Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Bytes Scan "Bad Image Errors" Farbar Fix list help.


  • This topic is locked This topic is locked
3 replies to this topic

#1 Gwalchgwn

Gwalchgwn

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 24 June 2014 - 06:03 AM

Hello Bleeping computer,
This is my first post as I can normally get the help I need from reading existing threads here.
 
A colleagues son was having trouble with his Laptop internet browser not working even though he was connected to the internet. I ran malware bytes in safe mode and it returned me 1246 results, which I quarantined. Upon rebooting it's riddled with "Bad image errors". Trying to run anything on it delivers these errors.
I read previous threads here and ran Farbar Recovery.
 
I have edited the below result replacing the computer owners name with "REDACTED" due to them being a minor and not wanting to plaster their name over the internet.
If you guys need the original unedited file I will send it in a personal message. 
 
I've ran scf/scannow and it seemed to verify everything without making any changes.
 
Any assistance you can offer would be greatly appreciated. In the mean time, I am giving the kid a talk about malware and how to avoid getting into this situation.
 
Thank you in advance.
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by REDACTED (administrator) on REDACTED-PC on 24-06-2014 10:51:55
Running from C:\Users\REDACTED\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2011-02-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9768352 2012-12-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5940128 2012-12-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-08-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1262068254-3570540206-1736341726-1000\...\Run: [FactoryTest] => C:\Windows\Test.bat
HKU\S-1-5-21-1262068254-3570540206-1736341726-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-1262068254-3570540206-1736341726-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-1262068254-3570540206-1736341726-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\UpdatusUser\AppData\Local\Smartbar\Application\SnapDo.exe startup
HKU\S-1-5-21-1262068254-3570540206-1736341726-1000\...\Run: [Yontoo Desktop] => "C:\Users\REDACTED\AppData\Roaming\Yontoo\YontooDesktop.exe"
HKU\S-1-5-21-1262068254-3570540206-1736341726-1000\...\Run: [SearchProtect] => C:\Users\UpdatusUser\AppData\Roaming\SearchProtect\bin\cltmng.exe
HKU\S-1-5-21-1262068254-3570540206-1736341726-1001\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-1262068254-3570540206-1736341726-1001\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
HKU\S-1-5-21-1262068254-3570540206-1736341726-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1262068254-3570540206-1736341726-1001\...\MountPoints2: {73a634d1-3fe1-11e2-be4a-806e6f6e6963} - F:\Setup.exe
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\ProgramData\Wincert\win64cert.dll [8704 2013-09-22] ()
AppInit_DLLs:  C:\PROGRA~2\MOVIES~1\SAFETY~1\x64\SAFETY~2.DLL => C:\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetyldr.dll [22536 2013-10-21] ()
AppInit_DLLs-x32: c:\progra~3\wincert\win32c~1.dll => c:\ProgramData\Wincert\win32cert.dll [7168 2013-09-22] ()
AppInit_DLLs-x32:  c:\progra~2\movies~1\safety~1\safety~2.dll => c:\Program Files (x86)\Movies Toolbar\SafetyNut\safetyldr.dll [18952 2013-10-21] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] 
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Lsa: [Notification Packages] scecli EgisPLPwdFilter
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKLM-x32 - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Movies Toolbar (Dist. by MaxiGet Ltd.) - {a25ac361-002e-48e8-833b-e614322236b4} - C:\Program Files (x86)\Movies Toolbar\SafetyNut\SRTOOL~2\IE\searchresultsDx.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Movies Toolbar (Dist. by MaxiGet Ltd.) - {a25ac361-002e-48e8-833b-e614322236b4} - C:\Program Files (x86)\Movies Toolbar\SafetyNut\SRTOOL~2\IE\searchresultsDx.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
 
FireFox:
========
FF ProfilePath: C:\Users\REDACTED\AppData\Roaming\Mozilla\Firefox\Profiles\7l8u7lo9.default
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-06-24]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-17]
 
Chrome: 
=======
CHR HomePage: http:\/\/www.trovigo.com\/?gd=&ctid=CT3324417&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP2B1A9980-EE99-4697-B08C-F01DFC719FAF&SSPV=
CHR StartupUrls: "hxxp://www.google.co.uk/","https://www.youtube.com/"
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Wallet) - C:\Users\REDACTED\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-06]
CHR Extension: (Extutil) - C:\Users\REDACTED\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-05-12]
CHR Extension: (Managera) - C:\Users\REDACTED\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-05-12]
CHR HKLM-x32\...\Chrome\Extension: [aaaaichncbpejfjililmiahnkdmfggff] - C:\Users\REDACTED\AppData\Local\catalinagroupltdmoviestoolbarha\GC\toolbar.crx [2013-09-11]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-09]
 
==================== Services (Whitelisted) =================
 
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
S2 SafetyNutManager; C:\Program Files (x86)\Movies Toolbar\SafetyNut\SafetyNutManager.exe [3422728 2013-10-21] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-04] (Symantec Corporation)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-04] (Symantec Corporation) [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140520.001\IDSvia64.sys [525016 2014-03-30] (Symantec Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\48230029.sys [122584 2014-06-24] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140521.001\ENG64.SYS [126040 2014-04-01] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140521.001\EX64.SYS [2099288 2014-04-01] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( )
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
S3 cpuz134; \??\C:\Users\REDACTED\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-24 10:51 - 2014-06-24 10:52 - 00025775 _____ () C:\Users\REDACTED\Desktop\FRST.txt
2014-06-24 10:51 - 2014-06-24 10:52 - 00000000 ____D () C:\FRST
2014-06-24 10:50 - 2014-06-24 10:41 - 02082816 _____ (Farbar) C:\Users\REDACTED\Desktop\FRST64.exe
2014-06-24 10:49 - 2014-06-24 10:49 - 00000124 ___RH () C:\Users\REDACTED\Downloads\Stinger.opt
2014-06-24 10:48 - 2014-06-24 10:48 - 10943848 _____ (McAfee Inc) C:\Users\REDACTED\Downloads\stinger32.exe
2014-06-24 10:45 - 2014-06-24 10:49 - 00000120 ___RH () C:\Users\REDACTED\Desktop\Stinger.opt
2014-06-24 10:44 - 2014-06-24 10:49 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-06-24 10:44 - 2014-06-17 12:53 - 10929512 _____ (McAfee Inc) C:\Users\REDACTED\Desktop\stinger32.exe
2014-06-24 09:39 - 2014-06-24 10:09 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-06-24 09:35 - 2014-06-24 09:39 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-24 09:35 - 2014-06-24 09:35 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-24 09:35 - 2014-06-24 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-24 09:35 - 2014-06-24 09:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-24 09:35 - 2014-06-24 09:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-24 09:35 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-24 09:35 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-24 09:35 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-24 09:34 - 2014-06-24 09:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\REDACTED\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-24 09:15 - 2014-06-24 09:15 - 00000000 ____D () C:\Users\REDACTED\AppData\Roaming\Autodesk
2014-06-24 09:15 - 2014-06-24 09:15 - 00000000 ____D () C:\ProgramData\Autodesk
2014-06-14 14:36 - 2014-06-14 14:36 - 00000000 ____D () C:\ProgramData\CDB
2014-06-14 14:36 - 2014-06-14 14:36 - 00000000 _____ () C:\end
2014-06-14 14:35 - 2014-06-14 14:35 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-14 14:35 - 2014-06-14 14:35 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-14 14:35 - 2014-06-14 14:35 - 00000000 ____D () C:\Users\REDACTED\AppData\Local\Mozilla
2014-06-14 14:35 - 2014-06-14 14:35 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-14 14:35 - 2014-06-14 14:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-14 14:34 - 2014-06-14 14:34 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-06-14 14:33 - 2014-06-14 14:38 - 00000163 _____ () C:\windows\Reimage.ini
2014-06-14 14:32 - 2014-06-14 14:32 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_Firefox_1636465
2014-06-06 21:00 - 2014-05-06 05:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-06 21:00 - 2014-05-06 05:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-06 21:00 - 2014-05-06 04:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-06 21:00 - 2014-05-06 04:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-06 21:00 - 2014-05-06 04:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-06 21:00 - 2014-05-06 03:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-06 20:47 - 2014-06-06 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-06-06 20:47 - 2014-06-06 20:47 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
 
==================== One Month Modified Files and Folders =======
 
2014-06-24 10:52 - 2014-06-24 10:51 - 00025775 _____ () C:\Users\REDACTED\Desktop\FRST.txt
2014-06-24 10:52 - 2014-06-24 10:51 - 00000000 ____D () C:\FRST
2014-06-24 10:52 - 2009-07-14 06:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-24 10:49 - 2014-06-24 10:49 - 00000124 ___RH () C:\Users\REDACTED\Downloads\Stinger.opt
2014-06-24 10:49 - 2014-06-24 10:45 - 00000120 ___RH () C:\Users\REDACTED\Desktop\Stinger.opt
2014-06-24 10:49 - 2014-06-24 10:44 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-06-24 10:49 - 2009-07-14 05:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-24 10:49 - 2009-07-14 05:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-24 10:48 - 2014-06-24 10:48 - 10943848 _____ (McAfee Inc) C:\Users\REDACTED\Downloads\stinger32.exe
2014-06-24 10:46 - 2012-12-06 21:08 - 02046991 _____ () C:\windows\WindowsUpdate.log
2014-06-24 10:42 - 2014-05-05 15:50 - 00000000 ____D () C:\Users\REDACTED\AppData\Roaming\Skype
2014-06-24 10:42 - 2013-08-11 10:46 - 00000000 ____D () C:\Users\REDACTED\AppData\Local\LogMeIn Hamachi
2014-06-24 10:41 - 2014-06-24 10:50 - 02082816 _____ (Farbar) C:\Users\REDACTED\Desktop\FRST64.exe
2014-06-24 10:41 - 2012-12-06 21:53 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-24 10:41 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-24 10:41 - 2009-07-14 05:51 - 00098460 _____ () C:\windows\setupact.log
2014-06-24 10:09 - 2014-06-24 09:39 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-06-24 09:39 - 2014-06-24 09:35 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-24 09:37 - 2010-11-21 04:47 - 00209504 _____ () C:\windows\PFRO.log
2014-06-24 09:36 - 2014-01-25 21:26 - 00000000 ____D () C:\Users\REDACTED\AppData\Roaming\BitTorrent
2014-06-24 09:36 - 2013-11-16 10:21 - 00000000 ____D () C:\ProgramData\SafetyNut
2014-06-24 09:35 - 2014-06-24 09:35 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-24 09:35 - 2014-06-24 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-24 09:35 - 2014-06-24 09:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-24 09:35 - 2014-06-24 09:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-24 09:26 - 2014-06-24 09:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\REDACTED\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-24 09:15 - 2014-06-24 09:15 - 00000000 ____D () C:\Users\REDACTED\AppData\Roaming\Autodesk
2014-06-24 09:15 - 2014-06-24 09:15 - 00000000 ____D () C:\ProgramData\Autodesk
2014-06-24 09:12 - 2012-12-06 21:53 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-17 12:53 - 2014-06-24 10:44 - 10929512 _____ (McAfee Inc) C:\Users\REDACTED\Desktop\stinger32.exe
2014-06-14 14:38 - 2014-06-14 14:33 - 00000163 _____ () C:\windows\Reimage.ini
2014-06-14 14:36 - 2014-06-14 14:36 - 00000000 ____D () C:\ProgramData\CDB
2014-06-14 14:36 - 2014-06-14 14:36 - 00000000 _____ () C:\end
2014-06-14 14:35 - 2014-06-14 14:35 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-14 14:35 - 2014-06-14 14:35 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-14 14:35 - 2014-06-14 14:35 - 00000000 ____D () C:\Users\REDACTED\AppData\Local\Mozilla
2014-06-14 14:35 - 2014-06-14 14:35 - 00000000 ____D () C:\ProgramData\Mozilla
2014-06-14 14:35 - 2014-06-14 14:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-14 14:35 - 2014-05-07 15:22 - 00000000 ____D () C:\Users\REDACTED\AppData\Roaming\Mozilla
2014-06-14 14:34 - 2014-06-14 14:34 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-06-14 14:34 - 2013-03-07 21:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-14 14:32 - 2014-06-14 14:32 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_Firefox_1636465
2014-06-14 14:28 - 2013-03-05 16:30 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-06-14 14:27 - 2013-11-17 13:58 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-06-14 14:27 - 2013-11-17 13:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-06-14 14:27 - 2013-03-05 16:30 - 00003234 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-06-09 20:03 - 2012-12-06 21:53 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-09 19:48 - 2013-03-16 07:54 - 00000000 ____D () C:\Users\REDACTED\AppData\Local\Adobe
2014-06-07 06:24 - 2014-05-05 15:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-07 06:23 - 2014-05-05 15:49 - 00000000 ____D () C:\ProgramData\Skype
2014-06-07 06:22 - 2013-03-29 08:45 - 00000258 __RSH () C:\Users\REDACTED\ntuser.pol
2014-06-07 06:22 - 2013-03-05 11:03 - 00000000 ____D () C:\Users\REDACTED
2014-06-06 21:01 - 2014-05-01 16:47 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-06 21:00 - 2013-03-16 14:02 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-06 20:59 - 2013-03-05 16:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-06 20:56 - 2013-03-11 18:03 - 00000000 ____D () C:\Users\REDACTED\AppData\Local\CrashDumps
2014-06-06 20:47 - 2014-06-06 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-06-06 20:47 - 2014-06-06 20:47 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
 
Files to move or delete:
====================
C:\Users\REDACTED\AppData\Roaming\CamLayout.ini
C:\Users\REDACTED\AppData\Roaming\CamShapes.ini
 
 
Some content of TEMP:
====================
C:\Users\REDACTED\AppData\Local\Temp\82890uninstall.exe
C:\Users\REDACTED\AppData\Local\Temp\aacenc3.exe
C:\Users\REDACTED\AppData\Local\Temp\AcDeltree.exe
C:\Users\REDACTED\AppData\Local\Temp\BackupSetup.exe
C:\Users\REDACTED\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\REDACTED\AppData\Local\Temp\COMAP.EXE
C:\Users\REDACTED\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\REDACTED\AppData\Local\Temp\Delta.exe
C:\Users\REDACTED\AppData\Local\Temp\DeltaTB.exe
C:\Users\REDACTED\AppData\Local\Temp\dlLogic.exe
C:\Users\REDACTED\AppData\Local\Temp\dotNetFx40_Client_setup.exe
C:\Users\REDACTED\AppData\Local\Temp\ffmpeg15.exe
C:\Users\REDACTED\AppData\Local\Temp\GCVerifier.dll
C:\Users\REDACTED\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\REDACTED\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\REDACTED\AppData\Local\Temp\mp3el2.exe
C:\Users\REDACTED\AppData\Local\Temp\MSETUP4.EXE
C:\Users\REDACTED\AppData\Local\Temp\MybabylonTB.exe
C:\Users\REDACTED\AppData\Local\Temp\nsaB957.exe
C:\Users\REDACTED\AppData\Local\Temp\nsb1A4D.exe
C:\Users\REDACTED\AppData\Local\Temp\nsbCB5D.exe
C:\Users\REDACTED\AppData\Local\Temp\nsbE93E.exe
C:\Users\REDACTED\AppData\Local\Temp\nsc2741.exe
C:\Users\REDACTED\AppData\Local\Temp\nsc44D0.exe
C:\Users\REDACTED\AppData\Local\Temp\nsg9282.exe
C:\Users\REDACTED\AppData\Local\Temp\nsg9986.exe
C:\Users\REDACTED\AppData\Local\Temp\nsh247D.exe
C:\Users\REDACTED\AppData\Local\Temp\nshCFC2.exe
C:\Users\REDACTED\AppData\Local\Temp\nsk6BE1.exe
C:\Users\REDACTED\AppData\Local\Temp\nsk6EA0.exe
C:\Users\REDACTED\AppData\Local\Temp\nsl4405.exe
C:\Users\REDACTED\AppData\Local\Temp\nsl9D5E.exe
C:\Users\REDACTED\AppData\Local\Temp\nsm1F6D.exe
C:\Users\REDACTED\AppData\Local\Temp\nsmE363.exe
C:\Users\REDACTED\AppData\Local\Temp\nsqBC74.exe
C:\Users\REDACTED\AppData\Local\Temp\nsr961C.exe
C:\Users\REDACTED\AppData\Local\Temp\nsrD3F7.exe
C:\Users\REDACTED\AppData\Local\Temp\nss5D40.exe
C:\Users\REDACTED\AppData\Local\Temp\nstF9AD.exe
C:\Users\REDACTED\AppData\Local\Temp\nsv68C5.exe
C:\Users\REDACTED\AppData\Local\Temp\nsvBF52.exe
C:\Users\REDACTED\AppData\Local\Temp\nsw54A8.exe
C:\Users\REDACTED\AppData\Local\Temp\nswE660.exe
C:\Users\REDACTED\AppData\Local\Temp\nsyA2F5.exe
C:\Users\REDACTED\AppData\Local\Temp\openssl.exe
C:\Users\REDACTED\AppData\Local\Temp\OptimizerPro.exe
C:\Users\REDACTED\AppData\Local\Temp\ose00000.exe
C:\Users\REDACTED\AppData\Local\Temp\plus-hd-4-2t.exe
C:\Users\REDACTED\AppData\Local\Temp\propsys.dll
C:\Users\REDACTED\AppData\Local\Temp\ReimagePackage.exe
C:\Users\REDACTED\AppData\Local\Temp\ReimageRepair.exe
C:\Users\REDACTED\AppData\Local\Temp\setup.exe
C:\Users\REDACTED\AppData\Local\Temp\skype_x865420921098492584969.dll
C:\Users\REDACTED\AppData\Local\Temp\SPSetup.exe
C:\Users\REDACTED\AppData\Local\Temp\spstub.exe
C:\Users\REDACTED\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\REDACTED\AppData\Local\Temp\Sqlite3.dll
C:\Users\REDACTED\AppData\Local\Temp\SSStub_Somo_SpeedyPC.exe
C:\Users\REDACTED\AppData\Local\Temp\UDPv273.exe
C:\Users\REDACTED\AppData\Local\Temp\uninst1.exe
C:\Users\REDACTED\AppData\Local\Temp\uninstall.exe
C:\Users\REDACTED\AppData\Local\Temp\UNT6873.exe
C:\Users\REDACTED\AppData\Local\Temp\UNT6CB7.exe
C:\Users\REDACTED\AppData\Local\Temp\Update.exe
C:\Users\REDACTED\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\REDACTED\AppData\Local\Temp\UpdUninstall.exe
C:\Users\REDACTED\AppData\Local\Temp\vcredist_x64.exe
C:\Users\REDACTED\AppData\Local\Temp\vcredist_x86.exe
C:\Users\REDACTED\AppData\Local\Temp\verifier.exe
C:\Users\REDACTED\AppData\Local\Temp\WSSetup.exe
C:\Users\REDACTED\AppData\Local\Temp\xmlUpdater.exe
C:\Users\REDACTED\AppData\Local\Temp\zipsetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-03-15 18:33
 
==================== End Of Log ============================

Edited by hamluis, 24 June 2014 - 08:02 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Gwalchgwn

Gwalchgwn
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 24 June 2014 - 09:14 AM

UPDATE:

I've scanned the computer a further two times with malware bites, each time it is showing a further 1000 or more detected items.

I believe they've installed something in order to play an online game which is really a virus it's simply reinfecting itself.

 

I'm currently going through removing everything I cannot authenticate as legitimate from his program list.

 

If it was my own computer I'd be reformatting at this point.

 

Any advice would be great.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 29 June 2014 - 06:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/538801 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:46 PM

Posted 04 July 2014 - 06:10 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users