Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus , popups ands redirects


  • This topic is locked This topic is locked
25 replies to this topic

#1 kerry13

kerry13

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 13 March 2015 - 01:48 AM

hello i need some help with my computer , i found this web site through looking on the interent for help .

i had kaspersky but then the subscription ran out and i didnt do anything about it for around a month , there started to be some popups when i was browsing the internet . i tried to get the tdss killer and virus removal tool , they found pmd:trojan.win32.generic . but after that it didnt go away so i tried a complete system restore . after that i bought kaspersky and the pop ups were still there and got woprse to a point where every page i opened it redirected me to searchexplore.com , other sites for the pop ups are m.addthis.com addcash.com etmanly.ru copypasteit.ru .

 

i have done another complete system restore , after it i disabled the cookies and in an hour of being online about 40 sites have been requesting to save cookies to my pc .

 

can you please help me or advise me where i can get help

 

i read the prep page , here are first logs

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by E (administrator) on E-PC on 13-03-2015 06:29:49
Running from C:\Users\E\Desktop
Loaded Profiles: E (Available profiles: E)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Acer Group) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
() C:\Windows\mHotkey.exe
(Chicony) C:\Windows\ChiFuncExt.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-23] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [244480 2009-11-17] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKU\S-1-5-21-1885888093-3440957442-3351373271-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
HKU\S-1-5-21-1885888093-3440957442-3351373271-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Gateway.scr [453152 2009-12-24] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17360315z006p04d5v1l5k46n1r319
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17360315z006p04d5v1l5k46n1r319
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17360315z006p04d5v1l5k46n1r319
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17360315z006p04d5v1l5k46n1r319
HKU\S-1-5-21-1885888093-3440957442-3351373271-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.nz/?gws_rd=ssl
HKU\S-1-5-21-1885888093-3440957442-3351373271-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17360315z006p04d5v1l5k46n1r319
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\S-1-5-21-1885888093-3440957442-3351373271-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-1885888093-3440957442-3351373271-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-1885888093-3440957442-3351373271-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll [2010-05-13] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL [2010-05-14] (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll [2010-05-13] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1885888093-3440957442-3351373271-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 91.194.254.105 8.8.8.8

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn
FF Extension: Norton IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn [2015-03-13]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn [2015-03-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-03-13] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-03-13] (Creative Labs) [File not signed]
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe [126392 2010-02-26] (Symantec Corporation)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccHP; C:\Windows\system32\drivers\NISx64\1107000.00C\ccHPx64.sys [615040 2010-02-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-03-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-03-12] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20150311.001\IDSvia64.sys [669400 2015-03-11] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20150312.001\ENG64.SYS [129752 2015-03-12] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20150312.001\EX64.SYS [2137304 2015-03-12] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1107000.00C\SRTSP64.SYS [505392 2010-04-22] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1107000.00C\SRTSPX64.SYS [32304 2010-04-22] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1107000.00C\SYMDS64.SYS [433200 2009-11-05] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1107000.00C\SYMEFA64.SYS [221232 2010-04-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2015-03-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1107000.00C\Ironx64.SYS [150064 2010-04-29] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS [451120 2010-05-06] (Symantec Corporation)
S1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091013.001\BHDrvx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 18:17 - 2015-03-13 18:17 - 00000000 ____D () C:\Windows\NAPP_Dism_Log
2015-03-13 17:53 - 2015-03-13 05:13 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-13 17:50 - 2015-03-13 17:50 - 00002246 _____ () C:\RHDSetup.log
2015-03-13 17:50 - 2015-03-13 17:50 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-03-13 17:50 - 2015-03-13 17:50 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-03-13 17:50 - 2015-03-13 17:50 - 00000000 ____D () C:\Program Files\Realtek
2015-03-13 17:50 - 2010-02-09 15:37 - 01872416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-03-13 17:50 - 2010-02-09 15:37 - 00612384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-03-13 17:50 - 2010-02-09 15:37 - 00332320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-03-13 17:50 - 2010-02-09 15:37 - 00149536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-03-13 17:50 - 2010-02-09 15:36 - 01631776 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2015-03-13 17:50 - 2010-02-09 15:36 - 01210912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-03-13 17:50 - 2010-02-09 15:36 - 00477216 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-03-13 17:50 - 2010-02-09 15:36 - 00069664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2015-03-13 17:50 - 2010-02-09 15:28 - 02269600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-03-13 17:50 - 2010-02-01 08:14 - 01247776 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-03-13 17:50 - 2010-02-01 07:57 - 00395864 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX64.dll
2015-03-13 17:50 - 2010-02-01 07:57 - 00307800 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
2015-03-13 17:50 - 2010-01-28 04:23 - 00325904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-03-13 17:50 - 2010-01-26 03:38 - 00168288 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-03-13 17:50 - 2010-01-25 11:12 - 00321440 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-03-13 17:50 - 2009-12-15 10:26 - 00372936 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-03-13 17:50 - 2009-12-15 10:26 - 00201928 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-03-13 17:50 - 2009-12-15 10:26 - 00099016 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-03-13 17:50 - 2009-12-15 10:26 - 00076488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-03-13 17:50 - 2009-12-11 01:55 - 00307920 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-03-13 17:50 - 2009-12-11 01:55 - 00307920 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-03-13 17:50 - 2009-11-24 01:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-03-13 17:50 - 2009-11-24 01:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-03-13 17:50 - 2009-11-24 01:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-03-13 17:50 - 2009-11-24 01:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-03-13 17:50 - 2009-11-18 10:42 - 02719504 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2015-03-13 17:50 - 2009-11-18 10:42 - 02197264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-03-13 17:50 - 2009-11-17 23:16 - 00078936 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2015-03-13 17:50 - 2009-11-17 23:12 - 00032344 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\MBfilt64.sys
2015-03-13 17:50 - 2009-11-17 10:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-03-13 17:48 - 2015-03-13 17:48 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-03-13 17:48 - 2015-03-13 00:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-13 17:47 - 2015-03-13 00:11 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-13 17:46 - 2015-03-13 17:46 - 00039575 _____ () C:\Windows\ATIDetect.txt
2015-03-13 17:46 - 2015-03-13 05:17 - 00512784 _____ () C:\Windows\WindowsUpdate.log
2015-03-13 11:07 - 2015-03-13 11:07 - 00000000 ____D () C:\Users\E\AppData\Roaming\Macromedia
2015-03-13 11:06 - 2015-03-13 11:06 - 00000020 _____ () C:\Windows\4ôÙ
2015-03-13 11:06 - 2015-03-13 11:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-03-13 11:06 - 2015-03-13 01:11 - 00031642 _____ () C:\Windows\DirectX.log
2015-03-13 11:06 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-03-13 11:06 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-03-13 11:05 - 2015-03-13 11:05 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-13 11:05 - 2015-03-13 01:13 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-03-13 11:03 - 2015-03-13 11:03 - 00002435 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
2015-03-13 11:03 - 2015-03-13 11:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-13 11:02 - 2015-03-13 11:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
2015-03-13 11:02 - 2015-03-13 11:02 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-03-13 11:01 - 2015-03-13 11:01 - 00505128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2015-03-13 11:01 - 2015-03-13 11:01 - 00353576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-03-13 11:01 - 2015-03-13 11:01 - 00029480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2015-03-13 11:01 - 2015-03-13 11:01 - 00003084 _____ () C:\Windows\System32\Tasks\MHotkey
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 ____D () C:\Users\E\AppData\Roaming\InstallShield
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 ____D () C:\ProgramData\Temp
2015-03-13 11:01 - 2008-05-30 11:13 - 00000870 _____ () C:\Windows\mhotkey_reg.ini
2015-03-13 11:01 - 2008-05-30 10:50 - 00581120 _____ () C:\Windows\mHotkey.exe
2015-03-13 11:01 - 2008-04-23 17:31 - 00003088 _____ () C:\Windows\MODLED.xml
2015-03-13 11:01 - 2008-04-23 17:05 - 00339968 _____ (Creative) C:\Windows\CNYHKey.exe
2015-03-13 11:01 - 2008-02-01 11:04 - 00057344 _____ (Chicony) C:\Windows\ChiFuncExt.exe
2015-03-13 11:01 - 2007-09-12 17:44 - 00003084 _____ () C:\Windows\mHotkey.xml
2015-03-13 11:01 - 2007-03-28 17:55 - 00036864 _____ () C:\Windows\LchDrvKey.exe
2015-03-13 11:01 - 2007-01-08 14:51 - 00053248 _____ (Chicony) C:\Windows\ModLEDKey.exe
2015-03-13 11:01 - 2003-07-03 14:21 - 00294912 _____ () C:\Windows\PIC.dll
2015-03-13 10:58 - 2015-03-13 10:58 - 00466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-03-13 10:58 - 2015-03-13 10:58 - 00445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-03-13 10:58 - 2015-03-13 10:58 - 00123480 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-03-13 10:58 - 2015-03-13 10:58 - 00109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-03-13 10:58 - 2015-03-13 10:58 - 00002266 _____ () C:\Users\Public\Desktop\Creative EAX Gadget.lnk
2015-03-13 10:58 - 2015-03-13 10:58 - 00000159 ___RH () C:\Windows\ctfile.rfc
2015-03-13 10:58 - 2015-03-13 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2015-03-13 10:58 - 2015-03-13 10:58 - 00000000 ____D () C:\Program Files\Creative
2015-03-13 10:58 - 2015-03-13 10:58 - 00000000 ____D () C:\Program Files (x86)\Creative
2015-03-13 10:58 - 2010-02-17 10:55 - 01940992 ____N (Creative) C:\Windows\system32\Sens_oal.dll
2015-03-13 10:58 - 2010-02-17 10:53 - 02902495 ____N (Creative) C:\Windows\SysWOW64\Sens_oal.dll
2015-03-13 10:58 - 2010-02-05 11:56 - 00006622 ____N () C:\Windows\system32\THXCfg64.ini
2015-03-13 10:58 - 2010-02-05 11:56 - 00001411 ____N () C:\Windows\THXCfg_SP_APOIM.ini
2015-03-13 10:58 - 2010-02-05 11:56 - 00001099 ____N () C:\Windows\THXCfg_HP_APOIM.ini
2015-03-13 10:58 - 2010-02-05 11:56 - 00001099 ____N () C:\Windows\THXCfg_APOIM.ini
2015-03-13 10:58 - 2009-10-01 16:42 - 00141312 ____N (Creative Technology Ltd.) C:\Windows\system32\THXCfg64.exe
2015-03-13 10:58 - 2009-09-30 10:25 - 00017920 ____N (Creative Technology Ltd.) C:\Windows\system32\THXCfg64.dll
2015-03-13 10:58 - 2009-09-02 10:30 - 00227840 _____ () C:\Windows\system32\APOMgr64.DLL
2015-03-13 10:58 - 2009-09-02 10:28 - 00175616 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2015-03-13 10:58 - 2009-02-06 18:53 - 00089088 _____ () C:\Windows\system32\CmdRtr64.DLL
2015-03-13 10:58 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2015-03-13 10:58 - 2000-05-11 01:00 - 00090112 ____N (Creative Technology Ltd.) C:\Windows\Updreg.EXE
2015-03-13 10:57 - 2015-03-13 10:57 - 00173104 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-03-13 10:57 - 2015-03-13 10:57 - 00007440 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-03-13 10:57 - 2015-03-13 10:57 - 00001454 _____ () C:\Users\E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-13 10:57 - 2015-03-13 10:57 - 00001420 _____ () C:\Users\E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-03-13 10:57 - 2015-03-13 10:57 - 00000000 ____D () C:\Users\E\AppData\Roaming\OEM
2015-03-13 10:57 - 2015-03-13 10:57 - 00000000 ____D () C:\Users\E\AppData\Local\VirtualStore
2015-03-13 10:57 - 2015-03-13 10:57 - 00000000 ____D () C:\Users\E\AppData\Local\Packard Bell
2015-03-13 10:57 - 2015-03-13 10:57 - 00000000 ____D () C:\Program Files\Symantec
2015-03-13 10:57 - 2015-03-13 10:57 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-03-13 10:54 - 2015-03-13 10:57 - 00000000 ____D () C:\Users\E
2015-03-13 10:54 - 2015-03-13 10:54 - 00060120 _____ () C:\Users\E\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-13 10:54 - 2015-03-13 10:54 - 00000413 _____ () C:\Windows\system32\oem_Get_OS_Language.log
2015-03-13 10:54 - 2015-03-13 10:54 - 00000020 ___SH () C:\Users\E\ntuser.ini
2015-03-13 10:54 - 2015-03-13 10:54 - 00000000 __SHD () C:\Recovery
2015-03-13 10:54 - 2015-03-13 10:54 - 00000000 ____D () C:\Users\Public\Symantec
2015-03-13 10:54 - 2009-07-14 04:54 - 00000000 ___RD () C:\Users\E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-13 10:54 - 2009-07-14 04:49 - 00000000 ___RD () C:\Users\E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-13 06:29 - 2015-03-13 06:30 - 00012508 _____ () C:\Users\E\Desktop\FRST.txt
2015-03-13 06:29 - 2015-03-13 06:29 - 00000000 ____D () C:\FRST
2015-03-13 05:59 - 2015-03-13 05:59 - 02095616 _____ (Farbar) C:\Users\E\Desktop\FRST64.exe
2015-03-13 05:19 - 2015-03-13 05:19 - 00000000 ____D () C:\Windows\System32\Tasks\Symantec
2015-03-13 03:41 - 2009-11-25 12:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-03-13 03:41 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-03-13 03:41 - 2009-11-25 12:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2015-03-13 03:41 - 2009-11-25 12:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2015-03-13 03:41 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2015-03-13 03:41 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2015-03-13 03:41 - 2009-11-25 12:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2015-03-13 03:41 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2015-03-13 03:41 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2015-03-13 03:41 - 2009-11-25 12:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2015-03-13 03:40 - 2015-03-13 03:59 - 00000000 ____D () C:\Users\E\AppData\Local\Tific
2015-03-13 03:34 - 2015-03-13 03:34 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-03-13 01:13 - 2015-03-13 01:13 - 00001465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-03-13 01:13 - 2015-03-13 01:13 - 00001381 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2015-03-13 01:13 - 2015-03-13 01:13 - 00001312 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2015-03-13 01:13 - 2015-03-13 01:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-03-13 01:13 - 2015-03-13 01:13 - 00000000 ____D () C:\Windows\en
2015-03-13 01:13 - 2015-03-13 01:13 - 00000000 ____D () C:\Users\E\AppData\Roaming\Tific
2015-03-13 01:13 - 2015-03-13 01:13 - 00000000 ____D () C:\Users\E\AppData\Local\Symantec
2015-03-13 01:12 - 2015-03-13 01:12 - 00002493 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-03-13 01:11 - 2015-03-13 01:11 - 00000000 ____D () C:\Program Files\Windows Live
2015-03-13 01:11 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-03-13 01:11 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-03-13 01:11 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-03-13 01:11 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-03-13 01:01 - 2015-03-13 01:01 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-13 00:55 - 2015-03-13 00:55 - 00000000 ____D () C:\Users\E\AppData\Local\Apps\2.0
2015-03-13 00:55 - 2015-03-13 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-13 00:54 - 2015-03-13 00:54 - 00000000 ____D () C:\Users\E\AppData\Local\NVIDIA
2015-03-13 00:52 - 2015-03-13 00:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-13 00:52 - 2015-03-13 00:52 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-13 00:50 - 2015-03-13 00:50 - 00001084 _____ () C:\Users\E\Desktop\Kaspersky Security Scan.lnk
2015-03-13 00:50 - 2015-03-13 00:50 - 00000000 ____D () C:\Users\E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2015-03-13 00:50 - 2015-03-13 00:50 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-13 00:50 - 2015-03-13 00:50 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-03-13 00:46 - 2015-03-13 00:46 - 00364640 _____ (Kaspersky Lab) C:\Users\E\Desktop\kss12.0.1.808_6398_6399.exe
2015-03-13 00:46 - 2010-09-14 06:45 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2015-03-13 00:46 - 2010-09-14 06:07 - 00276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2015-03-13 00:45 - 2015-03-13 03:35 - 00286572 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-03-13 00:42 - 2015-03-13 00:42 - 00000000 ____D () C:\Users\E\AppData\Roaming\Adobe
2015-03-13 00:35 - 2015-03-13 03:34 - 00289770 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-03-13 00:31 - 2015-03-13 00:31 - 00000000 ____D () C:\Users\E\AppData\Local\Windows Live
2015-03-13 00:29 - 2015-03-13 00:29 - 00000000 ____D () C:\Users\E\AppData\Roaming\Google
2015-03-13 00:29 - 2009-10-10 03:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys
2015-03-13 00:13 - 2015-03-13 00:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-13 00:13 - 2015-03-13 00:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-13 00:13 - 2015-02-26 21:14 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-13 00:12 - 2015-03-13 00:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-13 00:12 - 2015-03-13 00:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-13 00:11 - 2015-02-04 00:00 - 00608072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-13 00:11 - 2015-02-03 16:18 - 04229086 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-13 00:10 - 2015-03-13 00:11 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-13 00:09 - 2010-03-04 04:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2015-03-13 00:01 - 2015-02-04 03:04 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-13 00:01 - 2015-02-04 03:03 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-13 00:01 - 2015-02-04 03:03 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-13 00:01 - 2015-02-04 03:03 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-13 00:01 - 2015-02-04 03:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-13 00:01 - 2015-02-04 03:01 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-13 00:01 - 2015-01-27 23:23 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-03-13 00:01 - 2014-12-04 02:31 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-13 00:01 - 2014-09-15 00:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 00:01 - 2012-09-06 17:38 - 00295792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2015-03-13 00:01 - 2011-08-30 05:21 - 14164480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-13 00:01 - 2011-08-30 04:28 - 12868096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-13 00:01 - 2011-04-09 06:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-03-13 00:01 - 2011-04-09 06:45 - 05509504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 00:01 - 2011-04-09 06:13 - 03957632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-13 00:01 - 2011-04-09 06:13 - 03901824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-13 00:01 - 2011-04-09 05:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-03-13 00:01 - 2011-01-26 06:53 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-03-13 00:01 - 2011-01-26 06:53 - 00265088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-03-13 00:01 - 2011-01-26 06:31 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-03-13 00:01 - 2010-12-21 06:16 - 01197056 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-13 00:01 - 2010-12-21 06:16 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2015-03-13 00:01 - 2010-12-21 06:16 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-03-13 00:01 - 2010-12-21 06:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2015-03-13 00:01 - 2010-12-21 06:16 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2015-03-13 00:01 - 2010-12-21 06:15 - 01498112 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-13 00:01 - 2010-12-21 06:15 - 00264192 _____ (Microsoft Corporation) C:\Windows\system32\upnp.dll
2015-03-13 00:01 - 2010-12-21 06:15 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2015-03-13 00:01 - 2010-12-21 06:13 - 02003968 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-03-13 00:01 - 2010-12-21 06:13 - 01880576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-03-13 00:01 - 2010-12-21 06:11 - 12369408 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-13 00:01 - 2010-12-21 06:10 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-03-13 00:01 - 2010-12-21 05:38 - 01228288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-13 00:01 - 2010-12-21 05:38 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-13 00:01 - 2010-12-21 05:38 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2015-03-13 00:01 - 2010-12-21 05:38 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-03-13 00:01 - 2010-12-21 05:38 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
2015-03-13 00:01 - 2010-12-21 05:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2015-03-13 00:01 - 2010-12-21 05:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2015-03-13 00:01 - 2010-12-21 05:36 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-03-13 00:01 - 2010-12-21 05:36 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-03-13 00:01 - 2010-12-21 05:35 - 10989056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-13 00:01 - 2010-12-21 05:34 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-03-13 00:01 - 2010-11-04 06:31 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-13 00:01 - 2010-11-04 06:31 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-13 00:01 - 2010-11-04 05:48 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-13 00:01 - 2010-11-04 05:48 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-13 00:01 - 2010-11-02 05:18 - 00662528 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-03-13 00:01 - 2010-11-02 05:18 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-03-13 00:01 - 2010-11-02 05:18 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2015-03-13 00:01 - 2010-11-02 05:12 - 01837568 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-03-13 00:01 - 2010-11-02 05:12 - 01540608 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-03-13 00:01 - 2010-11-02 05:12 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-03-13 00:01 - 2010-11-02 05:12 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-03-13 00:01 - 2010-11-02 05:12 - 00320512 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-03-13 00:01 - 2010-11-02 05:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-03-13 00:01 - 2010-11-02 04:41 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2015-03-13 00:01 - 2010-11-02 04:41 - 00283648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-03-13 00:01 - 2010-11-02 04:41 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2015-03-13 00:01 - 2010-11-02 04:35 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-03-13 00:01 - 2010-11-02 04:35 - 01074176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-03-13 00:01 - 2010-11-02 04:35 - 00739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-03-13 00:01 - 2010-11-02 04:35 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-03-13 00:01 - 2010-11-02 04:35 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-03-13 00:01 - 2010-06-26 05:31 - 01863680 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-03-13 00:01 - 2010-06-26 05:14 - 01495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-03-13 00:01 - 2010-05-23 10:15 - 01619456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-03-13 00:01 - 2010-05-23 10:11 - 03181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-13 00:01 - 2010-05-23 10:11 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2015-03-13 00:01 - 2010-05-23 08:37 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-03-13 00:01 - 2010-05-23 08:35 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-13 00:01 - 2010-05-23 08:35 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2015-03-13 00:01 - 2010-05-23 08:35 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-13 00:01 - 2010-03-24 06:59 - 01736608 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-13 00:01 - 2010-03-24 06:37 - 01289528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-13 00:01 - 2009-12-11 10:29 - 00153160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-13 00:01 - 2009-12-11 09:24 - 01446912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-13 00:01 - 2009-12-11 07:39 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-13 00:01 - 2009-12-11 07:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-12 23:57 - 2012-06-02 22:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-03-12 23:57 - 2012-06-02 22:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-03-12 23:57 - 2012-06-02 22:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-03-12 23:57 - 2012-06-02 22:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-03-12 23:57 - 2012-06-02 22:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-03-12 23:57 - 2012-06-02 22:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-03-12 23:57 - 2012-06-02 22:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-03-12 23:57 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-03-12 23:57 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-02-23 13:09 - 2015-02-23 13:09 - 31515280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-23 13:09 - 2015-02-23 13:09 - 24198856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-23 13:09 - 2015-02-23 13:09 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-23 13:09 - 2015-02-23 13:09 - 16128576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-23 13:09 - 2015-02-23 13:09 - 13916280 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-23 13:09 - 2015-02-23 13:09 - 12894024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-23 13:09 - 2015-02-23 13:09 - 11272240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-23 13:09 - 2015-02-23 13:09 - 01907400 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434144.dll
2015-02-23 13:09 - 2015-02-23 13:09 - 01555656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434144.dll
2015-02-23 13:09 - 2015-02-23 13:09 - 00944328 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-23 13:09 - 2015-02-23 13:09 - 00907464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-23 13:09 - 2015-02-23 13:09 - 00902344 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-23 13:09 - 2015-02-23 13:09 - 00870032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-23 13:08 - 2015-02-23 13:08 - 13828032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-23 13:08 - 2015-02-23 13:08 - 11209192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-23 13:08 - 2015-02-23 13:08 - 04244680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-23 13:08 - 2015-02-23 13:08 - 03987600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-23 13:07 - 2015-02-23 13:07 - 22993224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-23 13:07 - 2015-02-23 13:07 - 15294280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-23 13:07 - 2015-02-23 13:07 - 02823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 18:15 - 2009-07-14 05:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-03-13 18:15 - 2009-07-14 05:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-03-13 17:53 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 17:51 - 2010-05-07 11:22 - 00000006 _____ () C:\Windows\system32\PLD_Framework.cmd
2015-03-13 17:50 - 2010-05-07 11:12 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-03-13 17:44 - 2010-05-07 11:00 - 00003540 _____ () C:\Windows\TSSysprep.log
2015-03-13 17:44 - 2009-07-14 04:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2015-03-13 12:54 - 2009-07-14 03:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-13 11:13 - 2010-05-07 11:55 - 00000000 ___HD () C:\OEM
2015-03-13 11:13 - 2010-05-07 11:38 - 00021567 _____ () C:\Windows\Patch.log
2015-03-13 11:08 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\Help
2015-03-13 11:02 - 2010-05-07 11:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-13 10:58 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\system32\restore
2015-03-13 10:57 - 2010-05-07 11:36 - 00000000 ____D () C:\ProgramData\Norton
2015-03-13 10:57 - 2010-05-07 11:34 - 00000000 ____D () C:\ProgramData\OEM
2015-03-13 10:57 - 2009-10-05 20:30 - 00000000 ____D () C:\Windows\DeployWinRE2
2015-03-13 10:54 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\Recovery
2015-03-13 06:10 - 2010-05-07 11:36 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2015-03-13 06:00 - 2009-07-14 04:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-13 06:00 - 2009-07-14 04:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-13 05:28 - 2010-05-07 11:58 - 00000000 ____D () C:\Windows\Panther
2015-03-13 05:19 - 2009-07-14 05:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-13 05:13 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-13 05:13 - 2009-07-14 04:51 - 00040345 _____ () C:\Windows\setupact.log
2015-03-13 05:08 - 2010-05-07 11:36 - 00002496 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2015-03-13 05:08 - 2010-05-07 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-03-13 05:07 - 2010-05-07 11:37 - 00008316 _____ () C:\Windows\PFRO.log
2015-03-13 03:35 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-13 00:53 - 2010-05-07 11:29 - 00000000 ____D () C:\ProgramData\Partner
2015-03-13 00:53 - 2010-05-07 11:29 - 00000000 ____D () C:\Program Files\Google
2015-03-13 00:53 - 2010-05-07 11:29 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-13 00:53 - 2009-07-14 04:45 - 00269208 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 00:52 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-13 00:30 - 2010-05-07 11:26 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway
2015-03-13 00:30 - 2010-05-07 11:26 - 00000000 ____D () C:\Program Files (x86)\Gateway
2015-02-23 13:09 - 2010-05-07 11:56 - 18634072 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-23 13:09 - 2010-05-07 11:56 - 00026155 _____ () C:\Windows\system32\nvinfo.pb
2015-02-23 13:08 - 2010-05-07 11:56 - 14497568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-23 13:07 - 2010-05-07 11:56 - 03209736 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2010-05-07 10:58

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by E at 2015-03-13 06:30:36
Running from C:\Users\E\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Enabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Backup Manager Advance (x32 Version: 2.0.2.39 - NewTech Infosystems) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.82 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.82 - WildTangent) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2610.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.82 - WildTangent) Hidden
Gateway Game Console (x32 Version:  - WildTangent) Hidden
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.80 - WildTangent)
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.39 - NewTech Infosystems)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3007 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3006 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0506.2010 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Gateway Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Gateway Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Jewel Quest (x32 Version: 2.2.0.82 - WildTangent) Hidden
Jewel Quest Solitaire 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.881 - Kaspersky Lab) Hidden
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
Mahjongg Artifacts (x32 Version: 2.2.0.82 - WildTangent) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{beaecf71-6bcc-4be8-8a1d-622da256e42f}) (Version:  - Nero AG)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 17.7.0.12 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Pool (x32 Version: 2.2.0.82 - WildTangent) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
THX TruStudio PC (HKLM-x32\...\{F1F5C7EE-23BB-47A3-943E-9F290DD267F0}) (Version: 1.0 - Creative Technology Limited)
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - A New Home (x32 Version: 2.2.0.82 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3013 - Gateway Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Yahtzee (x32 Version: 2.2.0.82 - WildTangent) Hidden
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

13-03-2015 11:06:17 Installed DirectX

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {098158C7-7AA4-4B3A-A5A8-3CFE37A8E6B3} - System32\Tasks\Symantec\Symantec Error Processor 17.7.0.12 => C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\SymErr.exe [2010-05-14] (Symantec Corporation)
Task: {E327D1D9-8B8A-477E-9D9E-616AB0B4E26E} - System32\Tasks\Symantec\Symantec Error Analyzer 17.7.0.12 => C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\SymErr.exe [2010-05-14] (Symantec Corporation)
Task: {EB4C9F4C-0B4D-4DC8-AC86-9F82CFECE3BC} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] ()
Task: {F424C27B-0DAC-4F1F-A540-E3CA947B9B98} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2009-11-02] (Acer)

==================== Loaded Modules (whitelisted) ==============

2015-03-13 00:11 - 2015-02-04 02:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-12-14 02:19 - 2009-12-09 09:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2015-03-13 11:01 - 2008-05-30 10:50 - 00581120 _____ () C:\Windows\MHotKey.exe
2009-11-17 22:16 - 2009-11-17 22:16 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2009-11-17 22:12 - 2009-11-17 22:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2014-06-15 23:40 - 2014-06-15 23:40 - 02124256 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 07422144 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 02453696 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 00192704 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 00794816 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\69692311.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98917698.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\69692311.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98917698.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1885888093-3440957442-3351373271-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\E\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 91.194.254.105 - 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: LchDrvKey => LchDrvKey.exe
MSCONFIG\startupreg: LedKey => CNYHKey.exe

==================== Accounts: =============================

Administrator (S-1-5-21-1885888093-3440957442-3351373271-500 - Administrator - Disabled)
E (S-1-5-21-1885888093-3440957442-3351373271-1000 - Administrator - Enabled) => C:\Users\E
Guest (S-1-5-21-1885888093-3440957442-3351373271-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1885888093-3440957442-3351373271-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: BHDrvx64
Description: BHDrvx64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BHDrvx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2015 00:45:59 AM) (Source: MsiInstaller) (EventID: 11935) (User: E-PC)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {74C57B6B-FF6E-3825-BED2-78E14E3E0E3C}

Error: (03/13/2015 00:45:40 AM) (Source: MsiInstaller) (EventID: 11935) (User: E-PC)
Description: Product: MSXML 4.0 SP2 (KB973688) -- Error 1935. An error occured during the installation of assembly component {7B2B4EA5-1028-B7E6-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9876.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86"

Error: (03/13/2015 00:35:50 AM) (Source: MsiInstaller) (EventID: 11935) (User: E-PC)
Description: Product: MSXML 4.0 SP2 (KB954430) -- Error 1935. An error occured during the installation of assembly component {7B30B69B-0E6C-B7E0-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9870.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86"

Error: (03/13/2015 00:12:12 AM) (Source: MsiInstaller) (EventID: 11935) (User: E-PC)
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}

System errors:
=============
Error: (03/13/2015 05:14:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64

Error: (03/13/2015 05:13:54 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:11:02 AM on ‎3/‎13/‎2015 was unexpected.

Error: (03/13/2015 05:08:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64

Error: (03/13/2015 01:03:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64

Error: (03/13/2015 00:58:24 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64

Error: (03/13/2015 00:54:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%16405

Error: (03/13/2015 00:53:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64

Error: (03/13/2015 00:46:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

Error: (03/13/2015 00:45:57 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688).

Error: (03/13/2015 00:36:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430).

Microsoft Office Sessions:
=========================
Error: (03/13/2015 00:45:59 AM) (Source: MsiInstaller) (EventID: 11935) (User: E-PC)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {74C57B6B-FF6E-3825-BED2-78E14E3E0E3C}(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/13/2015 00:45:40 AM) (Source: MsiInstaller) (EventID: 11935) (User: E-PC)
Description: Product: MSXML 4.0 SP2 (KB973688) -- Error 1935. An error occured during the installation of assembly component {7B2B4EA5-1028-B7E6-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9876.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86"(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/13/2015 00:35:50 AM) (Source: MsiInstaller) (EventID: 11935) (User: E-PC)
Description: Product: MSXML 4.0 SP2 (KB954430) -- Error 1935. An error occured during the installation of assembly component {7B30B69B-0E6C-B7E0-A06B-D6B9ABF34537}. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.MSXML2,type="win32",version="4.20.9870.0",publicKeyToken="6bd6b9abf345378f",processorArchitecture="x86"(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/13/2015 00:12:12 AM) (Source: MsiInstaller) (EventID: 11935) (User: E-PC)
Description: Product: Microsoft Visual C++ 2005 Redistributable -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem, function: Commit, component: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}(NULL)(NULL)(NULL)(NULL)(NULL)

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 39%
Total physical RAM: 4087.11 MB
Available physical RAM: 2458.91 MB
Total Pagefile: 8172.36 MB
Available Pagefile: 6291.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:910.41 GB) (Free:880.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5796A25E)
Partition 1: (Not Active) - (Size=21 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=910.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 15 March 2015 - 06:19 AM

Hello kerry13,
 

I'm Stan and I will be helping you for this problem.

 

First of all I want to clear some things about the malware removal process:

  • Do not run any tools on your own. This may affect the process of removal and may cause both slowdown and additional problems.
  • Read carefully the steps that I suggest you to do. Any mismatch will prolong this case.
  • Copy any scripts carefully so they stay exactly the same with the original. Otherwise the script may not work and we will need to rerun/recreate it.
  • Feel free to copy all the steps in offline environment. They may be easier to read and follow in this way.
  • Feel free to ask any questions about the malware removal process. I'm here to help you so nothing must be hidden or misunderstood.
  • Share with me any problems/changes you experience while working with the current system.
  • Please, do not use any quotes or code boxes when you post logs.

I want to inform you that I will be able to respond in the evenings - 07:00 P.M - 11:00 P.M. (UTC + 02:00) - since I'm working during most of the daytime. If I haven't posted anything for 48 hours straight, please, feel free to send me a personal message. I will bump the topic if there is no response from you for 3 days. After 5 days of inactivity, the topic will be closed.

 

I want to inform you that I'm still in my training program so my posts must be reviewed by an instructor. This may lead to a slight delay in my answers.

 

********************

 

Thank you for the provided logs. I will review them as fast as I can and I will be back with further instructions.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#3 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 15 March 2015 - 01:00 PM

Hello kerry13,

 

Before we continue, I want to ask you a couple of questions.

  • In your first post you said that you have used System Restore function twice. After the first attempt, it seems that the problems hasn't been resolved. What happened after the second try? Is the system still showing signs of infection present?
  • Are there any other problems that you have occurred? Sluggish performance, errors related to system or third-party applications?
  • While reviewing your logs, I saw that the Gateway software installed on the system has modified some settings related to IE, for example, its default page and start page (machine wide). Are you familiar with those? Do you want to reset those options? These changes are not malicious but most of the times they are done without user's knowledge.
  • Are you familiar with the following IP address - 91.194.254.105 ? It has been set as DNS address on the system? If not, what kind of Internet connection are you using? Is there a possibility that these settings have been forced by your ISP?

While waiting for your answers, I want you to do one thing. Please, follow the steps here to boot the system in Safe Mode with Networking. When you enter the mode, please, open your browser and browse the net for a little bit. Check if the popups are still there and give me feedback in your next post here.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#4 kerry13

kerry13
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 15 March 2015 - 05:13 PM

hi thanks for taking the time to try and help me , after the first time restoring my computer it didn't do anything and after a while got worse to a point that every page I opened up got redirected to something else .I am  not aware that gateway made any changes to anything about the pages etc .

I rang my internet provider and they told me every time I go on the internet the ip address will be different so I guess I haven't set it to anything on the pc and was not aware it was set to something .

 

after restoring my pc for the second time I tried to look at tips on the internet about removing or making my pc safe and changed a couple things from tutorials I found online , one was not allowing sites to save cookies on my computer , ive got like 80 blocked sites trying to save cookies to my computer from the initial period after my restore . but a couple days ago I had to reduce the settings allowing cookies to be saved to use emails etc so I am not sure if any are being saved now or what .

at this stage from my 2nd restore I upgraded internet exployer etc and have only had the initial sites trying to save cookies and no popups , but I haven't surfed the web much just only to do the things I needed to get done .

 later on today I will surf the web in safe mode and in normal mode and see what happens , im working now so ill do after

 

once again thanks for helping me , cheers Kerry



#5 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 16 March 2015 - 12:43 AM

Hello kerry13,

 

Thank you for the detailed answers on questions asked. Well done on calling your ISP provider! I will be waiting for your additional feedback.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#6 kerry13

kerry13
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 16 March 2015 - 03:09 PM

there was one thing I did forget to mention I upgraded internet explorer with a service pack then got internet explorer  11 ,  after rebooting for it to take affect a panel came up saying Norton antivirus had been uninstalled and I couldn't get it working again . I quickly installed Kaspersky again . but I did not click anything or ask Norton to be uninstalled .

browsing the internet seems fine in safe mode and in normal mode at the moment with no popups etc . but before something was making  all those site try and save cookies to my computer after the 2nd restore

 

cheers Kerry



#7 kerry13

kerry13
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 16 March 2015 - 03:40 PM

okay just after posting the last one I jumped on the web and a popup came up from adultcameras.info , it is on the blocked list for sites trying to save cookies to my computer , sigh



#8 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 17 March 2015 - 03:36 PM

Hello kerry13,

Thank you for the provided information. Since the problem looks like it's still there, I need to run two more scans so I can get a little more information about the system's condition. For now, we will focus on the main problem and after that, we will fix some of the little issues present on the computer.

********************

 

Please, download Malwarebytes' Anti-Malware. Run the installer and follow the prompts to install the software. When ready, please start the tool.

  • When started, please, press the Scan Now >> button.
  • You will be automatically prompted to update the software.
  • Push the Update Now button so the definitions can be downloaded.

Note: If you are prompted that there is new version of the software ready to install, please, choose OK. Install the latest version of Malwarebytes' Anti-Malware and repeat the steps above.

  • The Threat Scan should automatically start.
  • When the scanning process has completed, the results will be displayed.
  • Click on Quarantine All and then choose Apply Actions.

If any malicious entries were detected, Malwarebytes should prompt you that a system reboot is required. Please choose Yes. Otherwise, the detected objects may not be removed.
 
After the reboot:

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Check the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom and paste the content of the file in your next reply.

Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
 
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

 

********************

 

Please, go to this link to run the scan.

  • When executed, select the option Yes, I accept the Terms of Use and push the Start button.
  • When prompted, allow the Add-on/Active-X control to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Click on Advanced Settings and select the following options:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button. The virus signature database will begin to download. Please, note that this may take a while, depending on your network connection.
  • When completed, the Online Scan will start automatically.

Note: Do not use the computer during the scanning process.

  • When completed, select Uninstall application on close, if you want to, but make sure that you copy the logfile first.
  • Push the Finish button.
  • Open the logfile located in C:\Program Files\ESET\EsetOnlineScanner\log.txt via Notepad.

Please, copy and paste the content of the log file in your next reply.

 

********************

Please, follow the instruction here or here to change your current DNS IP addresses to those of Google. When ready, use the system to browse the Internet for a little bit to see if the popups still show up. Monitor the system's behavior for a while and give your feedback in your next reply.

Summary, in your next post I will be waiting for logs from MAM and ESET Online Scanner, followed by information for system's current condition.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#9 kerry13

kerry13
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 17 March 2015 - 07:40 PM

hi here is the malware log , said it found no threats

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/18/2015
Scan Time: 10:40:13 AM
Logfile: malware test.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.17.07
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: E

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349252
Time Elapsed: 8 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

and here is the eset scan which said no threats found

 

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

 

 

not much there ? is there supposed to be more?

 

during the scan the malware blocked 2 items which it said were malicious

both going to 91.194.254.105  different ports windows/system32/svchost.exe

the other was some thing in Kaspersky

and during the scan I had 4 web pages open , this one ,malware eset and Hotmail , after the scan I looked and the malware one had changed to adultyum.info ........

 

ill do the other couple things soon cheers Kerry
 



#10 kerry13

kerry13
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 17 March 2015 - 08:25 PM

hi , I changed the thing to 8888 and 8844 , I reset the connection , those 2 links you gave me to do the change thing , the first gets redirected to adultyum.info everytime , and the second dosent  . I went on google  put in a search and clicked on it , and it got redirected to the same site ,adultyum.info straight away , so in the last day it has got worse , a lot worse .

cheers Kerry



#11 kerry13

kerry13
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 18 March 2015 - 05:19 PM

hi , that ip that I said was trying to do things while the scan was running I googled , it came up with some interesting results mostly malicious types of pop up virus topics , one of which was here on bleeping computer , http://www.bleepingcomputer.com/forums/t/568393/russian-pop-ups-and-browser-hijacker-infection/ .



#12 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 19 March 2015 - 01:05 AM

Hello kerry13,

 

Yes, the IP is in fact met in lot of cases related to malware problems. I will be back with additional questions this evening or maybe earlier today if I get time to post here during work.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#13 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 19 March 2015 - 12:40 PM

Hello kerry13,

I'm sorry to hear that the system is in worse condition than before but we will try everything to bring things back to normal.

 

not much there ? is there supposed to be more?

 

Yes, the log should be different, but the fact that nothing has been found is enough information to this moment.




I reset the connection

 

What you mean by resetting the connection?

In our case I want to find out where the source of the problem is - on the system or at some element of the network. For that reason, please do the following:

 

Start Internet Explorer in normal mode using the following steps:

  • Press Windows key and R simultaneously.
  • When the new windows appear, type iexplore and press Enter. This will launch the browser.

Note: The point here is to avoid starting the browser via any shortcuts present.

 

Go to various wide-known sites, like Google, Bing, MSN and etc. See which ones are redirected and, to be sure that the problem can be recreated, access them for a second time. When ready, please, boot the system in Safe Mode with Networking and try reaching those internet destinations. See if the problem still exists.

 

Note: Use the same method explained above to launch Internet Explorer in Safe Mode with Networking.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#14 kerry13

kerry13
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:19 AM

Posted 20 March 2015 - 03:49 PM

hello , when I said reset the connection it was turning the router on and of . after those changes to the 8888 8844 things I haven't had any pop ups surfing in normal mode iexplore and in the windows key r one .  the thing that caused it is still on my computer ? hope it stays this way with no popups lol .



#15 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 21 March 2015 - 12:38 PM

Hello kerry13,

 

I haven't had any pop ups surfing in normal mode iexplore and in the windows key r one .  the thing that caused it is still on my computer ? hope it stays this way with no popups lol .

 

I'm happy to hear that the change was able to remove the problem. The thing that was possibly causing it was a certain setting related to your Internet connection, to be more exact, as explained, the DNS settings element.

 

Now, I want to remove the Gateway entries we were discussing earlier.

 

This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

  • Please download the attached fixlist.txt file and save it to the same location as FRST - Attached File  fixlist.txt   856bytes   1 downloads

Note: It's important that both files, FRST.exe and fixlist.txt are in the same location or the fix will not work. In your case, this should be the Desktop.

  • Run FRST.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log - Fixlog.txt - in the same location the tool was run.

Please, post the content of the log file in your next reply.

 

********************

 

There is outdated software on your system that is actually a potential security breach:

  • Adobe Flash Player - Please, download the latest version of the software for your system from here

Note: Be sure to uncheck the boxes in front of "Yes, install Google Chrome" and "Yes, install Google toolbar for Internet Explorer"

  • Adobe Reader - Please, download the latest version of the software for your system from here

Note: Be sure to uncheck the boxes in front of "Yes, install Google Chrome" and "Yes, install Google toolbar for Internet Explorer"

 

********************

 

Please, start again FRST. When you start the tool, please, check the checkbox in front of Addition.txt in the Optional Scan section. Then run a new scan of the system and post the results in your next comment.

 

In your next post, I will be waiting for the following items - Fixlog.txt, FRST.txt and Addition.txt


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users