Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected.Please help


  • Please log in to reply
10 replies to this topic

#1 mattymattcarmichael

mattymattcarmichael

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 15 May 2014 - 07:40 PM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 1/10/2014 7:28:55 AM System Uptime: 5/15/2014 7:45:36 PM (1 hours ago) . Motherboard: Dell Inc. | | 0RY007 Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz | Socket 775 | 2000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 37 GiB total, 5.221 GiB free. D: is CDROM () E: is FIXED (NTFS) - 77 GiB total, 17.937 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . µTorrent Adobe Flash Player 13 Plugin Adobe Reader XI (11.0.07) AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders Apple Application Support Apple Mobile Device Support Apple Software Update avast! Free Antivirus Bonjour Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish DMUninstaller Emsisoft HiJackFree 4.5 HammerTap 3 HP Deskjet 3510 series Basic Device Software iPhone Configuration Utility ISOBuddy iTunes Magic ISO Maker v5.5 (build 0281) MagicDisc 2.7.106 Malwarebytes Anti-Malware version 2.0.1.1004 Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Movavi Video Suite 12 Mozilla Firefox 28.0 (x86 en-US) Mozilla Maintenance Service MPC-HC 1.7.1 Rosetta Stone Ltd Services Rosetta Stone TOTALe Sophos Virus Removal Tool System Update kb70007 thinkorswim WinRAR 5.01 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 5/12/2014 9:42:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 5/12/2014 9:42:01 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect. 5/12/2014 9:42:01 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== uploader is not working.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:46 AM

Posted 18 May 2014 - 04:52 PM

Hi mattymattcarmichael and welcome to BC.

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Bearshare, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:

Both reports from FRST
and also explain why you think you are infected..... what symptoms is the system showing?


Thanks.

BBPP6nz.png


#3 mattymattcarmichael

mattymattcarmichael
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 18 May 2014 - 10:59 PM

When I randomly click on web pages, or click on links it shoots open a tab in fire fox and redirects me to some website that asks me to scan for viruses or it sends me to some tech support is great website. It is very weird. Thanks for the warning about P2P clients. I know very well the dangers, and I don't believe I am the source of this infection, this time. These infections happen once in a great blue moon, and its usually when someone else downloads stuff on my computers. *sigh* My girlfriend recently downloaded a program called.. "isohacker" or maybe it was.... "ISO hacktivation." Anyway, I noticed it randomly in my download history and asked her what it was, she responded with "Oh some scam program that asked me for something and then I realized it was asking me for money.." Crap. Two minutes later I opened firefox and it was infected. I have not checked IE because I don't use it.

Edited by mattymattcarmichael, 18 May 2014 - 11:01 PM.


#4 mattymattcarmichael

mattymattcarmichael
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 18 May 2014 - 11:07 PM

Okay I am having trouble uploading the text files. And I'm having trouble getting the formatting in these boxes. *sigh* every time that I try and upload the logs it just spins and spins, even the "basic uploader" link does nothing.

#5 mattymattcarmichael

mattymattcarmichael
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 18 May 2014 - 11:10 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014 Ran by Fredric (administrator) on FREDRIC-PC on 18-05-2014 23:50:59 Running from C:\Users\Fredric\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe () C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe (The Privoxy team - www.privoxy.org) C:\Program Files (x86)\MSR\Privoxy\privoxy.exe (MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files (x86)\Hammertap\HammerTap3\HammerTap3.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-03] (AVAST Software) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-06-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) Startup: C:\Users\Fredric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA6FBE1366328CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Fredric\AppData\Roaming\Mozilla\Firefox\Profiles\5xan6uh4.default-1399428356562 FF DefaultSearchEngine: Startpage HTTPS FF Homepage: infowars.com FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8118 FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 8118 FF NetworkProxy: "type", 1 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: tdameritrade.com/thinkorswim - C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade) FF Plugin HKCU: tdameritrade.com/tossc - C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade) FF SearchPlugin: C:\Users\Fredric\AppData\Roaming\Mozilla\Firefox\Profiles\5xan6uh4.default-1399428356562\searchplugins\startpage-https.xml FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Fredric\AppData\Roaming\Mozilla\Firefox\Profiles\5xan6uh4.default-1399428356562\Extensions\artur.dubovoy@gmail.com [2014-05-09] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-10] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-03] (AVAST Software) R2 System Update kb70007; C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe [16384 2014-04-23] () ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-03] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-03] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-03] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-03] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-12] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-12] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-12] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-03] () S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.) R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.) S3 MFE_RR; \??\C:\Users\Fredric\AppData\Local\Temp\mfe_rr.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-18 23:49 - 2014-05-18 23:51 - 00007736 _____ () C:\Users\Fredric\Downloads\FRST.txt 2014-05-18 23:49 - 2014-05-18 23:50 - 00019187 _____ () C:\Users\Fredric\Downloads\Addition.txt 2014-05-18 23:49 - 2014-05-18 23:50 - 00000000 ____D () C:\FRST 2014-05-18 23:47 - 2014-05-18 23:48 - 02067456 _____ (Farbar) C:\Users\Fredric\Downloads\FRST64.exe 2014-05-16 17:20 - 2014-05-16 23:46 - 00001361 _____ () C:\Users\Fredric\Desktop\Ad Space.txt 2014-05-16 01:08 - 2014-05-16 01:08 - 00001050 _____ () C:\Users\Fredric\Desktop\mwb.txt 2014-05-15 22:04 - 2014-05-15 22:09 - 00000000 ____D () C:\Users\Fredric\Downloads\WWE.Tables.Ladders.Chairs.2002.DVDRiP.x264-KYR[rarbg] 2014-05-15 21:41 - 2014-05-15 21:41 - 04745728 _____ (AVAST Software) C:\Users\Fredric\Downloads\aswmbr.exe 2014-05-15 21:41 - 2014-05-15 21:41 - 00380416 _____ () C:\Users\Fredric\Downloads\lpy9exsz.exe 2014-05-15 20:22 - 2014-05-15 20:22 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Fredric\Downloads\tdsskiller.exe 2014-05-15 20:16 - 2014-05-15 20:16 - 00001672 _____ () C:\Users\Fredric\Desktop\attach.zip 2014-05-15 20:10 - 2014-05-15 20:11 - 00688992 ____R (Swearware) C:\Users\Fredric\Downloads\dds(1).com 2014-05-15 20:04 - 2014-05-15 20:17 - 1555311269 ____R () C:\Users\Fredric\Downloads\UFC.172.26th.April.2014.HDTV.x264-Sir.Paul.mp4 2014-05-12 09:44 - 2014-05-12 09:44 - 00000085 _____ () C:\Windows\wininit.ini 2014-05-11 22:47 - 2014-05-15 23:50 - 00000000 ____D () C:\Users\Fredric\Downloads\Civilization.II.The.Test.Of.Time.FARLIGHT 2014-05-11 22:39 - 2014-05-11 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISOBuddy 2014-05-11 22:39 - 2014-05-11 22:39 - 00000000 ____D () C:\Program Files (x86)\Pixbyte 2014-05-11 22:19 - 2014-05-11 22:20 - 03390147 _____ (Pixbyte Development SL) C:\Users\Fredric\Downloads\ISOBuddy1113.exe 2014-05-11 22:17 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe 2014-05-11 21:37 - 2014-05-11 21:57 - 00000000 ____D () C:\Users\Fredric\Downloads\The Walking Dead Season 4 S04 E09-E16 Web-dl 720p x264 5.1ch [C7B] 2014-05-10 22:25 - 2014-05-11 22:45 - 00000000 ____D () C:\Users\Fredric\Downloads\Civ 2 2014-05-10 21:44 - 2014-05-10 21:44 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys 2014-05-10 21:43 - 2014-05-10 21:43 - 01805736 _____ (Symantec Corporation) C:\Users\Fredric\Downloads\FixZeroAccess.exe 2014-05-10 21:40 - 2014-05-10 21:40 - 00000000 ____D () C:\Qoobox 2014-05-10 21:39 - 2014-05-10 21:42 - 00000000 ___SD () C:\32788R22FWJFW 2014-05-10 21:39 - 2014-05-10 21:39 - 00000000 ____D () C:\Windows\erdnt 2014-05-10 21:38 - 2014-05-15 20:15 - 00010732 _____ () C:\Users\Fredric\Desktop\dds.txt 2014-05-10 21:38 - 2014-05-15 20:15 - 00003135 _____ () C:\Users\Fredric\Desktop\attach.txt 2014-05-10 21:38 - 2014-05-10 21:38 - 05200347 ____R (Swearware) C:\Users\Fredric\Downloads\ComboFix.exe 2014-05-10 21:36 - 2014-05-10 21:36 - 00688992 ____R (Swearware) C:\Users\Fredric\Downloads\dds.com 2014-05-10 21:33 - 2014-05-10 21:33 - 03415088 _____ () C:\Users\Fredric\Downloads\avg_remover_zeroaccess.exe 2014-05-10 21:24 - 2014-05-10 21:24 - 00001104 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk 2014-05-10 21:24 - 2014-05-10 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree 2014-05-10 21:24 - 2014-05-10 21:24 - 00000000 ____D () C:\Program Files (x86)\Emsisoft HiJackFree 2014-05-10 21:23 - 2014-05-10 21:23 - 02926008 _____ (Emsisoft GmbH ) C:\Users\Fredric\Downloads\EmsisoftHiJackFreeSetup.exe 2014-05-10 21:05 - 2014-05-10 21:16 - 00000000 ____D () C:\Windows\pss 2014-05-07 13:49 - 2014-05-07 13:51 - 00000000 ____D () C:\Users\Fredric\Downloads\The 5.6.7.8's (Garage,Surf) 2014-05-06 22:06 - 2014-05-06 22:06 - 00000000 ____D () C:\Users\Fredric\Desktop\Old Firefox Data 2014-05-06 21:46 - 2014-05-06 21:46 - 00000000 ____D () C:\ProgramData\Sophos 2014-05-06 21:45 - 2014-05-06 21:45 - 00003215 _____ () C:\Users\Fredric\Desktop\Sophos Virus Removal Tool.lnk 2014-05-06 21:45 - 2014-05-06 21:45 - 00000000 ____D () C:\Users\Fredric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2014-05-06 21:45 - 2014-05-06 21:45 - 00000000 ____D () C:\Program Files (x86)\Sophos 2014-05-06 05:56 - 2014-05-06 05:56 - 00000000 ____D () C:\Users\Fredric\Documents\ProcAlyzer Dumps 2014-05-06 05:56 - 2014-05-05 23:27 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140506-055656.backup 2014-05-05 23:27 - 2014-05-05 22:45 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140505-232757.backup 2014-05-05 22:45 - 2009-06-10 17:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140505-224514.backup 2014-05-05 22:23 - 2014-05-13 13:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-05-05 22:23 - 2014-05-12 09:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-05 22:23 - 2014-05-05 22:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-05-03 07:54 - 2014-05-03 08:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-05-03 07:45 - 2014-05-03 08:12 - 00000000 ____D () C:\Users\Fredric\Desktop\mbar 2014-05-03 00:44 - 2014-05-03 00:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-05-03 00:44 - 2014-05-03 00:44 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-05-03 00:29 - 2014-05-16 00:05 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-03 00:29 - 2014-05-03 07:45 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-03 00:29 - 2014-05-03 00:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-03 00:29 - 2014-05-03 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-03 00:29 - 2014-05-03 00:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-03 00:29 - 2014-05-03 00:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-03 00:29 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-03 00:29 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-01 20:38 - 2014-05-01 20:38 - 00000000 ____D () C:\Program Files (x86)\predm 2014-05-01 20:26 - 2014-05-01 20:27 - 00000000 ____D () C:\Program Files (x86)\MSR 2014-04-23 22:30 - 2014-04-23 22:30 - 00003171 _____ () C:\Users\Fredric\Desktop\HammerTap.lnk 2014-04-23 22:30 - 2014-04-23 22:30 - 00000000 ____D () C:\Users\Fredric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammertap 2014-04-23 22:30 - 2014-04-23 22:30 - 00000000 ____D () C:\Program Files (x86)\Hammertap 2014-04-23 22:29 - 2014-04-23 22:29 - 00000000 ____D () C:\Windows\Downloaded Installations ==================== One Month Modified Files and Folders ======= 2014-05-18 23:51 - 2014-05-18 23:49 - 00007736 _____ () C:\Users\Fredric\Downloads\FRST.txt 2014-05-18 23:50 - 2014-05-18 23:49 - 00019187 _____ () C:\Users\Fredric\Downloads\Addition.txt 2014-05-18 23:50 - 2014-05-18 23:49 - 00000000 ____D () C:\FRST 2014-05-18 23:48 - 2014-05-18 23:47 - 02067456 _____ (Farbar) C:\Users\Fredric\Downloads\FRST64.exe 2014-05-18 23:23 - 2009-07-14 00:51 - 00063528 _____ () C:\Windows\setupact.log 2014-05-18 22:59 - 2009-07-14 00:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-18 22:59 - 2009-07-14 00:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-18 21:21 - 2014-01-10 10:58 - 01028457 _____ () C:\Windows\WindowsUpdate.log 2014-05-18 21:02 - 2014-01-10 08:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-05-18 21:01 - 2009-07-14 01:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-18 20:57 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-16 23:46 - 2014-05-16 17:20 - 00001361 _____ () C:\Users\Fredric\Desktop\Ad Space.txt 2014-05-16 23:46 - 2014-01-10 10:10 - 00000000 ____D () C:\Users\Fredric\AppData\Roaming\uTorrent 2014-05-16 01:08 - 2014-05-16 01:08 - 00001050 _____ () C:\Users\Fredric\Desktop\mwb.txt 2014-05-16 00:05 - 2014-05-03 00:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-15 23:50 - 2014-05-11 22:47 - 00000000 ____D () C:\Users\Fredric\Downloads\Civilization.II.The.Test.Of.Time.FARLIGHT 2014-05-15 22:09 - 2014-05-15 22:04 - 00000000 ____D () C:\Users\Fredric\Downloads\WWE.Tables.Ladders.Chairs.2002.DVDRiP.x264-KYR[rarbg] 2014-05-15 21:41 - 2014-05-15 21:41 - 04745728 _____ (AVAST Software) C:\Users\Fredric\Downloads\aswmbr.exe 2014-05-15 21:41 - 2014-05-15 21:41 - 00380416 _____ () C:\Users\Fredric\Downloads\lpy9exsz.exe 2014-05-15 20:22 - 2014-05-15 20:22 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Fredric\Downloads\tdsskiller.exe 2014-05-15 20:17 - 2014-05-15 20:04 - 1555311269 ____R () C:\Users\Fredric\Downloads\UFC.172.26th.April.2014.HDTV.x264-Sir.Paul.mp4 2014-05-15 20:16 - 2014-05-15 20:16 - 00001672 _____ () C:\Users\Fredric\Desktop\attach.zip 2014-05-15 20:15 - 2014-05-10 21:38 - 00010732 _____ () C:\Users\Fredric\Desktop\dds.txt 2014-05-15 20:15 - 2014-05-10 21:38 - 00003135 _____ () C:\Users\Fredric\Desktop\attach.txt 2014-05-15 20:11 - 2014-05-15 20:10 - 00688992 ____R (Swearware) C:\Users\Fredric\Downloads\dds(1).com 2014-05-15 19:51 - 2014-01-27 23:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-15 05:45 - 2014-01-31 22:36 - 00000000 ____D () C:\Users\Fredric\Desktop\ip 2014-05-13 13:18 - 2014-05-05 22:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-05-13 13:18 - 2010-11-20 23:47 - 00015654 _____ () C:\Windows\PFRO.log 2014-05-12 09:46 - 2014-01-10 08:47 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-05-12 09:46 - 2014-01-10 08:47 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-05-12 09:46 - 2014-01-10 08:47 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-05-12 09:44 - 2014-05-12 09:44 - 00000085 _____ () C:\Windows\wininit.ini 2014-05-12 09:44 - 2014-05-05 22:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-11 22:45 - 2014-05-10 22:25 - 00000000 ____D () C:\Users\Fredric\Downloads\Civ 2 2014-05-11 22:39 - 2014-05-11 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISOBuddy 2014-05-11 22:39 - 2014-05-11 22:39 - 00000000 ____D () C:\Program Files (x86)\Pixbyte 2014-05-11 22:20 - 2014-05-11 22:19 - 03390147 _____ (Pixbyte Development SL) C:\Users\Fredric\Downloads\ISOBuddy1113.exe 2014-05-11 21:57 - 2014-05-11 21:37 - 00000000 ____D () C:\Users\Fredric\Downloads\The Walking Dead Season 4 S04 E09-E16 Web-dl 720p x264 5.1ch [C7B] 2014-05-10 21:44 - 2014-05-10 21:44 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys 2014-05-10 21:43 - 2014-05-10 21:43 - 01805736 _____ (Symantec Corporation) C:\Users\Fredric\Downloads\FixZeroAccess.exe 2014-05-10 21:42 - 2014-05-10 21:39 - 00000000 ___SD () C:\32788R22FWJFW 2014-05-10 21:40 - 2014-05-10 21:40 - 00000000 ____D () C:\Qoobox 2014-05-10 21:39 - 2014-05-10 21:39 - 00000000 ____D () C:\Windows\erdnt 2014-05-10 21:38 - 2014-05-10 21:38 - 05200347 ____R (Swearware) C:\Users\Fredric\Downloads\ComboFix.exe 2014-05-10 21:36 - 2014-05-10 21:36 - 00688992 ____R (Swearware) C:\Users\Fredric\Downloads\dds.com 2014-05-10 21:33 - 2014-05-10 21:33 - 03415088 _____ () C:\Users\Fredric\Downloads\avg_remover_zeroaccess.exe 2014-05-10 21:24 - 2014-05-10 21:24 - 00001104 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk 2014-05-10 21:24 - 2014-05-10 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree 2014-05-10 21:24 - 2014-05-10 21:24 - 00000000 ____D () C:\Program Files (x86)\Emsisoft HiJackFree 2014-05-10 21:23 - 2014-05-10 21:23 - 02926008 _____ (Emsisoft GmbH ) C:\Users\Fredric\Downloads\EmsisoftHiJackFreeSetup.exe 2014-05-10 21:16 - 2014-05-10 21:05 - 00000000 ____D () C:\Windows\pss 2014-05-09 19:57 - 2014-01-10 10:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-09 19:57 - 2014-01-10 10:18 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-07 13:51 - 2014-05-07 13:49 - 00000000 ____D () C:\Users\Fredric\Downloads\The 5.6.7.8's (Garage,Surf) 2014-05-06 22:06 - 2014-05-06 22:06 - 00000000 ____D () C:\Users\Fredric\Desktop\Old Firefox Data 2014-05-06 21:46 - 2014-05-06 21:46 - 00000000 ____D () C:\ProgramData\Sophos 2014-05-06 21:45 - 2014-05-06 21:45 - 00003215 _____ () C:\Users\Fredric\Desktop\Sophos Virus Removal Tool.lnk 2014-05-06 21:45 - 2014-05-06 21:45 - 00000000 ____D () C:\Users\Fredric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2014-05-06 21:45 - 2014-05-06 21:45 - 00000000 ____D () C:\Program Files (x86)\Sophos 2014-05-06 05:56 - 2014-05-06 05:56 - 00000000 ____D () C:\Users\Fredric\Documents\ProcAlyzer Dumps 2014-05-05 23:27 - 2014-05-06 05:56 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140506-055656.backup 2014-05-05 22:45 - 2014-05-05 23:27 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140505-232757.backup 2014-05-05 22:23 - 2014-05-05 22:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-05-03 08:12 - 2014-05-03 07:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-05-03 08:12 - 2014-05-03 07:45 - 00000000 ____D () C:\Users\Fredric\Desktop\mbar 2014-05-03 07:45 - 2014-05-03 00:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-03 00:44 - 2014-05-03 00:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-05-03 00:44 - 2014-05-03 00:44 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-05-03 00:44 - 2014-04-12 20:13 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-05-03 00:44 - 2014-01-10 08:47 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1399902413248 2014-05-03 00:44 - 2014-01-10 08:47 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1399902413248 2014-05-03 00:44 - 2014-01-10 08:47 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-05-03 00:44 - 2014-01-10 08:47 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-05-03 00:44 - 2014-01-10 08:47 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-05-03 00:44 - 2014-01-10 08:47 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-05-03 00:44 - 2014-01-10 08:47 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-05-03 00:29 - 2014-05-03 00:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-03 00:29 - 2014-05-03 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-03 00:29 - 2014-05-03 00:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-03 00:29 - 2014-05-03 00:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-01 20:39 - 2014-03-29 03:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-01 20:38 - 2014-05-01 20:38 - 00000000 ____D () C:\Program Files (x86)\predm 2014-05-01 20:27 - 2014-05-01 20:26 - 00000000 ____D () C:\Program Files (x86)\MSR 2014-04-23 22:30 - 2014-04-23 22:30 - 00003171 _____ () C:\Users\Fredric\Desktop\HammerTap.lnk 2014-04-23 22:30 - 2014-04-23 22:30 - 00000000 ____D () C:\Users\Fredric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammertap 2014-04-23 22:30 - 2014-04-23 22:30 - 00000000 ____D () C:\Program Files (x86)\Hammertap 2014-04-23 22:29 - 2014-04-23 22:29 - 00000000 ____D () C:\Windows\Downloaded Installations ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 00:01 ==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014 Ran by Fredric at 2014-05-18 23:51:34 Running from C:\Users\Fredric\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.938.1 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.70611.1329 - Advanced Micro Devices, Inc.) Hidden Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center (x32 Version: 2012.0611.1251.21046 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0611.1251.21046 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.0611.1251.21046 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0611.1251.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0611.1251.21046 - Advanced Micro Devices, Inc.) Hidden DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION Emsisoft HiJackFree 4.5 (HKLM-x32\...\Emsisoft HiJackFree_is1) (Version: 4.5 - Emsisoft GmbH) HammerTap 3 (HKLM-x32\...\{1C84BF7A-168C-424F-9CAC-260624C92C1A}) (Version: 3.1.1021 - Hammertap) HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) iPhone Configuration Utility (HKLM-x32\...\{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}) (Version: 3.6.2.300 - Apple Inc.) ISOBuddy (HKLM-x32\...\ISOBuddy) (Version: - ) iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - ) MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - ) Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Movavi Video Suite 12 (HKLM-x32\...\Movavi Video Suite 12) (Version: 12.0.0 - Movavi) Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MPC-HC 1.7.1 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.1.0 - MPC-HC Team) Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.) Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.4 - Sophos Limited) System Update kb70007 (x32 Version: 1.0.0 - MSR) Hidden thinkorswim (HKLM-x32\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-13 22:34 - 2014-05-06 05:56 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {86B533FF-70D2-437E-B432-83CA7961D6CD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-03] (AVAST Software) ==================== Loaded Modules (whitelisted) ============= 2014-05-01 20:27 - 2014-04-23 18:52 - 00016384 _____ () C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe 2012-06-11 13:45 - 2012-06-11 13:45 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2008-10-06 16:34 - 2008-10-06 16:34 - 09297920 _____ () C:\Program Files (x86)\Hammertap\HammerTap3\HammerTap3.exe 2014-05-17 16:31 - 2014-05-17 16:31 - 02253312 _____ () C:\Program Files\AVAST Software\Avast\defs\14051701\algo.dll 2014-05-18 20:58 - 2014-05-18 20:58 - 02253312 _____ () C:\Program Files\AVAST Software\Avast\defs\14051801\algo.dll 2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-05-01 20:27 - 2014-04-23 18:52 - 00033792 _____ () C:\Windows\Microsoft\System Update kb70007\InstallerLibrary.dll 2014-05-01 20:27 - 2014-04-23 18:52 - 00015360 _____ () C:\Windows\Microsoft\System Update kb70007\Installer.dll 2014-05-01 20:27 - 2014-05-18 20:57 - 00086528 _____ () C:\Program Files (x86)\MSR\Privoxy\mgwz.dll 2014-01-10 08:47 - 2014-01-10 08:47 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2003-08-22 08:23 - 2003-08-22 08:23 - 00225792 _____ () C:\Program Files (x86)\Hammertap\HammerTap3\sqlite.dll 2014-03-29 03:27 - 2014-03-29 03:28 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/18/2014 08:58:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/17/2014 10:05:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/17/2014 08:27:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/15/2014 07:47:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/14/2014 09:20:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/13/2014 01:20:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/12/2014 09:40:17 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/11/2014 09:27:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/11/2014 07:52:48 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/10/2014 09:46:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (05/12/2014 09:42:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The iPod Service service failed to start due to the following error: %%1053 Error: (05/12/2014 09:42:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect. Error: (05/12/2014 09:42:02 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053iPod Service{063D34A4-BF84-4B8D-B699-E8CA06504DDE} Error: (05/10/2014 09:16:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (05/10/2014 09:16:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (05/10/2014 09:16:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (05/10/2014 09:16:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (05/10/2014 09:16:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (05/10/2014 09:15:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (05/10/2014 09:15:59 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Microsoft Office Sessions: ========================= Error: (05/18/2014 08:58:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/17/2014 10:05:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/17/2014 08:27:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/15/2014 07:47:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/14/2014 09:20:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/13/2014 01:20:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/12/2014 09:40:17 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/11/2014 09:27:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/11/2014 07:52:48 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/10/2014 09:46:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 56% Total physical RAM: 2046.18 MB Available physical RAM: 888.19 MB Total Pagefile: 4092.35 MB Available Pagefile: 2327.54 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:37.15 GB) (Free:3.53 GB) NTFS Drive e: (New Volume) (Fixed) (Total:76.69 GB) (Free:17.94 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 37 GB) (Disk ID: D0F4738C) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=37 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 77 GB) (Disk ID: 2111E6DD) Partition 1: (Not Active) - (Size=77 GB) - (Type=07 NTFS) ==================== End Of Log ============================

#6 mattymattcarmichael

mattymattcarmichael
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 18 May 2014 - 11:25 PM

used IE to upload

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Fredric (administrator) on FREDRIC-PC on 18-05-2014 23:50:59
Running from C:\Users\Fredric\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
() C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Hammertap\HammerTap3\HammerTap3.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-03] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Startup: C:\Users\Fredric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA6FBE1366328CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Fredric\AppData\Roaming\Mozilla\Firefox\Profiles\5xan6uh4.default-1399428356562
FF DefaultSearchEngine: Startpage HTTPS
FF Homepage: infowars.com
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: tdameritrade.com/thinkorswim - C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKCU: tdameritrade.com/tossc - C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade)
FF SearchPlugin: C:\Users\Fredric\AppData\Roaming\Mozilla\Firefox\Profiles\5xan6uh4.default-1399428356562\searchplugins\startpage-https.xml
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Fredric\AppData\Roaming\Mozilla\Firefox\Profiles\5xan6uh4.default-1399428356562\Extensions\artur.dubovoy@gmail.com [2014-05-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-10]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-03] (AVAST Software)
R2 System Update kb70007; C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe [16384 2014-04-23] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-03] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
S3 MFE_RR; \??\C:\Users\Fredric\AppData\Local\Temp\mfe_rr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-18 23:49 - 2014-05-18 23:51 - 00007736 _____ () C:\Users\Fredric\Downloads\FRST.txt
2014-05-18 23:49 - 2014-05-18 23:50 - 00019187 _____ () C:\Users\Fredric\Downloads\Addition.txt
2014-05-18 23:49 - 2014-05-18 23:50 - 00000000 ____D () C:\FRST
2014-05-18 23:47 - 2014-05-18 23:48 - 02067456 _____ (Farbar) C:\Users\Fredric\Downloads\FRST64.exe
2014-05-16 17:20 - 2014-05-16 23:46 - 00001361 _____ () C:\Users\Fredric\Desktop\Ad Space.txt
2014-05-16 01:08 - 2014-05-16 01:08 - 00001050 _____ () C:\Users\Fredric\Desktop\mwb.txt
2014-05-15 22:04 - 2014-05-15 22:09 - 00000000 ____D () C:\Users\Fredric\Downloads\WWE.Tables.Ladders.Chairs.2002.DVDRiP.x264-KYR[rarbg]
2014-05-15 21:41 - 2014-05-15 21:41 - 04745728 _____ (AVAST Software) C:\Users\Fredric\Downloads\aswmbr.exe
2014-05-15 21:41 - 2014-05-15 21:41 - 00380416 _____ () C:\Users\Fredric\Downloads\lpy9exsz.exe
2014-05-15 20:22 - 2014-05-15 20:22 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Fredric\Downloads\tdsskiller.exe
2014-05-15 20:16 - 2014-05-15 20:16 - 00001672 _____ () C:\Users\Fredric\Desktop\attach.zip
2014-05-15 20:10 - 2014-05-15 20:11 - 00688992 ____R (Swearware) C:\Users\Fredric\Downloads\dds(1).com
2014-05-15 20:04 - 2014-05-15 20:17 - 1555311269 ____R () C:\Users\Fredric\Downloads\UFC.172.26th.April.2014.HDTV.x264-Sir.Paul.mp4
2014-05-12 09:44 - 2014-05-12 09:44 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-11 22:47 - 2014-05-15 23:50 - 00000000 ____D () C:\Users\Fredric\Downloads\Civilization.II.The.Test.Of.Time.FARLIGHT
2014-05-11 22:39 - 2014-05-11 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISOBuddy
2014-05-11 22:39 - 2014-05-11 22:39 - 00000000 ____D () C:\Program Files (x86)\Pixbyte
2014-05-11 22:19 - 2014-05-11 22:20 - 03390147 _____ (Pixbyte Development SL) C:\Users\Fredric\Downloads\ISOBuddy1113.exe
2014-05-11 22:17 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2014-05-11 21:37 - 2014-05-11 21:57 - 00000000 ____D () C:\Users\Fredric\Downloads\The Walking Dead Season 4 S04 E09-E16 Web-dl 720p x264 5.1ch [C7B]
2014-05-10 22:25 - 2014-05-11 22:45 - 00000000 ____D () C:\Users\Fredric\Downloads\Civ 2
2014-05-10 21:44 - 2014-05-10 21:44 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2014-05-10 21:43 - 2014-05-10 21:43 - 01805736 _____ (Symantec Corporation) C:\Users\Fredric\Downloads\FixZeroAccess.exe
2014-05-10 21:40 - 2014-05-10 21:40 - 00000000 ____D () C:\Qoobox
2014-05-10 21:39 - 2014-05-10 21:42 - 00000000 ___SD () C:\32788R22FWJFW
2014-05-10 21:39 - 2014-05-10 21:39 - 00000000 ____D () C:\Windows\erdnt
2014-05-10 21:38 - 2014-05-15 20:15 - 00010732 _____ () C:\Users\Fredric\Desktop\dds.txt
2014-05-10 21:38 - 2014-05-15 20:15 - 00003135 _____ () C:\Users\Fredric\Desktop\attach.txt
2014-05-10 21:38 - 2014-05-10 21:38 - 05200347 ____R (Swearware) C:\Users\Fredric\Downloads\ComboFix.exe
2014-05-10 21:36 - 2014-05-10 21:36 - 00688992 ____R (Swearware) C:\Users\Fredric\Downloads\dds.com
2014-05-10 21:33 - 2014-05-10 21:33 - 03415088 _____ () C:\Users\Fredric\Downloads\avg_remover_zeroaccess.exe
2014-05-10 21:24 - 2014-05-10 21:24 - 00001104 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-05-10 21:24 - 2014-05-10 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-05-10 21:24 - 2014-05-10 21:24 - 00000000 ____D () C:\Program Files (x86)\Emsisoft HiJackFree
2014-05-10 21:23 - 2014-05-10 21:23 - 02926008 _____ (Emsisoft GmbH ) C:\Users\Fredric\Downloads\EmsisoftHiJackFreeSetup.exe
2014-05-10 21:05 - 2014-05-10 21:16 - 00000000 ____D () C:\Windows\pss
2014-05-07 13:49 - 2014-05-07 13:51 - 00000000 ____D () C:\Users\Fredric\Downloads\The 5.6.7.8's (Garage,Surf)
2014-05-06 22:06 - 2014-05-06 22:06 - 00000000 ____D () C:\Users\Fredric\Desktop\Old Firefox Data
2014-05-06 21:46 - 2014-05-06 21:46 - 00000000 ____D () C:\ProgramData\Sophos
2014-05-06 21:45 - 2014-05-06 21:45 - 00003215 _____ () C:\Users\Fredric\Desktop\Sophos Virus Removal Tool.lnk
2014-05-06 21:45 - 2014-05-06 21:45 - 00000000 ____D () C:\Users\Fredric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-05-06 21:45 - 2014-05-06 21:45 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-05-06 05:56 - 2014-05-06 05:56 - 00000000 ____D () C:\Users\Fredric\Documents\ProcAlyzer Dumps
2014-05-06 05:56 - 2014-05-05 23:27 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140506-055656.backup
2014-05-05 23:27 - 2014-05-05 22:45 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140505-232757.backup
2014-05-05 22:45 - 2009-06-10 17:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140505-224514.backup
2014-05-05 22:23 - 2014-05-13 13:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-05 22:23 - 2014-05-12 09:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-05 22:23 - 2014-05-05 22:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-03 07:54 - 2014-05-03 08:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-03 07:45 - 2014-05-03 08:12 - 00000000 ____D () C:\Users\Fredric\Desktop\mbar
2014-05-03 00:44 - 2014-05-03 00:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-03 00:44 - 2014-05-03 00:44 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-03 00:29 - 2014-05-16 00:05 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-03 00:29 - 2014-05-03 07:45 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-03 00:29 - 2014-05-03 00:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-03 00:29 - 2014-05-03 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-03 00:29 - 2014-05-03 00:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-03 00:29 - 2014-05-03 00:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-03 00:29 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-03 00:29 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-01 20:38 - 2014-05-01 20:38 - 00000000 ____D () C:\Program Files (x86)\predm
2014-05-01 20:26 - 2014-05-01 20:27 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-04-23 22:30 - 2014-04-23 22:30 - 00003171 _____ () C:\Users\Fredric\Desktop\HammerTap.lnk
2014-04-23 22:30 - 2014-04-23 22:30 - 00000000 ____D () C:\Users\Fredric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammertap
2014-04-23 22:30 - 2014-04-23 22:30 - 00000000 ____D () C:\Program Files (x86)\Hammertap
2014-04-23 22:29 - 2014-04-23 22:29 - 00000000 ____D () C:\Windows\Downloaded Installations

==================== One Month Modified Files and Folders =======

2014-05-18 23:51 - 2014-05-18 23:49 - 00007736 _____ () C:\Users\Fredric\Downloads\FRST.txt
2014-05-18 23:50 - 2014-05-18 23:49 - 00019187 _____ () C:\Users\Fredric\Downloads\Addition.txt
2014-05-18 23:50 - 2014-05-18 23:49 - 00000000 ____D () C:\FRST
2014-05-18 23:48 - 2014-05-18 23:47 - 02067456 _____ (Farbar) C:\Users\Fredric\Downloads\FRST64.exe
2014-05-18 23:23 - 2009-07-14 00:51 - 00063528 _____ () C:\Windows\setupact.log
2014-05-18 22:59 - 2009-07-14 00:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 22:59 - 2009-07-14 00:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 21:21 - 2014-01-10 10:58 - 01028457 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 21:02 - 2014-01-10 08:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-18 21:01 - 2009-07-14 01:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-18 20:57 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-16 23:46 - 2014-05-16 17:20 - 00001361 _____ () C:\Users\Fredric\Desktop\Ad Space.txt
2014-05-16 23:46 - 2014-01-10 10:10 - 00000000 ____D () C:\Users\Fredric\AppData\Roaming\uTorrent
2014-05-16 01:08 - 2014-05-16 01:08 - 00001050 _____ () C:\Users\Fredric\Desktop\mwb.txt
2014-05-16 00:05 - 2014-05-03 00:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 23:50 - 2014-05-11 22:47 - 00000000 ____D () C:\Users\Fredric\Downloads\Civilization.II.The.Test.Of.Time.FARLIGHT
2014-05-15 22:09 - 2014-05-15 22:04 - 00000000 ____D () C:\Users\Fredric\Downloads\WWE.Tables.Ladders.Chairs.2002.DVDRiP.x264-KYR[rarbg]
2014-05-15 21:41 - 2014-05-15 21:41 - 04745728 _____ (AVAST Software) C:\Users\Fredric\Downloads\aswmbr.exe
2014-05-15 21:41 - 2014-05-15 21:41 - 00380416 _____ () C:\Users\Fredric\Downloads\lpy9exsz.exe
2014-05-15 20:22 - 2014-05-15 20:22 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\Fredric\Downloads\tdsskiller.exe
2014-05-15 20:17 - 2014-05-15 20:04 - 1555311269 ____R () C:\Users\Fredric\Downloads\UFC.172.26th.April.2014.HDTV.x264-Sir.Paul.mp4
2014-05-15 20:16 - 2014-05-15 20:16 - 00001672 _____ () C:\Users\Fredric\Desktop\attach.zip
2014-05-15 20:15 - 2014-05-10 21:38 - 00010732 _____ () C:\Users\Fredric\Desktop\dds.txt
2014-05-15 20:15 - 2014-05-10 21:38 - 00003135 _____ () C:\Users\Fredric\Desktop\attach.txt
2014-05-15 20:11 - 2014-05-15 20:10 - 00688992 ____R (Swearware) C:\Users\Fredric\Downloads\dds(1).com
2014-05-15 19:51 - 2014-01-27 23:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 05:45 - 2014-01-31 22:36 - 00000000 ____D () C:\Users\Fredric\Desktop\ip
2014-05-13 13:18 - 2014-05-05 22:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-13 13:18 - 2010-11-20 23:47 - 00015654 _____ () C:\Windows\PFRO.log
2014-05-12 09:46 - 2014-01-10 08:47 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-12 09:46 - 2014-01-10 08:47 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-12 09:46 - 2014-01-10 08:47 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-12 09:44 - 2014-05-12 09:44 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-12 09:44 - 2014-05-05 22:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-11 22:45 - 2014-05-10 22:25 - 00000000 ____D () C:\Users\Fredric\Downloads\Civ 2
2014-05-11 22:39 - 2014-05-11 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISOBuddy
2014-05-11 22:39 - 2014-05-11 22:39 - 00000000 ____D () C:\Program Files (x86)\Pixbyte
2014-05-11 22:20 - 2014-05-11 22:19 - 03390147 _____ (Pixbyte Development SL) C:\Users\Fredric\Downloads\ISOBuddy1113.exe
2014-05-11 21:57 - 2014-05-11 21:37 - 00000000 ____D () C:\Users\Fredric\Downloads\The Walking Dead Season 4 S04 E09-E16 Web-dl 720p x264 5.1ch [C7B]
2014-05-10 21:44 - 2014-05-10 21:44 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2014-05-10 21:43 - 2014-05-10 21:43 - 01805736 _____ (Symantec Corporation) C:\Users\Fredric\Downloads\FixZeroAccess.exe
2014-05-10 21:42 - 2014-05-10 21:39 - 00000000 ___SD () C:\32788R22FWJFW
2014-05-10 21:40 - 2014-05-10 21:40 - 00000000 ____D () C:\Qoobox
2014-05-10 21:39 - 2014-05-10 21:39 - 00000000 ____D () C:\Windows\erdnt
2014-05-10 21:38 - 2014-05-10 21:38 - 05200347 ____R (Swearware) C:\Users\Fredric\Downloads\ComboFix.exe
2014-05-10 21:36 - 2014-05-10 21:36 - 00688992 ____R (Swearware) C:\Users\Fredric\Downloads\dds.com
2014-05-10 21:33 - 2014-05-10 21:33 - 03415088 _____ () C:\Users\Fredric\Downloads\avg_remover_zeroaccess.exe
2014-05-10 21:24 - 2014-05-10 21:24 - 00001104 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-05-10 21:24 - 2014-05-10 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-05-10 21:24 - 2014-05-10 21:24 - 00000000 ____D () C:\Program Files (x86)\Emsisoft HiJackFree
2014-05-10 21:23 - 2014-05-10 21:23 - 02926008 _____ (Emsisoft GmbH ) C:\Users\Fredric\Downloads\EmsisoftHiJackFreeSetup.exe
2014-05-10 21:16 - 2014-05-10 21:05 - 00000000 ____D () C:\Windows\pss
2014-05-09 19:57 - 2014-01-10 10:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-09 19:57 - 2014-01-10 10:18 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-07 13:51 - 2014-05-07 13:49 - 00000000 ____D () C:\Users\Fredric\Downloads\The 5.6.7.8's (Garage,Surf)
2014-05-06 22:06 - 2014-05-06 22:06 - 00000000 ____D () C:\Users\Fredric\Desktop\Old Firefox Data
2014-05-06 21:46 - 2014-05-06 21:46 - 00000000 ____D () C:\ProgramData\Sophos
2014-05-06 21:45 - 2014-05-06 21:45 - 00003215 _____ () C:\Users\Fredric\Desktop\Sophos Virus Removal Tool.lnk
2014-05-06 21:45 - 2014-05-06 21:45 - 00000000 ____D () C:\Users\Fredric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-05-06 21:45 - 2014-05-06 21:45 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-05-06 05:56 - 2014-05-06 05:56 - 00000000 ____D () C:\Users\Fredric\Documents\ProcAlyzer Dumps
2014-05-05 23:27 - 2014-05-06 05:56 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140506-055656.backup
2014-05-05 22:45 - 2014-05-05 23:27 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140505-232757.backup
2014-05-05 22:23 - 2014-05-05 22:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-03 08:12 - 2014-05-03 07:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-03 08:12 - 2014-05-03 07:45 - 00000000 ____D () C:\Users\Fredric\Desktop\mbar
2014-05-03 07:45 - 2014-05-03 00:29 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-03 00:44 - 2014-05-03 00:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-03 00:44 - 2014-05-03 00:44 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-03 00:44 - 2014-04-12 20:13 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-03 00:44 - 2014-01-10 08:47 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1399902413248
2014-05-03 00:44 - 2014-01-10 08:47 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1399902413248
2014-05-03 00:44 - 2014-01-10 08:47 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-03 00:44 - 2014-01-10 08:47 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-03 00:44 - 2014-01-10 08:47 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-03 00:44 - 2014-01-10 08:47 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-03 00:44 - 2014-01-10 08:47 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-03 00:29 - 2014-05-03 00:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-03 00:29 - 2014-05-03 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-03 00:29 - 2014-05-03 00:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-03 00:29 - 2014-05-03 00:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-01 20:39 - 2014-03-29 03:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-01 20:38 - 2014-05-01 20:38 - 00000000 ____D () C:\Program Files (x86)\predm
2014-05-01 20:27 - 2014-05-01 20:26 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-04-23 22:30 - 2014-04-23 22:30 - 00003171 _____ () C:\Users\Fredric\Desktop\HammerTap.lnk
2014-04-23 22:30 - 2014-04-23 22:30 - 00000000 ____D () C:\Users\Fredric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammertap
2014-04-23 22:30 - 2014-04-23 22:30 - 00000000 ____D () C:\Program Files (x86)\Hammertap
2014-04-23 22:29 - 2014-04-23 22:29 - 00000000 ____D () C:\Windows\Downloaded Installations

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 00:01

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Fredric at 2014-05-18 23:51:34
Running from C:\Users\Fredric\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70611.1329 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0611.1251.21046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0611.1251.21046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0611.1251.21046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0611.1251.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0611.1250.21046 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0611.1251.21046 - Advanced Micro Devices, Inc.) Hidden
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION
Emsisoft HiJackFree 4.5 (HKLM-x32\...\Emsisoft HiJackFree_is1) (Version: 4.5 - Emsisoft GmbH)
HammerTap 3 (HKLM-x32\...\{1C84BF7A-168C-424F-9CAC-260624C92C1A}) (Version: 3.1.1021 - Hammertap)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iPhone Configuration Utility (HKLM-x32\...\{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}) (Version: 3.6.2.300 - Apple Inc.)
ISOBuddy (HKLM-x32\...\ISOBuddy) (Version: - )
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movavi Video Suite 12 (HKLM-x32\...\Movavi Video Suite 12) (Version: 12.0.0 - Movavi)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MPC-HC 1.7.1 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.1.0 - MPC-HC Team)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.4 - Sophos Limited)
System Update kb70007 (x32 Version: 1.0.0 - MSR) Hidden
thinkorswim (HKLM-x32\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points =========================


==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-05-06 05:56 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {86B533FF-70D2-437E-B432-83CA7961D6CD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-03] (AVAST Software)

==================== Loaded Modules (whitelisted) =============

2014-05-01 20:27 - 2014-04-23 18:52 - 00016384 _____ () C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe
2012-06-11 13:45 - 2012-06-11 13:45 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2008-10-06 16:34 - 2008-10-06 16:34 - 09297920 _____ () C:\Program Files (x86)\Hammertap\HammerTap3\HammerTap3.exe
2014-05-17 16:31 - 2014-05-17 16:31 - 02253312 _____ () C:\Program Files\AVAST Software\Avast\defs\14051701\algo.dll
2014-05-18 20:58 - 2014-05-18 20:58 - 02253312 _____ () C:\Program Files\AVAST Software\Avast\defs\14051801\algo.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-01 20:27 - 2014-04-23 18:52 - 00033792 _____ () C:\Windows\Microsoft\System Update kb70007\InstallerLibrary.dll
2014-05-01 20:27 - 2014-04-23 18:52 - 00015360 _____ () C:\Windows\Microsoft\System Update kb70007\Installer.dll
2014-05-01 20:27 - 2014-05-18 20:57 - 00086528 _____ () C:\Program Files (x86)\MSR\Privoxy\mgwz.dll
2014-01-10 08:47 - 2014-01-10 08:47 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2003-08-22 08:23 - 2003-08-22 08:23 - 00225792 _____ () C:\Program Files (x86)\Hammertap\HammerTap3\sqlite.dll
2014-03-29 03:27 - 2014-03-29 03:28 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/18/2014 08:58:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2014 10:05:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2014 08:27:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/15/2014 07:47:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2014 09:20:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2014 01:20:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 09:40:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 09:27:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 07:52:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2014 09:46:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/12/2014 09:42:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The iPod Service service failed to start due to the following error:
%%1053

Error: (05/12/2014 09:42:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.

Error: (05/12/2014 09:42:02 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053iPod Service{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (05/10/2014 09:16:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/10/2014 09:16:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/10/2014 09:16:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/10/2014 09:16:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/10/2014 09:16:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/10/2014 09:15:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/10/2014 09:15:59 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (05/18/2014 08:58:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2014 10:05:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2014 08:27:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/15/2014 07:47:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/14/2014 09:20:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2014 01:20:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 09:40:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 09:27:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 07:52:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2014 09:46:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 2046.18 MB
Available physical RAM: 888.19 MB
Total Pagefile: 4092.35 MB
Available Pagefile: 2327.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.15 GB) (Free:3.53 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:76.69 GB) (Free:17.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 37 GB) (Disk ID: D0F4738C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=37 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 77 GB) (Disk ID: 2111E6DD)
Partition 1: (Not Active) - (Size=77 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files


Edited by Starbuck, 19 May 2014 - 01:04 AM.


#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:46 AM

Posted 19 May 2014 - 01:06 AM

Hi mattymattcarmichael

Just one thing before i write a fix.... You have a proxy set for IE and Firefox, did you set these proxies?

BBPP6nz.png


#8 mattymattcarmichael

mattymattcarmichael
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 19 May 2014 - 02:11 PM

No I don't have any proxies setup, sounds like that could be the issue. Can you walk me through removing them? Or is there more that I need to be aware of?

#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:46 AM

Posted 19 May 2014 - 04:34 PM

Hi Matty
 

o I don't have any proxies setup, sounds like that could be the issue. Can you walk me through removing them?

I'll take care of it with the fix.
 

And I'm having trouble getting the formatting in these boxes.

The reason for the jumbled report you posted earlier is that Wordwrap is turned on with Notepad.
Open a Notepad document, Click the Format tab, UNtick Wordwrap.
That should sort it in the future.

Ready for a little work?

Step 1
The following program is Adware based, please uninstall it from the system:
DMUninstaller


Step 2
Please download the attached fixlist.txt file (bottom of this post) and save it to: C:\Users\Fredric\Downloads
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed) and press the Fix button just once and wait.
The tool will make a log in C:\Users\Fredric\Downloads (Fixlog.txt). Please post this in your next reply.


Step 3
Let's check for any other Adware we may not be able to see:

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
.
In your next reply, please submit:
Fixlog.txt
JRT.txt
AdwCleaner report

and let me know if there has been any improvement so far.


Thanks.

Attached Files


BBPP6nz.png


#10 mattymattcarmichael

mattymattcarmichael
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 19 May 2014 - 10:27 PM

starbuck, thanks a bunch. I think you got it.

 

And shucks. I knew that word wrap had something to do with it. Turn it off he says. Go figure I kept making sure it was on.

 

Did someone say, "Duh?"

 

Here you go kind sir. You are a gentleman and a scholar.

Attached Files



#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:46 AM

Posted 20 May 2014 - 01:03 AM

Hi Matty,

That's looking better now. :)

I'd like you to do an ESET OnlineScan
64Bit users, please see note at the bottom.

You may find it beneficial to close your resident AV program before running the scan.

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Note:
As you are running a 64bit system:
The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.


Please post the report if anything is found.

Thanks.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users