Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • Please log in to reply
3 replies to this topic

#1 drbizerk

drbizerk

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 14 May 2015 - 02:22 PM

Attached File  hijackthis.log   6.86KB   5 downloads



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:30 AM

Posted 18 May 2015 - 02:03 PM

Hi drbizerk

Unfortunately we no longer recommend the use of HijackThis.
It is very outdated and doesn't give us much information.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Both reports from FRST

Also please give me some idea of the problems you are experiencing.


Thanks.

BBPP6nz.png


#3 drbizerk

drbizerk
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 21 May 2015 - 10:05 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by intox (administrator) on INTOX-PC on 21-05-2015 21:20:32
Running from C:\Users\intox\Downloads
Loaded Profiles: intox (Available profiles: intox)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8205944 2014-12-30] (Zemana Ltd.)
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\...\Run: [AppSafe] => C:\Program Files (x86)\AppSafe\AppSafe.exe
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe [927920 2015-04-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\...\MountPoints2: {143123fa-96b0-11e1-a78a-e81132edc988} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Setup.exe
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\...\MountPoints2: {14312543-96b0-11e1-a78a-e81132edc988} - F:\PcOptions.exe
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\...\MountPoints2: {aa1b2950-9ddf-11e1-bf84-e81132edc988} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Setup.exe
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\...\MountPoints2: {aec94545-34ca-11e2-91fe-e81132edc988} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\...\MountPoints2: {b8f00ae7-94c6-11e1-a228-e81132edc988} - H:\PcOptions.exe
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\...\MountPoints2: {ef89dec1-9adf-11e1-af06-e81132edc988} - F:\PcOptions.exe
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll [94664 2014-12-30] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86400 2014-12-30] (Zemana Ltd.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://rocket-find.com/?f=1&a=rckt_dsites02_14_26_ff&cd=2XzuyEtN2Y1L1Qzu0EzztCtCtAtB0E0D0CzyzzyB0BtAtCtCtN0D0Tzu0SzytCtCtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtD0FzztAyDtCtAtGtAtC0A0EtG0E0A0EtDtGtB0ByDyEtGyDtDtC0CtDtBtBtCyEyDyC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyCyB0F0CyByDyEtG0A0B0D0CtG0A0CyDzytG0D0CtC0BtGtA0BtB0D0EtB0DtB0F0E0EtA2Q&cr=149933568&ir=
HKU\S-1-5-21-1255701476-2273990348-714479081-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/en-us/?ocid=U221DHP&pc=U221
SearchScopes: HKLM-x32 -> DefaultScope {90B8EEB1-ED83-4F9F-AE94-0DCE4FE4EA8C} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\intox\AppData\Roaming\Mozilla\Firefox\Profiles\vc18o1bj.default-1431895103058
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2012-11-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2015-04-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2015-04-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\intox\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\intox\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2012-05-09]
CHR HKU\S-1-5-21-1255701476-2273990348-714479081-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\intox\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\intox\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-21] (MicroStudio) [File not signed]
S2 51cdb72; "C:\windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
S4 YouTubeDownload_P2; C:\Program Files (x86)\YouTube Downloader Services\P2\youtubeserv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 1601-01-01] (www.winchiphead.com)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-01-28] (Windows ® 2003 DDK 3790 provider)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S1 ckkpoxtj; \??\C:\windows\system32\drivers\ckkpoxtj.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-21 21:20 - 2015-05-21 21:20 - 00012193 _____ () C:\Users\intox\Downloads\FRST.txt
2015-05-21 21:12 - 2015-05-21 21:12 - 00415232 _____ (Farbar) C:\Users\intox\Downloads\FSS.exe
2015-05-21 21:12 - 2015-05-21 21:12 - 00002241 _____ () C:\Users\intox\Downloads\FSS.txt
2015-05-21 21:06 - 2015-05-21 21:20 - 00000000 ____D () C:\FRST
2015-05-21 21:05 - 2015-05-21 21:05 - 02108416 _____ (Farbar) C:\Users\intox\Downloads\FRST64.exe
2015-05-21 21:03 - 2015-05-21 21:03 - 00001100 _____ () C:\Users\Public\Desktop\AntiLogger Free.lnk
2015-05-21 21:03 - 2015-05-21 21:03 - 00000000 ____D () C:\Users\intox\AppData\Local\AntiLogger Free
2015-05-21 21:03 - 2015-05-21 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2015-05-21 21:03 - 2015-05-21 21:03 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiLogger Free
2015-05-21 21:03 - 2015-05-21 21:03 - 00000000 ____D () C:\Program Files (x86)\KeyCryptSDK
2015-05-21 21:03 - 2014-12-30 13:18 - 00076520 _____ (Zemana Ltd.) C:\windows\system32\Drivers\KeyCrypt64.sys
2015-05-21 21:02 - 2015-05-21 21:02 - 03688000 _____ (Zemana Ltd. ) C:\Users\intox\Downloads\AntiLoggerFree_Setup.exe
2015-05-20 09:15 - 2015-05-20 09:15 - 00000000 ____D () C:\$WINDOWS.~BT
2015-05-19 19:19 - 2015-05-19 19:19 - 00000000 ____D () C:\Users\intox\AppData\Roaming\Nero
2015-05-19 19:17 - 2015-05-19 19:17 - 00003504 _____ () C:\windows\System32\Tasks\Seagate_Install_Launch
2015-05-19 19:10 - 2015-05-20 12:37 - 00000000 ____D () C:\Users\intox\AppData\Roaming\Seagate
2015-05-19 19:05 - 2015-05-19 19:05 - 00000000 ____D () C:\windows\System32\Tasks\Leader Technologies
2015-05-19 16:49 - 2015-05-19 20:04 - 00001565 _____ () C:\windows\comsetup.log
2015-05-19 16:31 - 2015-05-19 16:31 - 00000000 ____D () C:\Users\intox\AppData\Roaming\Leadertech
2015-05-18 10:47 - 2015-05-18 10:47 - 00000000 ____D () C:\Users\intox\Downloads\voice mail
2015-05-16 00:17 - 2015-05-16 00:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-15 01:07 - 2015-05-15 10:44 - 00000000 ____D () C:\Users\intox\Downloads\backups
2015-05-11 17:53 - 2015-05-11 17:53 - 00000000 ____D () C:\Users\intox\AppData\Local\{BDCC03D4-B3FE-445D-B0C4-49906F5056BB}
2015-05-05 09:23 - 2015-05-15 10:44 - 00000000 ____D () C:\Program Files\Recuva
2015-04-23 10:31 - 2015-05-15 10:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-23 09:17 - 2015-04-23 09:17 - 05435275 _____ () C:\Users\intox\Downloads\CopyTransDriversInstallerv2.027.zip
2015-04-23 08:06 - 2015-04-23 08:06 - 00003324 _____ () C:\windows\System32\Tasks\SamsungSupportCenter
2015-04-23 08:06 - 2015-04-23 08:06 - 00002074 _____ () C:\Users\Public\Desktop\Samsung Support Center.lnk
2015-04-23 00:18 - 2015-04-23 00:18 - 00003168 _____ () C:\windows\System32\Tasks\{A3A4E24F-C661-42EB-86E3-C3AE7108714C}
2015-04-23 00:10 - 2015-04-23 00:11 - 05832080 _____ (WindSolutions) C:\Users\intox\Downloads\Install_CopyTransControlCenter.exe
2015-04-21 23:29 - 2015-04-21 23:29 - 02077392 _____ (Microsoft Corporation) C:\Users\intox\Downloads\IE11-Windows6.1(1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-21 20:59 - 2014-06-29 16:59 - 00000292 _____ () C:\windows\Tasks\Rocket Updater.job
2015-05-21 20:56 - 2009-07-13 23:45 - 00031472 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-21 20:56 - 2009-07-13 23:45 - 00031472 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-21 20:54 - 2015-04-03 14:49 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-21 20:38 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2015-05-21 20:28 - 2012-07-01 10:02 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-21 15:38 - 2015-04-03 14:49 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-21 13:22 - 2011-12-24 22:16 - 01397115 _____ () C:\windows\WindowsUpdate.log
2015-05-21 12:27 - 2015-01-03 04:06 - 00002563 _____ () C:\windows\setupact.log
2015-05-21 12:24 - 2009-07-14 00:13 - 00818446 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-20 21:37 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-20 12:26 - 2012-04-30 05:56 - 00000000 ____D () C:\Users\intox
2015-05-20 09:29 - 2014-09-25 08:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-20 09:27 - 2014-12-11 09:25 - 00001908 _____ () C:\windows\diagwrn.xml
2015-05-20 09:27 - 2014-12-11 09:25 - 00001908 _____ () C:\windows\diagerr.xml
2015-05-20 09:25 - 2015-04-18 23:56 - 00002642 _____ () C:\Users\intox\Desktop\Windows Compatibility Report.htm
2015-05-20 09:14 - 2015-01-03 04:06 - 00000000 _____ () C:\windows\setuperr.log
2015-05-19 23:41 - 2012-08-16 04:56 - 00063496 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-19 23:41 - 2012-08-16 04:56 - 00063496 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-19 20:42 - 2012-05-18 23:33 - 00000000 ___DC () C:\Users\intox\AppData\Local\MigWiz
2015-05-19 16:49 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2015-05-19 16:35 - 2010-11-20 22:47 - 00742190 _____ () C:\windows\PFRO.log
2015-05-19 16:34 - 2014-09-22 04:07 - 00000000 ____D () C:\windows\pss
2015-05-17 15:38 - 2015-03-19 11:31 - 00000000 ____D () C:\Users\intox\Desktop\Old Firefox Data
2015-05-17 12:19 - 2015-03-19 00:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-16 12:56 - 2014-10-17 14:55 - 00000000 ____D () C:\Users\intox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2015-05-16 12:56 - 2012-09-09 03:55 - 00001290 _____ () C:\Users\intox\Desktop\CopyTrans Control Center.lnk
2015-05-15 10:44 - 2015-03-18 18:12 - 00000000 ____D () C:\CIMTEMP
2015-05-15 10:44 - 2014-12-02 17:07 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-05-15 10:44 - 2012-05-17 14:34 - 00000000 ___RD () C:\INTOX-PC
2015-05-15 10:44 - 2012-05-09 18:57 - 00000000 ____D () C:\Users\intox\AppData\Roaming\uTorrent
2015-05-15 10:44 - 2011-12-24 05:49 - 00000000 ____D () C:\ProgramData\WinClon
2015-05-15 10:44 - 2011-12-24 05:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-05-15 10:44 - 2011-12-24 05:27 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-05-15 10:43 - 2012-05-16 01:55 - 00000000 ____D () C:\ProgramData\Apple
2015-05-15 10:42 - 2014-08-29 23:40 - 00000000 ____D () C:\AMD
2015-05-15 10:41 - 2012-11-25 03:46 - 00000000 ____D () C:\adt-bundle-windows
2015-05-11 17:53 - 2013-08-12 06:49 - 00000000 ____D () C:\Users\intox\AppData\Local\Windows Live Writer
2015-05-01 20:01 - 2012-05-21 04:33 - 00000000 ____D () C:\Users\intox\AppData\Local\CrashDumps
2015-05-01 02:31 - 2013-12-09 23:53 - 00000000 ____D () C:\Program Files (x86)\HT Audio
2015-04-23 10:32 - 2014-11-08 18:32 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-23 07:13 - 2011-12-24 05:29 - 00000000 ____D () C:\Program Files\Samsung
2015-04-23 07:13 - 2011-12-24 05:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-21 23:30 - 2014-05-24 12:28 - 00023146 _____ () C:\windows\IE11_main.log

==================== Files in the root of some directories =======

2014-07-30 16:06 - 2015-03-16 04:00 - 0000101 _____ () C:\Users\intox\AppData\Roaming\WB.CFG
2012-05-20 16:12 - 2014-11-23 13:12 - 0059904 _____ () C:\Users\intox\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-22 02:05 - 2014-10-31 06:38 - 0007612 _____ () C:\Users\intox\AppData\Local\resmon.resmoncfg
2011-12-24 05:43 - 2011-12-24 05:43 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-12-24 05:35 - 2011-12-24 05:36 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-12-24 05:40 - 2011-12-24 05:40 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-12-24 05:36 - 2011-12-24 05:40 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-12-24 05:40 - 2011-12-24 05:42 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Some files in TEMP:
====================
C:\Users\intox\AppData\Local\Temp\setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-20 08:23

==================== End of log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by intox at 2015-05-21 21:21:20
Running from C:\Users\intox\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1255701476-2273990348-714479081-500 - Administrator - Disabled)
Guest (S-1-5-21-1255701476-2273990348-714479081-501 - Limited - Disabled)
intox (S-1-5-21-1255701476-2273990348-714479081-1000 - Administrator - Enabled) => C:\Users\intox

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-1255701476-2273990348-714479081-1000\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{1B4ED54A-A741-5D36-40C6-0DA839CA033F}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
AntiLogger Free version 1.8.2.198 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.198 - Zemana Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9B3B4129-220E-42C7-9C5B-91C65E0885B4}) (Version: 8.1.1.3 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
CopyTrans Suite Remove Only (HKU\S-1-5-21-1255701476-2273990348-714479081-1000\...\CopyTrans Suite) (Version: 3.01 - WindSolutions)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
EasyFileShare (HKLM-x32\...\{1181AA5B-8EFD-4AC5-8CDE-A1F7307B3427}) (Version: 1.0.13 - Samsung)
Eco Mode (HKLM-x32\...\{9A8E4762-3331-4EDB-8E1F-B11179DDBC00}) (Version: 1.0.0.11 - Samsung Electronics Co., Ltd.)
E-POP (HKLM-x32\...\{75282161-8CAC-4071-A225-EBC95E43C7F3}) (Version: 1.00.0000 - Samsung)
ETDWare PS/2-X64 8.0.7.2_WHQL (HKLM\...\Elantech) (Version: 8.0.7.2 - ELAN Microelectronic Corp.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.21.123 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.0.0.009 - HTC Corporation)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 10.7.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.7.5 - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
Samsung Control Center (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.3 - Samsung)
Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.2 - )
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

23-04-2015 10:30:42 Installed Apple Mobile Device Support
26-04-2015 15:33:54 Windows Update
28-04-2015 13:43:23 Microsoft Antimalware Checkpoint
29-04-2015 12:30:03 Removed Samsung Support Center 1.0
29-04-2015 16:14:44 Windows Update
30-04-2015 23:52:48 Windows Update
05-05-2015 03:43:07 Removed HTC Driver Installer.
05-05-2015 03:44:12 Removed EasyFileShare
05-05-2015 09:27:41 Windows Update
05-05-2015 10:08:11 Windows Update
08-05-2015 15:13:55 Windows Update
09-05-2015 10:58:51 Removed Apple Application Support (32-bit)
09-05-2015 11:05:52 Removed Apple Mobile Device Support
15-05-2015 02:33:24 Windows Update
15-05-2015 10:58:54 Windows Update
19-05-2015 16:44:57 Windows Backup
19-05-2015 19:12:33 Installed Seagate Dashboard.
20-05-2015 12:29:26 Removed Seagate Dashboard.
20-05-2015 21:48:41 Windows Update
21-05-2015 20:52:29 Windows Anytime Upgrade

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01C4793F-5A22-4BFD-B85A-3742D21307B5} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-03-28] (SEC)
Task: {044CFB2A-94FC-4214-BFED-97D560156169} - System32\Tasks\{ABDD79B8-D4CD-4848-87E2-F0425EF35A5E} => pcalua.exe -a "C:\Users\intox\Downloads\BassBox Pro v6.0.18\Updates\bbx618.exe" -d "C:\Users\intox\Downloads\BassBox Pro v6.0.18\Updates"
Task: {0641439B-AD71-4B49-85BE-3AD63FE2A302} - System32\Tasks\{FBD969CC-F786-415D-B41B-89B39068E1F5} => pcalua.exe -a "C:\Users\intox\Downloads\BassBox Pro v6.0.18\Updates\bbx618mo.exe" -d "C:\Users\intox\Downloads\BassBox Pro v6.0.18\Updates"
Task: {0B4D6CFD-D075-4FD0-ABB9-4983AB316669} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {1B8FCFE0-5691-4F0B-BEA6-5A683585C02C} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Samsung Control Center\EBM\EasyBatteryMgr4.exe [2011-05-09] (SAMSUNG Electronics co., LTD.)
Task: {1C958717-152E-4106-921E-CFC052F2FD3B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-03] (Google Inc.)
Task: {24B9AD20-A626-4B2B-960E-0CC35E4D13A9} - System32\Tasks\AppSafe => C:\Program Files (x86)\AppSafe\AppSafe.exe <==== ATTENTION
Task: {29AF79FC-47A5-4B8F-8437-3C62DFCD863D} - System32\Tasks\AppCloudUpdater => C:\Users\intox\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {35C6FE93-A54D-4F38-8700-AD7B28B4AE79} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-03] (Google Inc.)
Task: {44686E48-C70E-4151-90EA-F72D8FDCF5CC} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe [2011-02-17] (Samsung Electronics Co., Ltd.)
Task: {5A0B7B2D-DCF5-4380-B8F3-84FC16833226} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1255701476-2273990348-714479081-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {6D164B9B-FBCC-4EF0-A3AF-3F0B3DC7131F} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1255701476-2273990348-714479081-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {6ED54EAB-C255-410D-A015-8D74B74F71F3} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {840E0EDB-467C-49A8-8457-01202E2349BE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {87A676C5-7148-4C69-B3E2-6FAD3E1344A2} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
Task: {9F188BA0-5BA7-4E85-AE71-4E23560B70B3} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-01-11] (Samsung Electronics)
Task: {9F6757C5-96E3-4A7D-B39A-C5FF9C3F252C} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Samsung Control Center\SCCSpeedBoot.exe [2011-05-18] (Samsung Electronics Co., Ltd.)
Task: {A0322255-6D30-440D-BE89-E822E0BF5B57} - System32\Tasks\{A3A4E24F-C661-42EB-86E3-C3AE7108714C} => pcalua.exe -a C:\Users\intox\Downloads\Install_CopyTransControlCenter.exe -d C:\Users\intox\Downloads
Task: {AC84D7CE-693E-427F-964F-49C2112D52B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B9752D62-EE1A-4C28-8BF1-3EA0331D4067} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe [2011-06-15] (Samsung Electronics Co., Ltd.)
Task: {BDC355F9-BFCD-49C0-BF46-40B31A30EAFF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1255701476-2273990348-714479081-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {C34D6E49-53B2-4DEC-8EDC-87B819DC5B31} - System32\Tasks\SvcDelay => C:\Windows\temp\SvcDelay.exe
Task: {C842CBD8-4F30-4CDF-9E2C-0346362CAE3D} - System32\Tasks\Rocket Updater => C:\Users\intox\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {D02CF107-8FCB-4CF2-A363-94D87E79307E} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {D3AD8BAA-BFCB-43F2-B4F2-92083E9DE6E7} - System32\Tasks\{198ED2D5-DC0A-448B-8D9C-FF46FA7E9BD0} => pcalua.exe -a C:\Users\intox\Downloads\Install_CopyTrans_Suite.exe -d C:\Users\intox\Desktop
Task: {D3FFAD82-237E-4497-B5E5-83C08C2582AC} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe [2011-06-04] (Samsung Electronics Co., Ltd.)
Task: {D5743364-8123-4D26-A6C4-D588C01C9262} - System32\Tasks\EcoMode => C:\Program Files (x86)\Samsung\Eco Mode\SmartEco.exe [2011-06-06] (Samsung Electronics)
Task: {F08C00EC-D654-4A25-8179-3085895F7E6F} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe [2011-06-15] (Samsung Electronics Co., Ltd.)
Task: {F537681E-96CA-42C3-893D-4F3100E039A2} - System32\Tasks\{74AEE51E-F4E6-406C-A14C-F94D72CEDB1A} => pcalua.exe -a "C:\Users\intox\Downloads\BassBox Pro v6.0.18\BassBox 6 Pro\SETUP.EXE" -d "C:\Users\intox\Downloads\BassBox Pro v6.0.18\BassBox 6 Pro"
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AppCloudUpdater.job => C:\Users\intox\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\windows\Tasks\AppSafe.job => C:\Program Files (x86)\AppSafe\AppSafe.exe <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Rocket Updater.job => C:\Users\intox\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2011-12-24 21:22 - 2008-06-04 18:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
2012-05-10 11:23 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-24 05:44 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Samsung Control Center\HookDllPS2.dll
2015-03-18 18:48 - 2011-02-17 01:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Samsung Control Center\WinCRT.dll
2011-12-24 05:49 - 2010-05-07 09:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1255701476-2273990348-714479081-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Atheros Bt&Wlan Coex Agent => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Samsung UPD Service => 3
MSCONFIG\Services: WindowsVNT_R3 => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\startupfolder: C:^Users^intox^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Seagate NA8B05YG Product Registration.lnk => C:\windows\pss\Seagate NA8B05YG Product Registration.lnk.Startup
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6745FE76-BA57-4F45-B82C-099FCCB1D53C}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{5C474FD3-58FA-419B-8A00-FF24BFE7E058}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{6D73B80E-7563-4005-8EA8-9C16A05E5DC0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2B16E29B-68AC-4351-A3B9-9702EE309650}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{EA7173B4-3BB3-474B-AB82-E57A8BBF43BF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{76252FAE-1A01-4B7A-95B7-3F24225007BD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{86E595A8-EF08-4BD6-BC9C-9E97B6E0A19D}C:\users\intox\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\intox\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{2896A1AA-B796-4AD9-A959-29511C2EE8A5}C:\users\intox\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\intox\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{AC77000E-A320-4C60-9BCD-9A8584E3404C}] => (Allow) C:\Users\intox\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
FirewallRules: [{A7BD5E1F-FFBC-4B6D-8E1F-94D13A96ADDE}] => (Allow) C:\Users\intox\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
FirewallRules: [{5E8EE016-F5A2-4B44-9270-D67082C3AA7B}] => (Allow) C:\windows\system32\wuapp.exe
FirewallRules: [{6AC93B15-C62B-4843-B9B4-3B977EC8080E}] => (Allow) C:\windows\system32\wuapp.exe
FirewallRules: [TCP Query User{95F9BD0E-3578-4D80-B14A-0CD2E83116EB}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{6E7B1A82-FB55-4E16-91F7-439C38D739E5}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/21/2015 09:20:27 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1604) WebCacheLocal: An attempt to open the file "C:\Users\intox\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (05/21/2015 09:20:17 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1604) WebCacheLocal: An attempt to open the file "C:\Users\intox\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (05/21/2015 09:20:07 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1604) WebCacheLocal: An attempt to open the file "C:\Users\intox\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (05/21/2015 09:19:57 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1604) WebCacheLocal: An attempt to open the file "C:\Users\intox\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (05/21/2015 09:18:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 21.5.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f18

Start Time: 01d09433d6f7f42c

Termination Time: 0

Application Path: C:\Users\intox\Downloads\FRST64.exe

Report Id:

Error: (05/21/2015 09:15:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 21.5.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 940

Start Time: 01d0943502a01010

Termination Time: 16

Application Path: C:\Users\intox\Downloads\FRST64.exe

Report Id: 4cd09720-0028-11e5-a32f-e81132edc988

Error: (05/21/2015 09:14:59 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1604) WebCacheLocal: An attempt to open the file "C:\Users\intox\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (05/21/2015 09:14:49 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1604) WebCacheLocal: An attempt to open the file "C:\Users\intox\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (05/21/2015 09:14:39 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1604) WebCacheLocal: An attempt to open the file "C:\Users\intox\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (05/21/2015 09:14:29 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1604) WebCacheLocal: An attempt to open the file "C:\Users\intox\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (05/20/2015 09:38:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.

Error: (05/20/2015 00:19:14 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (05/20/2015 00:19:11 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/20/2015 00:10:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.

Error: (05/20/2015 00:09:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.

Error: (05/20/2015 09:13:18 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (05/20/2015 08:03:10 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (05/20/2015 08:03:07 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/20/2015 07:54:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.

Error: (05/20/2015 07:53:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.


Microsoft Office:
=========================
Error: (05/21/2015 09:20:27 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1604WebCacheLocal: C:\Users\intox\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (05/21/2015 09:20:17 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1604WebCacheLocal: C:\Users\intox\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (05/21/2015 09:20:07 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1604WebCacheLocal: C:\Users\intox\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (05/21/2015 09:19:57 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1604WebCacheLocal: C:\Users\intox\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (05/21/2015 09:18:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe21.5.2015.0f1801d09433d6f7f42c0C:\Users\intox\Downloads\FRST64.exe

Error: (05/21/2015 09:15:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe21.5.2015.094001d0943502a0101016C:\Users\intox\Downloads\FRST64.exe4cd09720-0028-11e5-a32f-e81132edc988

Error: (05/21/2015 09:14:59 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1604WebCacheLocal: C:\Users\intox\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (05/21/2015 09:14:49 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1604WebCacheLocal: C:\Users\intox\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (05/21/2015 09:14:39 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1604WebCacheLocal: C:\Users\intox\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (05/21/2015 09:14:29 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1604WebCacheLocal: C:\Users\intox\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.


==================== Memory info ===========================

Processor: AMD A8-3530MX APU with Radeon™ HD Graphics
Percentage of memory in use: 17%
Total physical RAM: 7659.8 MB
Available physical RAM: 6350.59 MB
Total Pagefile: 22977.59 MB
Available Pagefile: 21157.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:610 GB) (Free:270.11 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:170.42 GB) (Free:145.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8480B0EB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=610 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=300.4 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=21 GB) - (Type=27)

==================== End of log ============================

 

 Thank you for the reply.

some of the problems i've been having include: Windows Update not working, services stopping, no admin rights to do anything.....computer rebooted and i lost a large portion of my documents. The only way I can get online with it is Safe Mode with networking or by running MSconfig selective start up. I began to notice this a few days after installing WEBROOT anti-virus that my wife purchased



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:30 AM

Posted 22 May 2015 - 04:22 PM

Hi drbizerk

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Bearshare, µTorrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.
 

I began to notice this a few days after installing WEBROOT anti-virus that my wife purchased

I take it that Webroot has since been removed... as I see no sign of it in the reports.


Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\intox\Downloads.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.



Step 2
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif


CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.Then:

Vista/Windows 7 users right-click and select Run As Administrator. on Combo-Fix.exe
  • Please follow any prompts
  • Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
In your next reply, please submit:
Fixlog.txt (from FRST)
Combofix.txt

also let me know if there's any improvement.

Thanks.

Attached Files


BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users