Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rkill found Zeroaccess Rootkit Symptoms! Win Vista SP2


  • This topic is locked This topic is locked
11 replies to this topic

#1 ndonaldson2912

ndonaldson2912

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 05 November 2015 - 11:39 AM

Hi guys,

 

I have a ran Rkill on my machine after I thought it was not running so smooth...

 

There results have showed that rootkit symptoms have been found. Could you guys please help me trying to resolve this...

 

Below is the Rkill report:
 

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/05/2015 04:29:41 PM in x86 mode.
Windows Version: Windows Vista ™ Home Basic Service Pack 2
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * ALERT: ZEROACCESS rootkit symptoms found!
 
     * C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\ [ZA Dir]
     * C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\ [ZA Dir]
     * C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\00000004.@ [ZA File]
     * C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\1afb2d56 [ZA File]
     * C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\201d3dde [ZA File]
     * C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\55490ac4 [ZA File]
     * C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\U\ [ZA Dir]
 
Checking Windows Service Integrity: 
 
 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic
 
 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
 
Program finished at: 11/05/2015 04:35:11 PM
Execution time: 0 hours(s), 5 minute(s), and 30 seconds(s)
 
Thanks
ndonaldson2912
 


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 05 November 2015 - 09:48 PM

Hello ndonaldson2912 and Welcome to the BleepingComputer. :welcome:  
 My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

:hello:
 
Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 06 November 2015 - 06:58 AM

Hi, 

 

Thank you for your quick reply...I have ran FRST and the results are as follows:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-11-2015
Ran by User (administrator) on USER-PC (06-11-2015 11:34:35)
Running from C:\Users\User\Downloads
Loaded Profiles: User & UpdatusUser (Available Profiles: User & Gavin & Mum & Katie & Gareth & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\British Telecom\British Telecom 802.11 Network Adapter\Driver\CppWindowsService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
() C:\Program Files\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrlS.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2011\ApVxdWin.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2011\SrvLoad.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2011\PavBckPT.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [APVXDWIN] => C:\Program Files\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE [984576 2011-09-05] (Panda Security, S.L.)
HKLM\...\Run: [SCANINICIO] => C:\Program Files\Panda Security\Panda Internet Security 2011\Inicio.exe [68928 2010-06-11] (Panda Security, S.L.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-08-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-29] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-03-08] (Adobe Systems Incorporated)
HKLM\...\Run: [WsmUpdater] => C:\Program Files\Web Solution Mart\Fake Webcam Codecs Pack\Updater.exe [292208 2012-05-18] (Web Solution Mart)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
Winlogon\Notify\avldr: C:\Windows\system32\avldr.dll [2010-03-24] (On-Access Anti-Malware Scanner Sync)
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\...\MountPoints2: {6eba9d29-da4c-11e0-a106-00251108631e} - F:\LaunchU3.exe
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\...\MountPoints2: {fa96d983-8261-11e5-8d1b-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ACER(W~1.SCR [187392 2006-10-19] ()
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3380226634-4216274146-2437852079-1006\...\RunOnce: [RUN] => C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
HKU\S-1-5-18\...\Run: [EPSON Stylus SX400 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE [188928 2007-12-17] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2008-07-30] (Egis Inc.)
Startup: C:\Users\Mum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2011-10-11]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Winsock: Catalog5 06 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9884259E-C60D-4F48-BEC5-4EE672C993B9}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E20D9985-8357-4900-BBA4-032AA650D158}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vb32&d=0911&m=aspire_x1700
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vb32&d=0911&m=aspire_x1700
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3380226634-4216274146-2437852079-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB450
SearchScopes: HKU\S-1-5-21-3380226634-4216274146-2437852079-1000 -> {289CF96E-E6F8-41F4-B3EA-51D23E9EE5DF} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3380226634-4216274146-2437852079-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB450
SearchScopes: HKU\S-1-5-21-3380226634-4216274146-2437852079-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-07-05] (Oracle Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-07-30] (Egis)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05] (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-07-30] (Egis Incorporated.)
Toolbar: HKU\S-1-5-21-3380226634-4216274146-2437852079-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20111020140028
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\system32\npDeployJava1.dll [2012-07-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-07-05] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-09-09] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-10]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-04]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-04]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-10]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-10-11] (Adobe Systems) [File not signed]
R2 BT_WPS_Service; C:\Program Files\British Telecom\British Telecom 802.11 Network Adapter\Driver\CppWindowsService.exe [87552 2015-07-10] () [File not signed]
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] () [File not signed]
S3 GoogleDesktopManager-080708-050100; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [24064 2011-09-01] (Google) [File not signed]
R2 KinoniSvc; C:\Program Files\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [529408 2012-09-12] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 Panda Software Controller; C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrls.exe [173312 2009-08-10] (Panda Security, S.L.)
S2 PAVSRV; C:\Program Files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe [314176 2010-06-04] (Panda Security, S.L.)
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [241734 2008-04-29] () [File not signed]
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1796912 2013-03-07] (Broadcom Corporation)
R3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [18432 2012-09-12] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2012-11-29] (CACE Technologies, Inc.)
R0 pavboot; C:\Windows\System32\Drivers\pavboot.sys [26696 2010-06-22] (Panda Security, S.L.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [764520 2013-03-12] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2012-01-11] () [File not signed]
R2 tvicport; C:\Windows\system32\drivers\tvicport.sys [14544 2008-02-25] (EnTech Taiwan) [File not signed]
S3 VCam_WDM; C:\Windows\System32\DRIVERS\VCam_WDM.sys [101688 2012-05-25] (e2eSoft)
R2 zntport; C:\Windows\system32\drivers\zntport.sys [6080 2008-02-25] (Zeal SoftStudio) [File not signed]
U3 a1qlgsyy; C:\Windows\system32\Drivers\a1qlgsyy.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S1 cnzhalxh; \??\C:\Windows\system32\drivers\cnzhalxh.sys [X]
S1 gmywjtwz; \??\C:\Windows\system32\drivers\gmywjtwz.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 kzysggfg; \??\C:\Windows\system32\drivers\kzysggfg.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 vomvclfn; \??\C:\Windows\system32\drivers\vomvclfn.sys [X]
S1 ywwthpsf; \??\C:\Windows\system32\drivers\ywwthpsf.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-06 11:34 - 2015-11-06 11:37 - 00019082 _____ C:\Users\User\Downloads\FRST.txt
2015-11-06 11:34 - 2015-11-06 11:34 - 00000000 ____D C:\FRST
2015-11-06 11:33 - 2015-11-06 11:33 - 01702400 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-11-05 16:42 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-05 16:42 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-05 16:42 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-05 16:42 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-05 16:42 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-05 16:42 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-05 16:42 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-05 16:42 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-05 16:41 - 2015-11-05 17:04 - 00000000 ___SD C:\ComboFix
2015-11-05 16:41 - 2015-11-05 16:41 - 00000000 ____D C:\Qoobox
2015-11-05 16:40 - 2015-11-05 16:40 - 00000000 ____D C:\Windows\erdnt
2015-11-05 14:32 - 2015-11-05 14:43 - 05637844 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2015-11-05 14:07 - 2015-11-05 14:07 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe
2015-11-05 12:30 - 2015-11-05 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-05 12:26 - 2015-11-05 14:06 - 00000000 ____D C:\Users\User\Desktop\mbar
2015-11-05 12:25 - 2015-11-05 12:25 - 16563304 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.09.2.1008.exe
2015-11-05 12:18 - 2015-11-05 16:35 - 00003758 _____ C:\Users\User\Desktop\Rkill.txt
2015-11-05 12:17 - 2015-11-05 12:18 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\User\Downloads\rkill.exe
2015-11-04 20:12 - 2015-11-04 20:15 - 00000000 ____D C:\AdwCleaner
2015-11-04 20:12 - 2015-11-04 20:12 - 01708032 _____ C:\Users\User\Downloads\AdwCleaner.exe
2015-11-04 20:10 - 2015-11-05 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2015-11-04 20:07 - 2013-03-12 20:49 - 00764520 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\rtl8192cu.sys
2015-11-04 20:07 - 2013-03-12 20:49 - 00764520 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTL8192cu.sys
2015-11-04 20:07 - 2013-03-12 20:49 - 00007524 _____ C:\Windows\system32\net8192cu.cat
2015-11-04 20:06 - 2015-11-04 20:09 - 00000000 ____D C:\ProgramData\TP-LINK
2015-11-04 19:11 - 2015-11-05 14:11 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-04 19:11 - 2015-11-05 14:10 - 00000903 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-04 19:11 - 2015-11-05 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-04 19:11 - 2015-11-05 14:10 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-04 19:11 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-04 19:11 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-04 19:11 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-03 19:42 - 2015-11-03 19:42 - 00000368 _____ C:\rkill.log
2015-11-03 19:41 - 2015-11-03 19:41 - 00000680 _____ C:\Users\User\AppData\Local\d3d9caps.dat
2015-10-29 12:40 - 2015-10-29 12:40 - 00001668 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-29 12:40 - 2015-10-29 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-29 12:39 - 2015-10-29 12:40 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-10-29 12:39 - 2015-10-29 12:40 - 00000000 ____D C:\Program Files\iTunes
2015-10-29 12:39 - 2015-10-29 12:39 - 00000000 ____D C:\Program Files\iPod
2015-10-29 12:33 - 2015-10-29 12:33 - 00000000 ____D C:\Program Files\Apple Software Update
2015-10-16 18:31 - 2015-10-16 18:31 - 00135216 _____ C:\Windows\Minidump\Mini101615-01.dmp
2015-10-16 16:50 - 2015-07-18 13:14 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00015200 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-16 16:50 - 2015-07-18 13:14 - 00011104 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-16 16:49 - 2015-09-28 17:17 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-16 16:49 - 2015-09-26 16:09 - 03606464 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-10-16 16:49 - 2015-09-26 16:09 - 03554240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-16 16:48 - 2015-07-29 00:46 - 11588096 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-15 22:20 - 2015-10-15 22:20 - 00023534 _____ C:\Users\User\Documents\Prescribed Information TDS
2015-10-15 10:14 - 2015-09-11 07:22 - 01814016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-15 10:14 - 2015-09-11 07:21 - 12388352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-15 10:14 - 2015-09-11 07:19 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-15 10:14 - 2015-09-11 07:17 - 09751552 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-15 10:14 - 2015-09-11 07:16 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-15 10:14 - 2015-09-11 07:16 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-15 10:14 - 2015-09-11 07:15 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-15 10:14 - 2015-09-11 07:15 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-15 10:14 - 2015-09-11 07:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-15 10:14 - 2015-09-11 07:14 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-15 10:14 - 2015-09-11 07:14 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-15 10:14 - 2015-09-11 07:14 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-15 10:14 - 2015-09-11 07:14 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-15 10:14 - 2015-09-11 07:14 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-10-15 10:14 - 2015-09-11 07:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-15 10:14 - 2015-09-11 07:14 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-15 10:14 - 2015-09-11 07:14 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-15 10:14 - 2015-09-11 07:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-15 10:14 - 2015-09-11 07:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-15 10:14 - 2015-09-11 07:14 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-10-15 10:14 - 2015-09-11 07:14 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-10-15 10:14 - 2015-09-11 07:14 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-06 11:36 - 2011-09-01 18:50 - 02046499 _____ C:\Windows\WindowsUpdate.log
2015-11-06 11:35 - 2006-11-02 10:33 - 00763586 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-06 11:32 - 2006-11-02 12:49 - 00110300 _____ C:\Windows\setupact.log
2015-11-06 11:29 - 2011-09-01 13:51 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-06 11:29 - 2011-09-01 11:08 - 00000147 _____ C:\Windows\system32\agent.log
2015-11-06 11:29 - 2006-11-02 12:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-06 11:29 - 2006-11-02 12:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-06 11:29 - 2006-11-02 12:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-06 11:28 - 2008-01-21 03:02 - 08305292 _____ C:\Windows\PFRO.log
2015-11-05 17:15 - 2008-10-17 20:48 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-11-05 17:14 - 2011-09-01 13:51 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-05 17:07 - 2006-11-02 12:58 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-05 17:05 - 2014-01-01 18:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-05 16:26 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\tapi
2015-11-05 15:40 - 2012-04-04 10:59 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3380226634-4216274146-2437852079-1002UA.job
2015-11-04 20:18 - 2011-10-04 07:26 - 00000000 ____D C:\Users\User\AppData\Roaming\Yahoo!
2015-11-04 20:18 - 2011-09-14 20:59 - 00000000 ____D C:\Users\User\AppData\LocalLow\Yahoo!
2015-11-04 19:11 - 2011-09-01 13:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-01 19:13 - 2012-02-06 21:29 - 219733038 _____ C:\Windows\MEMORY.DMP
2015-11-01 19:13 - 2012-02-06 21:29 - 00000000 ____D C:\Windows\Minidump
2015-10-29 12:39 - 2014-05-30 08:47 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-10-29 12:39 - 2011-12-14 20:32 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-29 12:35 - 2011-09-06 19:52 - 00000000 ____D C:\Users\Mum
2015-10-29 12:33 - 2011-12-14 20:36 - 00001830 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-24 21:31 - 2015-08-26 07:44 - 00000000 ____D C:\Users\Mum\Documents\Mothers Union General
2015-10-24 21:16 - 2014-06-08 10:25 - 00001975 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-24 19:57 - 2015-07-24 19:02 - 00000000 ____D C:\Users\Mum\Documents\mothers union service 2015
2015-10-16 19:06 - 2013-08-15 06:16 - 00000000 ____D C:\Windows\system32\MRT
2015-10-16 19:05 - 2012-11-17 16:58 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-10-16 19:05 - 2011-09-13 17:20 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-10-16 19:03 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\rescache
2015-10-16 18:44 - 2006-11-02 10:24 - 141105520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-10-11 17:40 - 2012-04-04 10:59 - 00000904 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3380226634-4216274146-2437852079-1002Core.job
 
==================== Files in the root of some directories =======
 
2012-01-21 22:00 - 2012-01-21 22:00 - 0000604 ____H () C:\Program Files\STLL Notifier
2015-11-03 19:41 - 2015-11-03 19:41 - 0000680 _____ () C:\Users\User\AppData\Local\d3d9caps.dat
2011-11-13 15:38 - 2012-12-04 00:14 - 0010240 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-11 11:33 - 2013-05-11 11:33 - 0000000 _____ () C:\ProgramData\as98213.txt
2012-10-18 10:43 - 2012-10-18 10:43 - 83023306 ____T () C:\ProgramData\nogolniw.pad
2013-05-11 11:33 - 2013-05-11 11:34 - 95023320 ____T () C:\ProgramData\rjotw.pad
2014-08-12 07:20 - 2014-08-12 07:20 - 0000113 _____ () C:\ProgramData\RUNDLL32.EXE-1116-F.txt
2014-08-12 07:17 - 2014-08-12 07:17 - 0000112 _____ () C:\ProgramData\RUNDLL32.EXE-1460-F.txt
2014-08-12 07:21 - 2014-08-12 07:21 - 0000111 _____ () C:\ProgramData\RUNDLL32.EXE-1464-F.txt
2014-08-12 07:16 - 2014-08-12 07:16 - 0000110 _____ () C:\ProgramData\RUNDLL32.EXE-1592-F.txt
2014-08-12 07:25 - 2014-08-12 07:25 - 0000111 _____ () C:\ProgramData\RUNDLL32.EXE-1764-F.txt
2014-08-12 07:27 - 2014-08-12 07:27 - 0000114 _____ () C:\ProgramData\RUNDLL32.EXE-2056-F.txt
2014-08-12 07:19 - 2014-08-12 07:19 - 0000110 _____ () C:\ProgramData\RUNDLL32.EXE-2104-F.txt
2014-08-12 07:22 - 2014-08-12 07:22 - 0000113 _____ () C:\ProgramData\RUNDLL32.EXE-2200-F.txt
2014-08-12 07:21 - 2014-08-12 07:21 - 0000112 _____ () C:\ProgramData\RUNDLL32.EXE-2420-F.txt
2014-08-12 07:21 - 2014-08-12 07:21 - 0000113 _____ () C:\ProgramData\RUNDLL32.EXE-2980-F.txt
2014-08-12 07:26 - 2014-08-12 07:27 - 0000169 _____ () C:\ProgramData\RUNDLL32.EXE-3264-F.txt
2014-08-12 07:24 - 2014-08-12 07:24 - 0000111 _____ () C:\ProgramData\RUNDLL32.EXE-3332-F.txt
2014-08-12 07:21 - 2014-08-12 07:21 - 0000113 _____ () C:\ProgramData\RUNDLL32.EXE-3424-F.txt
2014-08-12 07:26 - 2014-08-12 07:26 - 0000113 _____ () C:\ProgramData\RUNDLL32.EXE-936-F.txt
2012-01-21 22:00 - 2012-01-21 22:00 - 0000604 ____H () C:\ProgramData\T2
 
ZeroAccess:
C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}
C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\00000004.@
C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\1afb2d56
C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\201d3dde
C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\55490ac4
 
ZeroAccess:
C:\Users\Gavin\AppData\Local\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}
C:\Users\Gavin\AppData\Local\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\00000004.@
C:\Users\Gavin\AppData\Local\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\1afb2d56
ZeroAccess:
C:\Users\Gavin\AppData\Local\Google\Desktop\Install
 
Files to move or delete:
====================
C:\ProgramData\nogolniw.pad
C:\ProgramData\rjotw.pad
C:\Users\Gavin\AppData\Roaming\AltShell.ini
C:\Users\Gavin\AppData\Roaming\skype.ini
 
 
Some files in TEMP:
====================
C:\Users\Gareth\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Gavin\AppData\Local\Temp\ffmpeg15.exe
C:\Users\Gavin\AppData\Local\Temp\FH82E6.tmp.exe
C:\Users\Gavin\AppData\Local\Temp\FHF6BE.tmp.exe
C:\Users\Gavin\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Gavin\AppData\Local\Temp\qaa.exe
C:\Users\Gavin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Gavin\AppData\Local\Temp\_is4E9C.exe
C:\Users\Gavin\AppData\Local\Temp\_isE6F4.exe
C:\Users\Mum\AppData\Local\Temp\doxillionsetup.exe
C:\Users\Mum\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Mum\AppData\Local\Temp\tmp9yMiab4jIX.dll
C:\Users\Mum\AppData\Local\Temp\tmpQKe9MouZ2h.dll
C:\Users\Mum\AppData\Local\Temp\tmpvt2jhy63GW.dll
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\tmp0zc0eVhmxQ.dll
C:\Users\User\AppData\Local\Temp\tmp1c1GVIU84J.dll
C:\Users\User\AppData\Local\Temp\tmp1l47SssBde.dll
C:\Users\User\AppData\Local\Temp\tmp2k8FawlLfQ.dll
C:\Users\User\AppData\Local\Temp\tmp3Lo7JstFl3.dll
C:\Users\User\AppData\Local\Temp\tmp3TfP9nhUIW.dll
C:\Users\User\AppData\Local\Temp\tmp475ObzLlxo.dll
C:\Users\User\AppData\Local\Temp\tmp4bENBYyh1T.dll
C:\Users\User\AppData\Local\Temp\tmp4cfSd2Wxia.dll
C:\Users\User\AppData\Local\Temp\tmp4KnC4iB0cZ.dll
C:\Users\User\AppData\Local\Temp\tmp4XaID8XMHM.dll
C:\Users\User\AppData\Local\Temp\tmp54B5qllo27.dll
C:\Users\User\AppData\Local\Temp\tmp5fzYYyzMMr.dll
C:\Users\User\AppData\Local\Temp\tmp6PESvvu1aL.dll
C:\Users\User\AppData\Local\Temp\tmp6qx1U94rYl.dll
C:\Users\User\AppData\Local\Temp\tmp7CmF1Mg7aB.dll
C:\Users\User\AppData\Local\Temp\tmp7fjx2SC6ji.dll
C:\Users\User\AppData\Local\Temp\tmp7l60atdnJv.dll
C:\Users\User\AppData\Local\Temp\tmp7V63ExxCo7.dll
C:\Users\User\AppData\Local\Temp\tmp7Vvgbl8kBo.dll
C:\Users\User\AppData\Local\Temp\tmp8JFI6GDRvO.dll
C:\Users\User\AppData\Local\Temp\tmp8qUWH2iLhL.dll
C:\Users\User\AppData\Local\Temp\tmp9bB93aaUoV.dll
C:\Users\User\AppData\Local\Temp\tmp9c5MXrsq39.dll
C:\Users\User\AppData\Local\Temp\tmp9MuArwd07F.dll
C:\Users\User\AppData\Local\Temp\tmp9qy3GB2f5k.dll
C:\Users\User\AppData\Local\Temp\tmp9ttrkl7GLg.dll
C:\Users\User\AppData\Local\Temp\tmpAbGyRJ6jWn.dll
C:\Users\User\AppData\Local\Temp\tmpadIJnpp07a.dll
C:\Users\User\AppData\Local\Temp\tmpaJsKbCVLjq.dll
C:\Users\User\AppData\Local\Temp\tmpaOP4t3IvLJ.dll
C:\Users\User\AppData\Local\Temp\tmpARR1cBt8pD.dll
C:\Users\User\AppData\Local\Temp\tmpAY4MzTnbAj.dll
C:\Users\User\AppData\Local\Temp\tmpazRWKZM0XL.dll
C:\Users\User\AppData\Local\Temp\tmpB0A64eCv9a.dll
C:\Users\User\AppData\Local\Temp\tmpb1aypnM0PN.dll
C:\Users\User\AppData\Local\Temp\tmpb1GVvuoS2C.dll
C:\Users\User\AppData\Local\Temp\tmpBAnTsZSAVz.dll
C:\Users\User\AppData\Local\Temp\tmpbB6ClIJkMr.dll
C:\Users\User\AppData\Local\Temp\tmpbBgrfWoROi.dll
C:\Users\User\AppData\Local\Temp\tmpbimWV9ecXt.dll
C:\Users\User\AppData\Local\Temp\tmpbiwM6pkkhC.dll
C:\Users\User\AppData\Local\Temp\tmpbPPdvKX4Gj.dll
C:\Users\User\AppData\Local\Temp\tmpbxOYcydntb.dll
C:\Users\User\AppData\Local\Temp\tmpbzCAVqwcWh.dll
C:\Users\User\AppData\Local\Temp\tmpbZMzaBjjhu.dll
C:\Users\User\AppData\Local\Temp\tmpC5HnsZasav.dll
C:\Users\User\AppData\Local\Temp\tmpcCKTGFXAM2.dll
C:\Users\User\AppData\Local\Temp\tmpCdOtNaec0H.dll
C:\Users\User\AppData\Local\Temp\tmpCH9KjQ0pT0.dll
C:\Users\User\AppData\Local\Temp\tmpcM3BsOQWpe.dll
C:\Users\User\AppData\Local\Temp\tmpcmib0c3fzp.dll
C:\Users\User\AppData\Local\Temp\tmpCtKYkdL63Y.dll
C:\Users\User\AppData\Local\Temp\tmpCUFwnLYVZO.dll
C:\Users\User\AppData\Local\Temp\tmpD0A5LSWiwb.dll
C:\Users\User\AppData\Local\Temp\tmpDckgOJJeb8.dll
C:\Users\User\AppData\Local\Temp\tmpDG86Rbsb71.dll
C:\Users\User\AppData\Local\Temp\tmpdqlNvO7wYr.dll
C:\Users\User\AppData\Local\Temp\tmpDSd75MNr4P.dll
C:\Users\User\AppData\Local\Temp\tmpF3NrvW1s8q.dll
C:\Users\User\AppData\Local\Temp\tmpf5mFaNtGcX.dll
C:\Users\User\AppData\Local\Temp\tmpfA1MXAKcnj.dll
C:\Users\User\AppData\Local\Temp\tmpFf7XUVD5kk.dll
C:\Users\User\AppData\Local\Temp\tmpFFbpFhofB8.dll
C:\Users\User\AppData\Local\Temp\tmpfxatobVQmz.dll
C:\Users\User\AppData\Local\Temp\tmpg1Uv511XrT.dll
C:\Users\User\AppData\Local\Temp\tmpg61B8ME63M.dll
C:\Users\User\AppData\Local\Temp\tmpGbEiDAvfmK.dll
C:\Users\User\AppData\Local\Temp\tmpGEAsxX1tqS.dll
C:\Users\User\AppData\Local\Temp\tmpGeb59DW6b9.dll
C:\Users\User\AppData\Local\Temp\tmpgu8YbiNaiR.dll
C:\Users\User\AppData\Local\Temp\tmpgvw0NoLrJo.dll
C:\Users\User\AppData\Local\Temp\tmpgxqJb1b80f.dll
C:\Users\User\AppData\Local\Temp\tmpGXZavLMl9U.dll
C:\Users\User\AppData\Local\Temp\tmpH4Ua1bSrUr.dll
C:\Users\User\AppData\Local\Temp\tmpH78ILkKm1f.dll
C:\Users\User\AppData\Local\Temp\tmpHb0lE4U0Wv.dll
C:\Users\User\AppData\Local\Temp\tmpHe4rpZqGub.dll
C:\Users\User\AppData\Local\Temp\tmphebON8c6aY.dll
C:\Users\User\AppData\Local\Temp\tmpHMswK46EDe.dll
C:\Users\User\AppData\Local\Temp\tmpHQpU2ySLez.dll
C:\Users\User\AppData\Local\Temp\tmphTmiWxpQAf.dll
C:\Users\User\AppData\Local\Temp\tmpHUmlKTicCM.dll
C:\Users\User\AppData\Local\Temp\tmphvpQrnmMIR.dll
C:\Users\User\AppData\Local\Temp\tmpi2xtZ6iJUd.dll
C:\Users\User\AppData\Local\Temp\tmpj9wyQ4A6bu.dll
C:\Users\User\AppData\Local\Temp\tmpJBaXJ5lSCn.dll
C:\Users\User\AppData\Local\Temp\tmpjPJs5nAwVW.dll
C:\Users\User\AppData\Local\Temp\tmpjSXbftKfJO.dll
C:\Users\User\AppData\Local\Temp\tmpjWayb5EQK9.dll
C:\Users\User\AppData\Local\Temp\tmpJzAVbcAndv.dll
C:\Users\User\AppData\Local\Temp\tmpK6BeGeUkuP.dll
C:\Users\User\AppData\Local\Temp\tmpKfHQfZf1Gy.dll
C:\Users\User\AppData\Local\Temp\tmpKHRbiOj8oj.dll
C:\Users\User\AppData\Local\Temp\tmpkNhRWWBl7B.dll
C:\Users\User\AppData\Local\Temp\tmpKqfwwHIwPq.dll
C:\Users\User\AppData\Local\Temp\tmpkUczbOCNcp.dll
C:\Users\User\AppData\Local\Temp\tmpl1aQYDKorG.dll
C:\Users\User\AppData\Local\Temp\tmpLeygmUCt0S.dll
C:\Users\User\AppData\Local\Temp\tmpLJTbK72kaC.dll
C:\Users\User\AppData\Local\Temp\tmpLM9seYYPQR.dll
C:\Users\User\AppData\Local\Temp\tmplNFBi0DOKX.dll
C:\Users\User\AppData\Local\Temp\tmplWfRDWwbcT.dll
C:\Users\User\AppData\Local\Temp\tmplZzh3Wdz0P.dll
C:\Users\User\AppData\Local\Temp\tmpMa0CXuS9x2.dll
C:\Users\User\AppData\Local\Temp\tmpmiuj0VYPoT.dll
C:\Users\User\AppData\Local\Temp\tmpMRBGd0jk9G.dll
C:\Users\User\AppData\Local\Temp\tmpMYtKppTTMb.dll
C:\Users\User\AppData\Local\Temp\tmpMZOB9emFZu.dll
C:\Users\User\AppData\Local\Temp\tmpNaOQ6oBn5w.dll
C:\Users\User\AppData\Local\Temp\tmpNaR2eDGVkE.dll
C:\Users\User\AppData\Local\Temp\tmpNaUfUYkWig.dll
C:\Users\User\AppData\Local\Temp\tmpnDSrh3qduL.dll
C:\Users\User\AppData\Local\Temp\tmpNkdHhvaIZ0.dll
C:\Users\User\AppData\Local\Temp\tmpnn9fbyiaXa.dll
C:\Users\User\AppData\Local\Temp\tmpNOyF3kTEMr.dll
C:\Users\User\AppData\Local\Temp\tmpNya19JuNIR.dll
C:\Users\User\AppData\Local\Temp\tmpocPv6Vh7cS.dll
C:\Users\User\AppData\Local\Temp\tmpOjaUMTl71h.dll
C:\Users\User\AppData\Local\Temp\tmpPjcNZpLFZu.dll
C:\Users\User\AppData\Local\Temp\tmpPMBboKhwhY.dll
C:\Users\User\AppData\Local\Temp\tmppTKchmalW8.dll
C:\Users\User\AppData\Local\Temp\tmppvx8PGCzo0.dll
C:\Users\User\AppData\Local\Temp\tmpPXUmw0DU2f.dll
C:\Users\User\AppData\Local\Temp\tmpqabpfYVQ0n.dll
C:\Users\User\AppData\Local\Temp\tmpQKGGOg75Ta.dll
C:\Users\User\AppData\Local\Temp\tmpQQJAsLC65F.dll
C:\Users\User\AppData\Local\Temp\tmpQZvV2yP7dE.dll
C:\Users\User\AppData\Local\Temp\tmprcgxGZHKNg.dll
C:\Users\User\AppData\Local\Temp\tmprwzNDlvlPu.dll
C:\Users\User\AppData\Local\Temp\tmpryPpYS9CQg.dll
C:\Users\User\AppData\Local\Temp\tmpsMa0zk9JGx.dll
C:\Users\User\AppData\Local\Temp\tmpsnUEWvTcF5.dll
C:\Users\User\AppData\Local\Temp\tmpSVw4zbZ99X.dll
C:\Users\User\AppData\Local\Temp\tmpt5bf92nsTu.dll
C:\Users\User\AppData\Local\Temp\tmpTbM5GpTT4b.dll
C:\Users\User\AppData\Local\Temp\tmptM2C186o6P.dll
C:\Users\User\AppData\Local\Temp\tmpTSyX9O9fDT.dll
C:\Users\User\AppData\Local\Temp\tmpTWPOQlLvVM.dll
C:\Users\User\AppData\Local\Temp\tmpU8Sd9ZnILI.dll
C:\Users\User\AppData\Local\Temp\tmpUbX55dPviR.dll
C:\Users\User\AppData\Local\Temp\tmpuLMn9XYn9J.dll
C:\Users\User\AppData\Local\Temp\tmpV1dKJmAemg.dll
C:\Users\User\AppData\Local\Temp\tmpv4egYrq5Qa.dll
C:\Users\User\AppData\Local\Temp\tmpv9W7wgaCYK.dll
C:\Users\User\AppData\Local\Temp\tmpvCGt39kzF2.dll
C:\Users\User\AppData\Local\Temp\tmpVHXnbUhthP.dll
C:\Users\User\AppData\Local\Temp\tmpVJ3M3phUCm.dll
C:\Users\User\AppData\Local\Temp\tmpVqcRXKG1yE.dll
C:\Users\User\AppData\Local\Temp\tmpvTAPQf7DfP.dll
C:\Users\User\AppData\Local\Temp\tmpW54mm4aMQK.dll
C:\Users\User\AppData\Local\Temp\tmpWVPCUB9SjD.dll
C:\Users\User\AppData\Local\Temp\tmpx6cJbLUmBb.dll
C:\Users\User\AppData\Local\Temp\tmpxBl1CnsPQD.dll
C:\Users\User\AppData\Local\Temp\tmpXC4tso57G4.dll
C:\Users\User\AppData\Local\Temp\tmpXfkfb1P3nK.dll
C:\Users\User\AppData\Local\Temp\tmpXiZ5KiY2a3.dll
C:\Users\User\AppData\Local\Temp\tmpxkV1fMiY1u.dll
C:\Users\User\AppData\Local\Temp\tmpxnZa6kTruk.dll
C:\Users\User\AppData\Local\Temp\tmpXxbsDXf7m8.dll
C:\Users\User\AppData\Local\Temp\tmpXxybvYcUfM.dll
C:\Users\User\AppData\Local\Temp\tmpXyYsQzGkJv.dll
C:\Users\User\AppData\Local\Temp\tmpYCZppq4nd0.dll
C:\Users\User\AppData\Local\Temp\tmpyDw33HOFQi.dll
C:\Users\User\AppData\Local\Temp\tmpYj1QDQsyNu.dll
C:\Users\User\AppData\Local\Temp\tmpyJhSsfLyxg.dll
C:\Users\User\AppData\Local\Temp\tmpyk4z4XOVaD.dll
C:\Users\User\AppData\Local\Temp\tmpYLdnIsVZn5.dll
C:\Users\User\AppData\Local\Temp\tmpYV3Fsen2MF.dll
C:\Users\User\AppData\Local\Temp\tmpYvdJspGVWK.dll
C:\Users\User\AppData\Local\Temp\tmpYXYXOZmg26.dll
C:\Users\User\AppData\Local\Temp\tmpZmcznHQ0W9.dll
C:\Users\User\AppData\Local\Temp\tmpZmHtuEZbJk.dll
C:\Users\User\AppData\Local\Temp\tmpzp6RCTIf67.dll
C:\Users\User\AppData\Local\Temp\tmpzRyvyi4JM6.dll
C:\Users\User\AppData\Local\Temp\tmpztPYclXI7z.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-06 11:35
 
==================== End of FRST.txt ============================

 

 

Attached Files



#4 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 06 November 2015 - 01:44 PM

Hi ndonaldson2912,
 
Please do the following,
 
Uninstall some programs:
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • NCH Software
  • BitTorrent
  • Yahoo! Messenger
  • Yahoo! Software Update
  • C:\Program Files\NCH Software

After completing uninstalls, please manually reboot your machine!
:step1:    If you get the message like: An error occurred while trying to uninstall, just press Yes.
:step2:    If you are unable to uninstall all programs, please inform me, but continue with other steps.
 
Step 1:
FRST Script:
Please download this attached Attached File  Fixlist.txt   17.19KB   3 downloads   and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 06 November 2015 - 05:46 PM

Hi Yilmaz, thanks for replying. I have run FRST and the fixlog is below. 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:05-11-2015
Ran by User (2015-11-06 21:51:44) Run:3
Running from C:\Users\User\Downloads
Loaded Profiles: User & UpdatusUser (Available Profiles: User & Gavin & Mum & Katie & Gareth & UpdatusUser)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\nogolniw.pad
C:\ProgramData\rjotw.pad
C:\Users\Gavin\AppData\Roaming\AltShell.ini
C:\Users\Gavin\AppData\Roaming\skype.ini
ZeroAccess:
C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}
C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\00000004.@
C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\1afb2d56
C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\201d3dde
C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\55490ac4
ZeroAccess:
C:\Users\Gavin\AppData\Local\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}
C:\Users\Gavin\AppData\Local\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\00000004.@
C:\Users\Gavin\AppData\Local\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\1afb2d56
ZeroAccess:
C:\Users\Gavin\AppData\Local\Google\Desktop\Install
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
U3 a1qlgsyy; C:\Windows\system32\Drivers\a1qlgsyy.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S1 cnzhalxh; \??\C:\Windows\system32\drivers\cnzhalxh.sys [X]
S1 gmywjtwz; \??\C:\Windows\system32\drivers\gmywjtwz.sys [X]
S1 kzysggfg; \??\C:\Windows\system32\drivers\kzysggfg.sys [X]
S1 vomvclfn; \??\C:\Windows\system32\drivers\vomvclfn.sys [X]
S1 ywwthpsf; \??\C:\Windows\system32\drivers\ywwthpsf.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
C:\Users\Gareth\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Gavin\AppData\Local\Temp\ffmpeg15.exe
C:\Users\Gavin\AppData\Local\Temp\FH82E6.tmp.exe
C:\Users\Gavin\AppData\Local\Temp\FHF6BE.tmp.exe
C:\Users\Gavin\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Gavin\AppData\Local\Temp\qaa.exe
C:\Users\Gavin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Gavin\AppData\Local\Temp\_is4E9C.exe
C:\Users\Gavin\AppData\Local\Temp\_isE6F4.exe
C:\Users\Mum\AppData\Local\Temp\doxillionsetup.exe
C:\Users\Mum\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Mum\AppData\Local\Temp\tmp9yMiab4jIX.dll
C:\Users\Mum\AppData\Local\Temp\tmpQKe9MouZ2h.dll
C:\Users\Mum\AppData\Local\Temp\tmpvt2jhy63GW.dll
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\tmp0zc0eVhmxQ.dll
C:\Users\User\AppData\Local\Temp\tmp1c1GVIU84J.dll
C:\Users\User\AppData\Local\Temp\tmp1l47SssBde.dll
C:\Users\User\AppData\Local\Temp\tmp2k8FawlLfQ.dll
C:\Users\User\AppData\Local\Temp\tmp3Lo7JstFl3.dll
C:\Users\User\AppData\Local\Temp\tmp3TfP9nhUIW.dll
C:\Users\User\AppData\Local\Temp\tmp475ObzLlxo.dll
C:\Users\User\AppData\Local\Temp\tmp4bENBYyh1T.dll
C:\Users\User\AppData\Local\Temp\tmp4cfSd2Wxia.dll
C:\Users\User\AppData\Local\Temp\tmp4KnC4iB0cZ.dll
C:\Users\User\AppData\Local\Temp\tmp4XaID8XMHM.dll
C:\Users\User\AppData\Local\Temp\tmp54B5qllo27.dll
C:\Users\User\AppData\Local\Temp\tmp5fzYYyzMMr.dll
C:\Users\User\AppData\Local\Temp\tmp6PESvvu1aL.dll
C:\Users\User\AppData\Local\Temp\tmp6qx1U94rYl.dll
C:\Users\User\AppData\Local\Temp\tmp7CmF1Mg7aB.dll
C:\Users\User\AppData\Local\Temp\tmp7fjx2SC6ji.dll
C:\Users\User\AppData\Local\Temp\tmp7l60atdnJv.dll
C:\Users\User\AppData\Local\Temp\tmp7V63ExxCo7.dll
C:\Users\User\AppData\Local\Temp\tmp7Vvgbl8kBo.dll
C:\Users\User\AppData\Local\Temp\tmp8JFI6GDRvO.dll
C:\Users\User\AppData\Local\Temp\tmp8qUWH2iLhL.dll
C:\Users\User\AppData\Local\Temp\tmp9bB93aaUoV.dll
C:\Users\User\AppData\Local\Temp\tmp9c5MXrsq39.dll
C:\Users\User\AppData\Local\Temp\tmp9MuArwd07F.dll
C:\Users\User\AppData\Local\Temp\tmp9qy3GB2f5k.dll
C:\Users\User\AppData\Local\Temp\tmp9ttrkl7GLg.dll
C:\Users\User\AppData\Local\Temp\tmpAbGyRJ6jWn.dll
C:\Users\User\AppData\Local\Temp\tmpadIJnpp07a.dll
C:\Users\User\AppData\Local\Temp\tmpaJsKbCVLjq.dll
C:\Users\User\AppData\Local\Temp\tmpaOP4t3IvLJ.dll
C:\Users\User\AppData\Local\Temp\tmpARR1cBt8pD.dll
C:\Users\User\AppData\Local\Temp\tmpAY4MzTnbAj.dll
C:\Users\User\AppData\Local\Temp\tmpazRWKZM0XL.dll
C:\Users\User\AppData\Local\Temp\tmpB0A64eCv9a.dll
C:\Users\User\AppData\Local\Temp\tmpb1aypnM0PN.dll
C:\Users\User\AppData\Local\Temp\tmpb1GVvuoS2C.dll
C:\Users\User\AppData\Local\Temp\tmpBAnTsZSAVz.dll
C:\Users\User\AppData\Local\Temp\tmpbB6ClIJkMr.dll
C:\Users\User\AppData\Local\Temp\tmpbBgrfWoROi.dll
C:\Users\User\AppData\Local\Temp\tmpbimWV9ecXt.dll
C:\Users\User\AppData\Local\Temp\tmpbiwM6pkkhC.dll
C:\Users\User\AppData\Local\Temp\tmpbPPdvKX4Gj.dll
C:\Users\User\AppData\Local\Temp\tmpbxOYcydntb.dll
C:\Users\User\AppData\Local\Temp\tmpbzCAVqwcWh.dll
C:\Users\User\AppData\Local\Temp\tmpbZMzaBjjhu.dll
C:\Users\User\AppData\Local\Temp\tmpC5HnsZasav.dll
C:\Users\User\AppData\Local\Temp\tmpcCKTGFXAM2.dll
C:\Users\User\AppData\Local\Temp\tmpCdOtNaec0H.dll
C:\Users\User\AppData\Local\Temp\tmpCH9KjQ0pT0.dll
C:\Users\User\AppData\Local\Temp\tmpcM3BsOQWpe.dll
C:\Users\User\AppData\Local\Temp\tmpcmib0c3fzp.dll
C:\Users\User\AppData\Local\Temp\tmpCtKYkdL63Y.dll
C:\Users\User\AppData\Local\Temp\tmpCUFwnLYVZO.dll
C:\Users\User\AppData\Local\Temp\tmpD0A5LSWiwb.dll
C:\Users\User\AppData\Local\Temp\tmpDckgOJJeb8.dll
C:\Users\User\AppData\Local\Temp\tmpDG86Rbsb71.dll
C:\Users\User\AppData\Local\Temp\tmpdqlNvO7wYr.dll
C:\Users\User\AppData\Local\Temp\tmpDSd75MNr4P.dll
C:\Users\User\AppData\Local\Temp\tmpF3NrvW1s8q.dll
C:\Users\User\AppData\Local\Temp\tmpf5mFaNtGcX.dll
C:\Users\User\AppData\Local\Temp\tmpfA1MXAKcnj.dll
C:\Users\User\AppData\Local\Temp\tmpFf7XUVD5kk.dll
C:\Users\User\AppData\Local\Temp\tmpFFbpFhofB8.dll
C:\Users\User\AppData\Local\Temp\tmpfxatobVQmz.dll
C:\Users\User\AppData\Local\Temp\tmpg1Uv511XrT.dll
C:\Users\User\AppData\Local\Temp\tmpg61B8ME63M.dll
C:\Users\User\AppData\Local\Temp\tmpGbEiDAvfmK.dll
C:\Users\User\AppData\Local\Temp\tmpGEAsxX1tqS.dll
C:\Users\User\AppData\Local\Temp\tmpGeb59DW6b9.dll
C:\Users\User\AppData\Local\Temp\tmpgu8YbiNaiR.dll
C:\Users\User\AppData\Local\Temp\tmpgvw0NoLrJo.dll
C:\Users\User\AppData\Local\Temp\tmpgxqJb1b80f.dll
C:\Users\User\AppData\Local\Temp\tmpGXZavLMl9U.dll
C:\Users\User\AppData\Local\Temp\tmpH4Ua1bSrUr.dll
C:\Users\User\AppData\Local\Temp\tmpH78ILkKm1f.dll
C:\Users\User\AppData\Local\Temp\tmpHb0lE4U0Wv.dll
C:\Users\User\AppData\Local\Temp\tmpHe4rpZqGub.dll
C:\Users\User\AppData\Local\Temp\tmphebON8c6aY.dll
C:\Users\User\AppData\Local\Temp\tmpHMswK46EDe.dll
C:\Users\User\AppData\Local\Temp\tmpHQpU2ySLez.dll
C:\Users\User\AppData\Local\Temp\tmphTmiWxpQAf.dll
C:\Users\User\AppData\Local\Temp\tmpHUmlKTicCM.dll
C:\Users\User\AppData\Local\Temp\tmphvpQrnmMIR.dll
C:\Users\User\AppData\Local\Temp\tmpi2xtZ6iJUd.dll
C:\Users\User\AppData\Local\Temp\tmpj9wyQ4A6bu.dll
C:\Users\User\AppData\Local\Temp\tmpJBaXJ5lSCn.dll
C:\Users\User\AppData\Local\Temp\tmpjPJs5nAwVW.dll
C:\Users\User\AppData\Local\Temp\tmpjSXbftKfJO.dll
C:\Users\User\AppData\Local\Temp\tmpjWayb5EQK9.dll
C:\Users\User\AppData\Local\Temp\tmpJzAVbcAndv.dll
C:\Users\User\AppData\Local\Temp\tmpK6BeGeUkuP.dll
C:\Users\User\AppData\Local\Temp\tmpKfHQfZf1Gy.dll
C:\Users\User\AppData\Local\Temp\tmpKHRbiOj8oj.dll
C:\Users\User\AppData\Local\Temp\tmpkNhRWWBl7B.dll
C:\Users\User\AppData\Local\Temp\tmpKqfwwHIwPq.dll
C:\Users\User\AppData\Local\Temp\tmpkUczbOCNcp.dll
C:\Users\User\AppData\Local\Temp\tmpl1aQYDKorG.dll
C:\Users\User\AppData\Local\Temp\tmpLeygmUCt0S.dll
C:\Users\User\AppData\Local\Temp\tmpLJTbK72kaC.dll
C:\Users\User\AppData\Local\Temp\tmpLM9seYYPQR.dll
C:\Users\User\AppData\Local\Temp\tmplNFBi0DOKX.dll
C:\Users\User\AppData\Local\Temp\tmplWfRDWwbcT.dll
C:\Users\User\AppData\Local\Temp\tmplZzh3Wdz0P.dll
C:\Users\User\AppData\Local\Temp\tmpMa0CXuS9x2.dll
C:\Users\User\AppData\Local\Temp\tmpmiuj0VYPoT.dll
C:\Users\User\AppData\Local\Temp\tmpMRBGd0jk9G.dll
C:\Users\User\AppData\Local\Temp\tmpMYtKppTTMb.dll
C:\Users\User\AppData\Local\Temp\tmpMZOB9emFZu.dll
C:\Users\User\AppData\Local\Temp\tmpNaOQ6oBn5w.dll
C:\Users\User\AppData\Local\Temp\tmpNaR2eDGVkE.dll
C:\Users\User\AppData\Local\Temp\tmpNaUfUYkWig.dll
C:\Users\User\AppData\Local\Temp\tmpnDSrh3qduL.dll
C:\Users\User\AppData\Local\Temp\tmpNkdHhvaIZ0.dll
C:\Users\User\AppData\Local\Temp\tmpnn9fbyiaXa.dll
C:\Users\User\AppData\Local\Temp\tmpNOyF3kTEMr.dll
C:\Users\User\AppData\Local\Temp\tmpNya19JuNIR.dll
C:\Users\User\AppData\Local\Temp\tmpocPv6Vh7cS.dll
C:\Users\User\AppData\Local\Temp\tmpOjaUMTl71h.dll
C:\Users\User\AppData\Local\Temp\tmpPjcNZpLFZu.dll
C:\Users\User\AppData\Local\Temp\tmpPMBboKhwhY.dll
C:\Users\User\AppData\Local\Temp\tmppTKchmalW8.dll
C:\Users\User\AppData\Local\Temp\tmppvx8PGCzo0.dll
C:\Users\User\AppData\Local\Temp\tmpPXUmw0DU2f.dll
C:\Users\User\AppData\Local\Temp\tmpqabpfYVQ0n.dll
C:\Users\User\AppData\Local\Temp\tmpQKGGOg75Ta.dll
C:\Users\User\AppData\Local\Temp\tmpQQJAsLC65F.dll
C:\Users\User\AppData\Local\Temp\tmpQZvV2yP7dE.dll
C:\Users\User\AppData\Local\Temp\tmprcgxGZHKNg.dll
C:\Users\User\AppData\Local\Temp\tmprwzNDlvlPu.dll
C:\Users\User\AppData\Local\Temp\tmpryPpYS9CQg.dll
C:\Users\User\AppData\Local\Temp\tmpsMa0zk9JGx.dll
C:\Users\User\AppData\Local\Temp\tmpsnUEWvTcF5.dll
C:\Users\User\AppData\Local\Temp\tmpSVw4zbZ99X.dll
C:\Users\User\AppData\Local\Temp\tmpt5bf92nsTu.dll
C:\Users\User\AppData\Local\Temp\tmpTbM5GpTT4b.dll
C:\Users\User\AppData\Local\Temp\tmptM2C186o6P.dll
C:\Users\User\AppData\Local\Temp\tmpTSyX9O9fDT.dll
C:\Users\User\AppData\Local\Temp\tmpTWPOQlLvVM.dll
C:\Users\User\AppData\Local\Temp\tmpU8Sd9ZnILI.dll
C:\Users\User\AppData\Local\Temp\tmpUbX55dPviR.dll
C:\Users\User\AppData\Local\Temp\tmpuLMn9XYn9J.dll
C:\Users\User\AppData\Local\Temp\tmpV1dKJmAemg.dll
C:\Users\User\AppData\Local\Temp\tmpv4egYrq5Qa.dll
C:\Users\User\AppData\Local\Temp\tmpv9W7wgaCYK.dll
C:\Users\User\AppData\Local\Temp\tmpvCGt39kzF2.dll
C:\Users\User\AppData\Local\Temp\tmpVHXnbUhthP.dll
C:\Users\User\AppData\Local\Temp\tmpVJ3M3phUCm.dll
C:\Users\User\AppData\Local\Temp\tmpVqcRXKG1yE.dll
C:\Users\User\AppData\Local\Temp\tmpvTAPQf7DfP.dll
C:\Users\User\AppData\Local\Temp\tmpW54mm4aMQK.dll
C:\Users\User\AppData\Local\Temp\tmpWVPCUB9SjD.dll
C:\Users\User\AppData\Local\Temp\tmpx6cJbLUmBb.dll
C:\Users\User\AppData\Local\Temp\tmpxBl1CnsPQD.dll
C:\Users\User\AppData\Local\Temp\tmpXC4tso57G4.dll
C:\Users\User\AppData\Local\Temp\tmpXfkfb1P3nK.dll
C:\Users\User\AppData\Local\Temp\tmpXiZ5KiY2a3.dll
C:\Users\User\AppData\Local\Temp\tmpxkV1fMiY1u.dll
C:\Users\User\AppData\Local\Temp\tmpxnZa6kTruk.dll
C:\Users\User\AppData\Local\Temp\tmpXxbsDXf7m8.dll
C:\Users\User\AppData\Local\Temp\tmpXxybvYcUfM.dll
C:\Users\User\AppData\Local\Temp\tmpXyYsQzGkJv.dll
C:\Users\User\AppData\Local\Temp\tmpYCZppq4nd0.dll
C:\Users\User\AppData\Local\Temp\tmpyDw33HOFQi.dll
C:\Users\User\AppData\Local\Temp\tmpYj1QDQsyNu.dll
C:\Users\User\AppData\Local\Temp\tmpyJhSsfLyxg.dll
C:\Users\User\AppData\Local\Temp\tmpyk4z4XOVaD.dll
C:\Users\User\AppData\Local\Temp\tmpYLdnIsVZn5.dll
C:\Users\User\AppData\Local\Temp\tmpYV3Fsen2MF.dll
C:\Users\User\AppData\Local\Temp\tmpYvdJspGVWK.dll
C:\Users\User\AppData\Local\Temp\tmpYXYXOZmg26.dll
C:\Users\User\AppData\Local\Temp\tmpZmcznHQ0W9.dll
C:\Users\User\AppData\Local\Temp\tmpZmHtuEZbJk.dll
C:\Users\User\AppData\Local\Temp\tmpzp6RCTIf67.dll
C:\Users\User\AppData\Local\Temp\tmpzRyvyi4JM6.dll
C:\Users\User\AppData\Local\Temp\tmpztPYclXI7z.dll
2013-05-11 11:33 - 2013-05-11 11:33 - 0000000 _____ () C:\ProgramData\as98213.txt
2012-10-18 10:43 - 2012-10-18 10:43 - 83023306 ____T () C:\ProgramData\nogolniw.pad
2013-05-11 11:33 - 2013-05-11 11:34 - 95023320 ____T () C:\ProgramData\rjotw.pad
2014-08-12 07:20 - 2014-08-12 07:20 - 0000113 _____ () C:\ProgramData\RUNDLL32.EXE-1116-F.txt
2014-08-12 07:17 - 2014-08-12 07:17 - 0000112 _____ () C:\ProgramData\RUNDLL32.EXE-1460-F.txt
2014-08-12 07:21 - 2014-08-12 07:21 - 0000111 _____ () C:\ProgramData\RUNDLL32.EXE-1464-F.txt
2014-08-12 07:16 - 2014-08-12 07:16 - 0000110 _____ () C:\ProgramData\RUNDLL32.EXE-1592-F.txt
2014-08-12 07:25 - 2014-08-12 07:25 - 0000111 _____ () C:\ProgramData\RUNDLL32.EXE-1764-F.txt
2014-08-12 07:27 - 2014-08-12 07:27 - 0000114 _____ () C:\ProgramData\RUNDLL32.EXE-2056-F.txt
2014-08-12 07:19 - 2014-08-12 07:19 - 0000110 _____ () C:\ProgramData\RUNDLL32.EXE-2104-F.txt
2014-08-12 07:22 - 2014-08-12 07:22 - 0000113 _____ () C:\ProgramData\RUNDLL32.EXE-2200-F.txt
2014-08-12 07:21 - 2014-08-12 07:21 - 0000112 _____ () C:\ProgramData\RUNDLL32.EXE-2420-F.txt
2014-08-12 07:21 - 2014-08-12 07:21 - 0000113 _____ () C:\ProgramData\RUNDLL32.EXE-2980-F.txt
2014-08-12 07:26 - 2014-08-12 07:27 - 0000169 _____ () C:\ProgramData\RUNDLL32.EXE-3264-F.txt
2014-08-12 07:24 - 2014-08-12 07:24 - 0000111 _____ () C:\ProgramData\RUNDLL32.EXE-3332-F.txt
2014-08-12 07:21 - 2014-08-12 07:21 - 0000113 _____ () C:\ProgramData\RUNDLL32.EXE-3424-F.txt
2014-08-12 07:26 - 2014-08-12 07:26 - 0000113 _____ () C:\ProgramData\RUNDLL32.EXE-936-F.txt
2015-11-04 20:18 - 2011-10-04 07:26 - 00000000 ____D C:\Users\User\AppData\Roaming\Yahoo!
2015-11-04 20:18 - 2011-09-14 20:59 - 00000000 ____D C:\Users\User\AppData\LocalLow\Yahoo!
C:\Windows\PFRO.log
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys
CustomCLSID: HKU\S-1-5-21-3380226634-4216274146-2437852079-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\User\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-3380226634-4216274146-2437852079-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CustomCLSID: HKU\S-1-5-21-3380226634-4216274146-2437852079-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Mum\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-3380226634-4216274146-2437852079-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Mum\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
Task: {72554F71-26C1-4AFB-BEBD-79D4CB6315C0} - System32\Tasks\NCH Software\prismDowngrade => C:\Program Files\NCH Software\Prism\prism.exe [2011-12-05] (NCH Software)
Task: {CE67D3BC-985E-4016-90A9-D1C6E7DB163C} - System32\Tasks\NCH Software\prismShakeIcon => C:\Program Files\NCH Software\Prism\Prism.exe
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\...\MountPoints2: {6eba9d29-da4c-11e0-a106-00251108631e} - F:\LaunchU3.exe
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\...\MountPoints2: {fa96d983-8261-11e5-8d1b-806e6f6e6963} - D:\Autorun.exe
Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vb32&d=0911&m=aspire_x1700
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vb32&d=0911&m=aspire_x1700
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-3380226634-4216274146-2437852079-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB450
SearchScopes: HKU\S-1-5-21-3380226634-4216274146-2437852079-1000 -> {289CF96E-E6F8-41F4-B3EA-51D23E9EE5DF} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3380226634-4216274146-2437852079-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB450
SearchScopes: HKU\S-1-5-21-3380226634-4216274146-2437852079-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKU\S-1-5-21-3380226634-4216274146-2437852079-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
CMD: bitsadmin /reset /allusers
cmd: netsh winsock reset
EmptyTemp:
Hosts:
Reboot:
*****************
 
Restore point was successfully created.
Processes closed successfully.
"C:\ProgramData\nogolniw.pad" => not found.
"C:\ProgramData\rjotw.pad" => not found.
"C:\Users\Gavin\AppData\Roaming\AltShell.ini" => not found.
"C:\Users\Gavin\AppData\Roaming\skype.ini" => not found.
ZeroAccess: => Error: No automatic fix found for this entry.
"C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}" => not found.
"C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\00000004.@" => not found.
"C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\1afb2d56" => not found.
"C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\201d3dde" => not found.
"C:\Windows\Installer\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\55490ac4" => not found.
ZeroAccess: => Error: No automatic fix found for this entry.
"C:\Users\Gavin\AppData\Local\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}" => not found.
"C:\Users\Gavin\AppData\Local\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\00000004.@" => not found.
"C:\Users\Gavin\AppData\Local\{6bd5e82b-ccf9-bd2c-3daf-70d2acba6466}\L\1afb2d56" => not found.
ZeroAccess: => Error: No automatic fix found for this entry.
"C:\Users\Gavin\AppData\Local\Google\Desktop\Install" => not found.
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => key not found. 
a1qlgsyy => service not found.
cnzhalxh => service not found.
gmywjtwz => service not found.
kzysggfg => service not found.
vomvclfn => service not found.
ywwthpsf => service not found.
NwlnkFlt => service not found.
NwlnkFwd => service not found.
IpInIp => service not found.
"C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB" => not found.
"C:\Users\Gareth\AppData\Local\Temp\InstallFlashPlayer.exe" => not found.
"C:\Users\Gavin\AppData\Local\Temp\ffmpeg15.exe" => not found.
"C:\Users\Gavin\AppData\Local\Temp\FH82E6.tmp.exe" => not found.
"C:\Users\Gavin\AppData\Local\Temp\FHF6BE.tmp.exe" => not found.
"C:\Users\Gavin\AppData\Local\Temp\InstallFlashPlayer.exe" => not found.
"C:\Users\Gavin\AppData\Local\Temp\qaa.exe" => not found.
"C:\Users\Gavin\AppData\Local\Temp\SkypeSetup.exe" => not found.
"C:\Users\Gavin\AppData\Local\Temp\_is4E9C.exe" => not found.
"C:\Users\Gavin\AppData\Local\Temp\_isE6F4.exe" => not found.
"C:\Users\Mum\AppData\Local\Temp\doxillionsetup.exe" => not found.
"C:\Users\Mum\AppData\Local\Temp\drm_dialogs.dll" => not found.
"C:\Users\Mum\AppData\Local\Temp\tmp9yMiab4jIX.dll" => not found.
"C:\Users\Mum\AppData\Local\Temp\tmpQKe9MouZ2h.dll" => not found.
"C:\Users\Mum\AppData\Local\Temp\tmpvt2jhy63GW.dll" => not found.
"C:\Users\User\AppData\Local\Temp\sqlite3.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp0zc0eVhmxQ.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp1c1GVIU84J.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp1l47SssBde.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp2k8FawlLfQ.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp3Lo7JstFl3.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp3TfP9nhUIW.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp475ObzLlxo.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp4bENBYyh1T.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp4cfSd2Wxia.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp4KnC4iB0cZ.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp4XaID8XMHM.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp54B5qllo27.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp5fzYYyzMMr.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp6PESvvu1aL.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp6qx1U94rYl.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp7CmF1Mg7aB.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp7fjx2SC6ji.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp7l60atdnJv.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp7V63ExxCo7.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp7Vvgbl8kBo.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp8JFI6GDRvO.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp8qUWH2iLhL.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp9bB93aaUoV.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp9c5MXrsq39.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp9MuArwd07F.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp9qy3GB2f5k.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmp9ttrkl7GLg.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpAbGyRJ6jWn.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpadIJnpp07a.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpaJsKbCVLjq.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpaOP4t3IvLJ.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpARR1cBt8pD.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpAY4MzTnbAj.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpazRWKZM0XL.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpB0A64eCv9a.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpb1aypnM0PN.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpb1GVvuoS2C.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpBAnTsZSAVz.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpbB6ClIJkMr.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpbBgrfWoROi.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpbimWV9ecXt.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpbiwM6pkkhC.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpbPPdvKX4Gj.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpbxOYcydntb.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpbzCAVqwcWh.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpbZMzaBjjhu.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpC5HnsZasav.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpcCKTGFXAM2.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpCdOtNaec0H.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpCH9KjQ0pT0.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpcM3BsOQWpe.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpcmib0c3fzp.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpCtKYkdL63Y.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpCUFwnLYVZO.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpD0A5LSWiwb.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpDckgOJJeb8.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpDG86Rbsb71.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpdqlNvO7wYr.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpDSd75MNr4P.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpF3NrvW1s8q.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpf5mFaNtGcX.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpfA1MXAKcnj.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpFf7XUVD5kk.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpFFbpFhofB8.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpfxatobVQmz.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpg1Uv511XrT.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpg61B8ME63M.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpGbEiDAvfmK.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpGEAsxX1tqS.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpGeb59DW6b9.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpgu8YbiNaiR.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpgvw0NoLrJo.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpgxqJb1b80f.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpGXZavLMl9U.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpH4Ua1bSrUr.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpH78ILkKm1f.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpHb0lE4U0Wv.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpHe4rpZqGub.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmphebON8c6aY.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpHMswK46EDe.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpHQpU2ySLez.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmphTmiWxpQAf.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpHUmlKTicCM.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmphvpQrnmMIR.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpi2xtZ6iJUd.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpj9wyQ4A6bu.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpJBaXJ5lSCn.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpjPJs5nAwVW.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpjSXbftKfJO.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpjWayb5EQK9.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpJzAVbcAndv.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpK6BeGeUkuP.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpKfHQfZf1Gy.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpKHRbiOj8oj.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpkNhRWWBl7B.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpKqfwwHIwPq.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpkUczbOCNcp.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpl1aQYDKorG.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpLeygmUCt0S.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpLJTbK72kaC.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpLM9seYYPQR.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmplNFBi0DOKX.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmplWfRDWwbcT.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmplZzh3Wdz0P.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpMa0CXuS9x2.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpmiuj0VYPoT.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpMRBGd0jk9G.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpMYtKppTTMb.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpMZOB9emFZu.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpNaOQ6oBn5w.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpNaR2eDGVkE.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpNaUfUYkWig.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpnDSrh3qduL.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpNkdHhvaIZ0.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpnn9fbyiaXa.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpNOyF3kTEMr.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpNya19JuNIR.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpocPv6Vh7cS.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpOjaUMTl71h.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpPjcNZpLFZu.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpPMBboKhwhY.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmppTKchmalW8.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmppvx8PGCzo0.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpPXUmw0DU2f.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpqabpfYVQ0n.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpQKGGOg75Ta.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpQQJAsLC65F.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpQZvV2yP7dE.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmprcgxGZHKNg.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmprwzNDlvlPu.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpryPpYS9CQg.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpsMa0zk9JGx.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpsnUEWvTcF5.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpSVw4zbZ99X.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpt5bf92nsTu.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpTbM5GpTT4b.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmptM2C186o6P.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpTSyX9O9fDT.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpTWPOQlLvVM.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpU8Sd9ZnILI.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpUbX55dPviR.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpuLMn9XYn9J.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpV1dKJmAemg.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpv4egYrq5Qa.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpv9W7wgaCYK.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpvCGt39kzF2.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpVHXnbUhthP.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpVJ3M3phUCm.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpVqcRXKG1yE.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpvTAPQf7DfP.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpW54mm4aMQK.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpWVPCUB9SjD.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpx6cJbLUmBb.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpxBl1CnsPQD.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpXC4tso57G4.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpXfkfb1P3nK.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpXiZ5KiY2a3.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpxkV1fMiY1u.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpxnZa6kTruk.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpXxbsDXf7m8.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpXxybvYcUfM.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpXyYsQzGkJv.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpYCZppq4nd0.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpyDw33HOFQi.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpYj1QDQsyNu.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpyJhSsfLyxg.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpyk4z4XOVaD.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpYLdnIsVZn5.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpYV3Fsen2MF.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpYvdJspGVWK.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpYXYXOZmg26.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpZmcznHQ0W9.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpZmHtuEZbJk.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpzp6RCTIf67.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpzRyvyi4JM6.dll" => not found.
"C:\Users\User\AppData\Local\Temp\tmpztPYclXI7z.dll" => not found.
"C:\ProgramData\as98213.txt" => not found.
"C:\ProgramData\nogolniw.pad" => not found.
"C:\ProgramData\rjotw.pad" => not found.
"C:\ProgramData\RUNDLL32.EXE-1116-F.txt" => not found.
"C:\ProgramData\RUNDLL32.EXE-1460-F.txt" => not found.
"C:\ProgramData\RUNDLL32.EXE-1464-F.txt" => not found.
"C:\ProgramData\RUNDLL32.EXE-1592-F.txt" => not found.
"C:\ProgramData\RUNDLL32.EXE-1764-F.txt" => not found.
"C:\ProgramData\RUNDLL32.EXE-2056-F.txt" => not found.
"C:\ProgramData\RUNDLL32.EXE-2104-F.txt" => not found.
"C:\ProgramData\RUNDLL32.EXE-2200-F.txt" => not found.
"C:\ProgramData\RUNDLL32.EXE-2420-F.txt" => not found.
"C:\ProgramData\RUNDLL32.EXE-2980-F.txt" => not found.
"C:\ProgramData\RUNDLL32.EXE-3264-F.txt" => not found.
"C:\ProgramData\RUNDLL32.EXE-3332-F.txt" => not found.
"C:\ProgramData\RUNDLL32.EXE-3424-F.txt" => not found.
"C:\ProgramData\RUNDLL32.EXE-936-F.txt" => not found.
"C:\Users\User\AppData\Roaming\Yahoo!" => not found.
C:\Users\User\AppData\LocalLow\Yahoo! => moved successfully
C:\Windows\PFRO.log => moved successfully
catchme => service removed successfully.
"HKU\S-1-5-21-3380226634-4216274146-2437852079-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}" => key removed successfully.
"HKU\S-1-5-21-3380226634-4216274146-2437852079-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}" => key removed successfully.
HKU\S-1-5-21-3380226634-4216274146-2437852079-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6} => key not found. 
HKU\S-1-5-21-3380226634-4216274146-2437852079-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72554F71-26C1-4AFB-BEBD-79D4CB6315C0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72554F71-26C1-4AFB-BEBD-79D4CB6315C0}" => key removed successfully.
C:\Windows\System32\Tasks\NCH Software\prismDowngrade => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NCH Software\prismDowngrade" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE67D3BC-985E-4016-90A9-D1C6E7DB163C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE67D3BC-985E-4016-90A9-D1C6E7DB163C}" => key removed successfully.
C:\Windows\System32\Tasks\NCH Software\prismShakeIcon => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NCH Software\prismShakeIcon" => key removed successfully.
"HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eba9d29-da4c-11e0-a106-00251108631e}" => key removed successfully.
HKCR\CLSID\{6eba9d29-da4c-11e0-a106-00251108631e} => key not found. 
"HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa96d983-8261-11e5-8d1b-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{fa96d983-8261-11e5-8d1b-806e6f6e6963} => key not found. 
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000006\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => key removed successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found. 
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found. 
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{289CF96E-E6F8-41F4-B3EA-51D23E9EE5DF}" => key removed successfully.
HKCR\CLSID\{289CF96E-E6F8-41F4-B3EA-51D23E9EE5DF} => key not found. 
"HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => key removed successfully.
HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found. 
"HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => key removed successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} => value removed successfully.
HKCR\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0} => key not found. 
HKU\S-1-5-21-3380226634-4216274146-2437852079-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 => key not found. 
C:\Program Files\Yahoo!\Shared\npYState.dll => not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
{6C5B1C51-1E5A-4A1A-8DEE-2FF31ABC47C4} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 8.6 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 22:21:07 ====


#6 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 07 November 2015 - 05:18 PM

Please post also Malwarebytes Antimalware scan log.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 12 November 2015 - 10:25 AM

4 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 12 November 2015 - 10:28 AM

Sorry guys. After running the fix file on Farrar and doing a scan with malware. All came back clear so thanks for all your help! Really appreciate it...

ndonaldson2912

#9 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 12 November 2015 - 12:57 PM

Vey good.
is everything ok and do not want continue ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 AM

Posted 12 November 2015 - 01:07 PM

Everything is ok, thanks

#11 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 12 November 2015 - 02:11 PM

Okay. Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 12 November 2015 - 02:11 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users