-04-18 12:03 - 00000103 _____ () C:\Windows\system32\rhjyum.sfx
2014-04-14 18:07 - 2014-04-14 18:07 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Apple Computer
2014-04-08 12:59 - 2014-03-30 20:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-08 12:59 - 2014-03-30 20:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-08 12:59 - 2014-03-30 19:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-08 12:59 - 2014-03-30 18:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-08 12:58 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 12:58 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 12:58 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 12:58 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 12:58 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 12:58 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 12:58 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 12:58 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 12:58 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 12:58 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 12:58 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 12:58 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 12:58 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 12:58 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 12:58 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 12:58 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 12:58 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-05 21:39 - 2014-04-05 21:41 - 00000000 ____D () C:\Users\Public\CyberLink
2014-04-05 21:10 - 2014-04-05 21:10 - 00000000 ____D () C:\Users\Desktop\Documents\CyberLink
2014-04-05 21:08 - 2014-04-05 21:39 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\CyberLink
2014-04-05 21:05 - 2014-04-05 21:06 - 00000000 ____D () C:\ProgramData\SmartSound Software Inc
2014-04-05 21:05 - 2014-04-05 21:05 - 00000000 ____D () C:\ProgramData\eSellerate
2014-04-05 21:05 - 2014-04-05 21:05 - 00000000 ____D () C:\Program Files (x86)\SmartSound Software
2014-04-05 21:00 - 2014-04-05 21:01 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-05 21:00 - 2014-04-05 21:00 - 00000000 ____D () C:\Users\Desktop\AppData\Local\Apple
2014-04-05 21:00 - 2014-04-05 21:00 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-05 21:00 - 2014-04-05 21:00 - 00000000 ____D () C:\ProgramData\Apple
2014-04-05 21:00 - 2014-04-05 21:00 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-04-05 20:59 - 2014-04-05 21:06 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2014-04-05 20:57 - 2014-04-05 21:40 - 00000000 ____D () C:\ProgramData\CyberLink
2014-04-05 20:57 - 2014-04-05 21:35 - 00000000 ____D () C:\Program Files\CyberLink
2014-04-05 20:57 - 2014-04-05 21:06 - 00000000 ____D () C:\ProgramData\install_clap
2014-04-05 16:33 - 2014-04-05 16:33 - 00000000 ____D () C:\ProgramData\DVD Shrink
2014-04-05 16:33 - 2014-04-05 16:33 - 00000000 ____D () C:\Program Files (x86)\DVD Shrink
2014-04-04 23:05 - 2014-04-04 23:05 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Oracle
2014-04-04 23:03 - 2014-04-04 23:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-04 12:13 - 2014-04-04 12:13 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-28 13:52 - 2014-03-28 13:52 - 00002532 _____ () C:\Users\Desktop\Documents\MyPlan.gml
2014-03-27 17:04 - 2014-03-27 17:04 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\com.smallblueprinter.gardenPlanner3
2014-03-27 17:04 - 2014-03-27 17:04 - 00000000 ____D () C:\Program Files (x86)\Garden Planner 3
2014-03-27 15:22 - 2014-03-28 15:19 - 00000000 ____D () C:\GAO40S
2014-03-27 15:22 - 2014-03-27 15:22 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GARDEN ORGANIZER DELUXE
2014-03-27 15:22 - 2014-03-27 15:22 - 00000000 ____D () C:\Users\Desktop\AppData\Local\Downloaded Installations
 
==================== One Month Modified Files and Folders =======
 
2014-04-18 12:17 - 2014-04-18 11:34 - 00000000 ____D () C:\FRST
2014-04-18 12:17 - 2014-04-18 11:31 - 00000000 ____D () C:\Users\Desktop\Desktop\New folder
2014-04-18 12:14 - 2009-07-13 23:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 12:14 - 2009-07-13 23:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 12:13 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-18 12:10 - 2013-11-20 00:15 - 01078811 _____ () C:\Windows\WindowsUpdate.log
2014-04-18 12:07 - 2013-11-19 23:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-18 12:07 - 2013-11-19 22:30 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-18 12:07 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-18 12:07 - 2009-07-13 23:51 - 00066916 _____ () C:\Windows\setupact.log
2014-04-18 12:03 - 2014-04-17 17:31 - 00037888 _____ () C:\Windows\system32\lkvhe.qiz
2014-04-18 12:03 - 2014-04-17 17:25 - 00000103 _____ () C:\Windows\system32\rhjyum.sfx
2014-04-18 11:57 - 2013-11-19 22:30 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-18 11:48 - 2014-04-17 18:04 - 00000080 _____ () C:\Windows\system32\kdnxjyd.glk
2014-04-18 11:47 - 2014-04-18 11:47 - 00000511 _____ () C:\Users\Desktop\Downloads\fixlist (1).txt
2014-04-18 11:38 - 2014-04-18 01:03 - 00000288 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-04-18 11:38 - 2014-04-18 01:03 - 00000280 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-04-18 11:34 - 2014-04-18 11:34 - 00001603 _____ () C:\Users\Desktop\Downloads\fixlist.txt
2014-04-18 11:30 - 2014-04-18 11:30 - 02158592 _____ (Farbar) C:\Users\Desktop\Downloads\FRST64.exe
2014-04-18 03:05 - 2014-04-18 03:05 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-18 02:36 - 2014-04-18 02:36 - 00900815 _____ () C:\Users\Desktop\AppData\Local\census.cache
2014-04-18 02:35 - 2014-04-18 02:35 - 00164270 _____ () C:\Users\Desktop\AppData\Local\ars.cache
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\olepro32.dll
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\nvspcap.dll
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\nvd3dum.dll
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\nvapi.dll
2014-04-18 02:21 - 2014-04-18 02:21 - 00000000 _____ () C:\Windows\system32\crtdll.dll
2014-04-18 02:09 - 2014-04-18 02:09 - 00000010 _____ () C:\Users\Desktop\AppData\Local\sponge.last.runtime.cache
2014-04-18 02:05 - 2014-04-18 02:05 - 02467424 _____ (Trend Micro Inc.) C:\Users\Desktop\Downloads\HousecallLauncher64.exe
2014-04-18 02:05 - 2014-04-18 02:05 - 00000036 _____ () C:\Users\Desktop\AppData\Local\housecall.guid.cache
2014-04-18 01:07 - 2013-11-21 00:14 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\uTorrent
2014-04-18 01:03 - 2014-04-18 01:03 - 00003038 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-04-18 01:03 - 2014-04-18 01:03 - 00002882 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-04-18 01:03 - 2014-04-18 01:03 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\systweak
2014-04-18 01:03 - 2014-04-18 01:03 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-04-18 00:17 - 2014-01-11 17:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-17 17:48 - 2013-11-19 22:23 - 00000000 ____D () C:\Windows\pss
2014-04-17 17:48 - 2013-11-19 22:22 - 00000000 ___RD () C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-17 17:10 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-14 18:07 - 2014-04-14 18:07 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Apple Computer
2014-04-09 03:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-04-09 03:17 - 2009-07-13 23:45 - 04843112 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-05 21:41 - 2014-04-05 21:39 - 00000000 ____D () C:\Users\Public\CyberLink
2014-04-05 21:40 - 2014-04-05 20:57 - 00000000 ____D () C:\ProgramData\CyberLink
2014-04-05 21:39 - 2014-04-05 21:08 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\CyberLink
2014-04-05 21:39 - 2013-11-23 21:46 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\NVIDIA
2014-04-05 21:37 - 2013-11-19 22:30 - 00065960 _____ () C:\Users\Desktop\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-05 21:35 - 2014-04-05 20:57 - 00000000 ____D () C:\Program Files\CyberLink
2014-04-05 21:10 - 2014-04-05 21:10 - 00000000 ____D () C:\Users\Desktop\Documents\CyberLink
2014-04-05 21:10 - 2013-11-19 22:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-05 21:06 - 2014-04-05 21:05 - 00000000 ____D () C:\ProgramData\SmartSound Software Inc
2014-04-05 21:06 - 2014-04-05 20:59 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
2014-04-05 21:06 - 2014-04-05 20:57 - 00000000 ____D () C:\ProgramData\install_clap
2014-04-05 21:05 - 2014-04-05 21:05 - 00000000 ____D () C:\ProgramData\eSellerate
2014-04-05 21:05 - 2014-04-05 21:05 - 00000000 ____D () C:\Program Files (x86)\SmartSound Software
2014-04-05 21:01 - 2014-04-05 21:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-05 21:00 - 2014-04-05 21:00 - 00000000 ____D () C:\Users\Desktop\AppData\Local\Apple
2014-04-05 21:00 - 2014-04-05 21:00 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-04-05 21:00 - 2014-04-05 21:00 - 00000000 ____D () C:\ProgramData\Apple
2014-04-05 21:00 - 2014-04-05 21:00 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-04-05 16:33 - 2014-04-05 16:33 - 00000000 ____D () C:\ProgramData\DVD Shrink
2014-04-05 16:33 - 2014-04-05 16:33 - 00000000 ____D () C:\Program Files (x86)\DVD Shrink
2014-04-04 23:05 - 2014-04-04 23:05 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Oracle
2014-04-04 23:04 - 2013-11-21 00:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-04 23:03 - 2014-04-04 23:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-04 12:13 - 2014-04-04 12:13 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-04-01 16:54 - 2010-11-20 22:47 - 00012320 _____ () C:\Windows\PFRO.log
2014-03-31 09:35 - 2010-11-20 22:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-30 20:16 - 2014-04-08 12:59 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 20:13 - 2014-04-08 12:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 19:13 - 2014-04-08 12:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 18:57 - 2014-04-08 12:59 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 01:52 - 2013-11-19 22:30 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 01:52 - 2013-11-19 22:30 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-28 15:19 - 2014-03-27 15:22 - 00000000 ____D () C:\GAO40S
2014-03-28 15:19 - 2013-11-19 22:22 - 00000000 ____D () C:\Users\Desktop\AppData\Local\VirtualStore
2014-03-28 13:52 - 2014-03-28 13:52 - 00002532 _____ () C:\Users\Desktop\Documents\MyPlan.gml
2014-03-27 17:04 - 2014-03-27 17:04 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\com.smallblueprinter.gardenPlanner3
2014-03-27 17:04 - 2014-03-27 17:04 - 00000000 ____D () C:\Program Files (x86)\Garden Planner 3
2014-03-27 16:36 - 2013-12-07 14:58 - 00000000 ____D () C:\Program Files (x86)\ooVoo
2014-03-27 15:22 - 2014-03-27 15:22 - 00000000 ____D () C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GARDEN ORGANIZER DELUXE
2014-03-27 15:22 - 2014-03-27 15:22 - 00000000 ____D () C:\Users\Desktop\AppData\Local\Downloaded Installations
 
Files to move or delete:
====================
C:\Users\Desktop\AppData\Roaming\CamLayout.ini
C:\Users\Desktop\AppData\Roaming\CamShapes.ini
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-09 00:15
 
==================== End Of Log ============================
 
Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by Desktop at 2014-04-18 12:19:23
Running from C:\Users\Desktop\Desktop\New folder
Boot Mode: Normal
 
================== Search: "rpcss.dll" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
 
====== End Of Search ======

 

Attached Files



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:48 PM

Posted 18 April 2014 - 12:38 PM

Hello,

 

Registry Editor / Cleaner Warning !!



The following is referring to RegCleanPro.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.


For more information about why you should avoid using a such programs please take a look here => Registry Cleaners and System Tweaking Tools

 

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#7 SimGameIt

SimGameIt
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 18 April 2014 - 12:45 PM

Ok done here is the log.
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-04-2014 01
Ran by Desktop at 2014-04-18 12:40:04 Run:3
Running from C:\Users\Desktop\Desktop\New folder
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Desktop\AppData\Local\mysearchdial-speeddial.crx [2013-11-21]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Desktop\AppData\Local\mysearchdial-speeddial.crx [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Desktop\AppData\Local\mysearchdial-speeddial.crx [2013-11-21]
2014-04-17 18:04 - 2014-04-18 11:48 - 00000080 _____ () C:\Windows\system32\kdnxjyd.glk
2014-04-17 17:31 - 2014-04-18 12:03 - 00037888 _____ () C:\Windows\system32\lkvhe.qiz
2014-04-17 17:25 - 2014-04-18 12:03 - 00000103 _____ () C:\Windows\system32\rhjyum.sfx
C:\Users\Desktop\AppData\Local\Temp
Reboot:
end
*****************
 
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key deleted successfully.
C:\Users\Desktop\AppData\Local\mysearchdial-speeddial.crx => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key deleted successfully.
"C:\Users\Desktop\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key deleted successfully.
"C:\Users\Desktop\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
C:\Windows\system32\kdnxjyd.glk => Moved successfully.
C:\Windows\system32\lkvhe.qiz => Moved successfully.
C:\Windows\system32\rhjyum.sfx => Moved successfully.
 
"C:\Users\Desktop\AppData\Local\Temp" directory move:
 
C:\Users\Desktop\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\AUCHECK_PARSER.txt => Moved successfully.
Could not move "C:\Users\Desktop\AppData\Local\Temp\etilqs_EDRF1ldW4fVTZuU" => Scheduled to move on reboot.
Could not move "C:\Users\Desktop\AppData\Local\Temp\etilqs_Qxzncws1bdW44k9" => Scheduled to move on reboot.
Could not move "C:\Users\Desktop\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Desktop\AppData\Local\Temp\HCLauncher.log => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\JAUReg.log => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\JavaDeployReg.log => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\java_install_reg.log => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\RD47.tmp => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\Setup.INI => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\StructuredQuery.log => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\wmplog00.sqm => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\wmplog01.sqm => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\_is6222.tmp => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\{9527A496-5DF9-412A-ADC7-168BA5379CA6}\0x0409.ini => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\{9527A496-5DF9-412A-ADC7-168BA5379CA6}\setup.ini => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\BPMNT.dll => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\Config.xml => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\curl-ca-bundle.crt => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\diagnostic.log => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\hcversion64.xml => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\hc_core.dll => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\housecall.bin => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\housecall.xml => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\housecall70.cert => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\ICRCHdler.dll => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\iCRCReserve.tmp => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\LanguageMap.xml => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\libcurl.dll => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\libeay32.dll => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\libexpatw.dll => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\License.txt => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\LinkRule.xml => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\perfiCrcPerfMonMgr.dll => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\perfiCrcPerfMonMgr.ini => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\smv64.dll => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\ssleay32.dll => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\tmase.zip => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\tmcomm.cat => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\Tmcomm.inf => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\Tmcomm.sys => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\TMEBC.inf => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\TMEBC64.sys => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\TmEngDrv.dll => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\tmfbeng.dll => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\tmufeng.dll => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\TSC.INI => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\tscdll64.dll => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\utilClientLoader.dll => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\vsapi64.dll => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\tmase\config.xml => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\tmase\Inspect.exe => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\tmase\PerfMonitor.exe => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\tmase\perfmonitor.ini => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\tmase\platinum100.cert => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\tmase\tmfbeng.dll => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\tmase\tmptfb.dll => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\tmase\_TmLock_1.0.1122 => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\report\20140418.log => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\profile\Custom.template.xml => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\profile\Full.xml => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\plugin\downloader.plugin.dll => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\pattern\138700.txt => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\pattern\ar.ptn => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\pattern\cache.dat => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\pattern\crcz.ptn => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\pattern\HCClean.ptn => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\pattern\HCFrs.ptn => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\pattern\HCPolicy.ptn => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\pattern\icrc$oth.731 => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\pattern\ptn$agg.102 => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\pattern\ptn$agg.999 => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\pattern\smvptn.201 => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\pattern\tmwlchk.ptn => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\pattern\tsc.ptn => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\pattern\AU_Backup\AuBackup.ini => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\pattern\AU_Backup\3\1082130432\backup.000 => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\log\history.log => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\log\731799FD-2E1E-4F7B-8360-3285A95471F7\action.xml => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\log\731799FD-2E1E-4F7B-8360-3285A95471F7\assessreport.xml => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\log\731799FD-2E1E-4F7B-8360-3285A95471F7\backupreport.xml => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\log\731799FD-2E1E-4F7B-8360-3285A95471F7\cleanreport.xml => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\log\731799FD-2E1E-4F7B-8360-3285A95471F7\configuration.xml => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\log\731799FD-2E1E-4F7B-8360-3285A95471F7\detectreport.xml => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\log\731799FD-2E1E-4F7B-8360-3285A95471F7\scanreport.xml => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\cufon-yui.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\Interstate-Regular_400.font.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jquery.text-overflow.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\json\json2.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jquery\jquery-1.4.2.min.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jquery\jquery-1.8.2.min.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jquery\jquery-bgiframe-2.1.1.min.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jquery\jquery-ui-1.8.24.custom.min.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\jquery.jqGrid.min.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-bg.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-bg1251.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-cat.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-cn.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-cs.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-de.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-dk.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-el.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-en.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-fa.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-fi.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-fr.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-he.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-is.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-it.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-ja.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-nl.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-no.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-pl.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-pt-br.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-pt.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-ro.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-ru.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-sk.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-sp.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-sv.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-tr.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\lib\jqgrid\i18n\grid.locale-ua.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\l10n\eula_content.html => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\l10n\localization.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\js\common.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\js\common_content.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\js\index.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\js\localization.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\js\restore_threats.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\js\select_file.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\js\settings.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\js\step_content.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\js\tabcontent.js => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\banner.jpg => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\bg_console.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\bg_promotion.jpg => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\bg_step.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\bg_table.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\bg_table_checkbox.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\bg_table_title.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\btn_black.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\btn_black_grayBG.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\btn_scan.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\button_left.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\button_right.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\dotline.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\dotline_v.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\icons_risklevel_sprite.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\icon_cancel.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\icon_feedback.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\icon_log.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\icon_minimize.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\icon_premium_service.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\icon_scan_ani.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\icon_setting.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\icon_treats_status.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\loading.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\loading_24.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\logo_TM.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\mask_progress_bar.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\progress_bar.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\tab_left.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\tab_right.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\tab_setting.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\tball.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\Thumbs.db => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\TM_logo.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\images\widgetLoading_white.gif => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\html\eula_content.html => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\html\index.html => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\html\restore_sum.html => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\html\restore_threats.html => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\html\scan_step1_0.html => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\html\scan_step2_0.html => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\html\scan_step2_1.html => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\html\scan_step2_2.html => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\html\scan_step3_0.html => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\html\scan_steps.html => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\html\select_file.html => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\html\settings.html => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\buttons.css => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\container.css => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\datatable.css => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\datatable_act_icons.css => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\dialog.css => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\eula.css => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\form.css => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\jquery-ui-1.8.6.custom.css => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\popupwin.css => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\popupwin_restore.css => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\reset.css => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\settingtab.css => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\steps.css => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\style.css => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\tab.css => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\ui.jqgrid.css => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\images\Thumbs.db => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\images\ui-bg_flat_0_aaaaaa_40x100.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\images\ui-bg_flat_75_ffffff_40x100.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\images\ui-bg_glass_55_fbf9ee_1x400.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\images\ui-bg_glass_65_ffffff_1x400.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\images\ui-bg_glass_75_dadada_1x400.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\images\ui-bg_glass_75_e6e6e6_1x400.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\images\ui-bg_glass_75_ffffff_1x400.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\images\ui-bg_glass_95_fef1ec_1x400.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\images\ui-bg_highlight-soft_75_cccccc_1x100.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\images\ui-bg_inset-soft_95_fef1ec_1x100.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\images\ui-icons_222222_256x240.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\images\ui-icons_2e83ff_256x240.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\images\ui-icons_454545_256x240.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\images\ui-icons_888888_256x240.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\images\ui-icons_cd0a0a_256x240.png => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\interface\css\htc\csshover.htc => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HouseCall\AU_Backup\AuBackup.ini => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HCBackup\hcpackage64.exe => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HCBackup\hcversion64.xml => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HCBackup\iCRCReserve.tmp => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip => Moved successfully.
C:\Users\Desktop\AppData\Local\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip.etag => Moved successfully.
Could not move "C:\Users\Desktop\AppData\Local\Temp" directory. => Scheduled to move on reboot.
 
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-18 12:42:12)<=
 
C:\Users\Desktop\AppData\Local\Temp\etilqs_EDRF1ldW4fVTZuU => Is moved successfully.
C:\Users\Desktop\AppData\Local\Temp\etilqs_Qxzncws1bdW44k9 => Is moved successfully.
C:\Users\Desktop\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Desktop\AppData\Local\Temp => Moved successfully.
 
==== End of Fixlog ====


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:48 PM

Posted 18 April 2014 - 04:14 PM

Hello,

 

Nice work! We managed to clean the remnants from the infection. :)

 

Also if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:48 PM

Posted 29 April 2014 - 04:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users