Police e-Crime Unit

J

jamespev

New Member
Thread author
Nov 19, 2013
6
Most the data is above really but seem to have tried everything for this and still nothing works. Ive had this twice before now but the first 2 time i could just boot up using F8 and then "directory service restore mode" and then running combofix, but this time i cant even get the pc to fire up to run anything.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>

<li>For 32 bit systems download <>Farbar Recovery Scan Tool</> and save it to a USB/flash drive.

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst64</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>
 
Last edited by a moderator:
J

jamespev

New Member
Thread author
Nov 19, 2013
6
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by SYSTEM on MININT-VU2MV0F on 19-11-2013 15:45:32
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0ANQAwADkAOAA1ADcANQA3ADAALQBYAE8AMwA2ACsAMQAtAFMAVAAxACsAMgAtAFQAQgA5ACsAMgAtAE4AMQBEACsAMQAtAFAATAArADkALQBEAEQAVAArADIAMgAzADkANgAtAEQARAA5ADAAKwAxAC0AUwBUADkAMABBAFAAUAArADEALQBGAFUASQArADIALQBQADkAMABUAEIAKwAyAC0ARAAzADgAMQBMACsANQA"&"prod=54"&"ver=9.0.894 [x]
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-03] (Egis Technology Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-22] (AVG Technologies CZ, s.r.o.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-21] ()
HKU\Peverley\...\Winlogon: [Shell] explorer.exe,C:\Users\Peverley\AppData\Roaming\Other.res [90624 2013-08-28] () <==== ATTENTION
HKU\UpdatusUser\...\Run: [ISUSPM] - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
HKU\UpdatusUser\...\Run: [BitTorrent] - "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
HKU\UpdatusUser\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\UpdatusUser\...\Run: [EA Core] - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-21] ()
Startup: C:\Users\Peverley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) =================

S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
S2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
S2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [931640 2011-11-07] (Trusteer Ltd.)
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [x]
S4 vToolbarUpdater11.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

S1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-09-04] (Emsisoft GmbH)
S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [16877 2002-07-16] (Adaptec)
S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-19] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-19] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-19] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-19] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-06-30] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-04] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-20] (AVG Technologies CZ, s.r.o.)
S3 ck3pro; C:\Windows\System32\DRIVERS\ck3pro64.sys [97280 2010-07-14] (XECUTER)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2013-09-04] (Emsisoft GmbH)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [16896 2007-03-20] (http://libusb-win32.sourceforge.net)
S1 RapportCerberus_43926; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-10-30] ()
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2011-11-07] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [63760 2011-11-07] (Trusteer Ltd.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [61712 2011-11-07] (Trusteer Ltd.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-02-13] (Duplex Secure Ltd.)
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-19 04:29 - 2013-11-19 04:29 - 00003352 ____N C:\bootsqm.dat
2013-11-19 04:28 - 2013-11-19 04:28 - 00000000 __SHD C:\found.000
2013-11-19 00:57 - 2013-11-19 00:57 - 00159914 _____ C:\Users\Peverley\Downloads\Need_For_Speed_Rivals_XBOX360-PROTOCOL.torrent
2013-11-13 19:24 - 2013-11-19 05:07 - 00000672 _____ C:\Windows\setupact.log
2013-11-13 19:24 - 2013-11-13 19:24 - 00000000 _____ C:\Windows\setuperr.log
2013-11-13 19:05 - 2013-10-12 00:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-13 19:05 - 2013-10-12 00:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-13 19:05 - 2013-10-12 00:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-13 19:05 - 2013-10-12 00:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-13 19:05 - 2013-10-12 00:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-13 19:05 - 2013-10-12 00:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-13 19:05 - 2013-10-12 00:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-13 19:05 - 2013-10-12 00:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-13 19:05 - 2013-10-12 00:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-13 19:05 - 2013-10-12 00:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-13 19:05 - 2013-10-12 00:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-13 19:05 - 2013-10-12 00:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-13 19:05 - 2013-10-12 00:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-13 19:05 - 2013-10-12 00:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-13 19:05 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 19:05 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 19:05 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 19:05 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 19:05 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 19:05 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 19:05 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 19:05 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 19:05 - 2013-10-11 23:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 19:05 - 2013-10-11 23:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 19:05 - 2013-10-11 23:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 19:05 - 2013-10-11 23:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 19:05 - 2013-10-11 23:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 19:05 - 2013-10-11 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-13 19:05 - 2013-10-11 22:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 19:05 - 2013-10-11 21:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-13 19:05 - 2013-10-11 21:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 20:18 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-12 20:18 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-12 20:18 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-12 20:17 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-12 20:17 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-12 20:17 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-12 20:17 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-12 20:17 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-12 20:17 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-12 20:17 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-12 20:17 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-12 20:17 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-12 20:17 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-12 20:17 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-12 20:17 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-12 20:17 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-12 20:17 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-12 20:17 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-12 20:17 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-12 20:17 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-12 20:17 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-12 20:17 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-12 20:17 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-12 20:16 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-12 20:16 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-12 20:16 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-12 20:16 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-12 20:16 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-12 20:16 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-12 20:16 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-12 11:09 - 2013-11-12 11:09 - 00000000 ____D C:\Users\Peverley\Desktop\Disc 2
2013-11-12 11:05 - 2013-11-12 11:09 - 00000000 ____D C:\Users\Peverley\Desktop\Disc 1
2013-11-12 11:05 - 2013-11-12 11:05 - 00000000 ____D C:\Users\Peverley\Desktop\$SystemUpdate
2013-11-12 10:39 - 2013-11-12 10:39 - 00000000 ____D C:\Users\Peverley\Desktop\content
2013-11-11 06:57 - 2013-11-11 07:06 - 00000066 _____ C:\Users\Peverley\AppData\Roaming\vso_ts_preview.xml
2013-11-11 05:30 - 2013-11-11 05:30 - 3581045979 _____ C:\Users\Peverley\Desktop\Linkin Park Live From Madison Square Garden 2011.mkv
2013-11-11 05:22 - 2013-11-11 05:22 - 00034481 _____ C:\Users\Peverley\Downloads\Linkin Park - Live From Madison Square Garden 2011 720p HDTV x264 AVC.torrent
2013-11-05 12:32 - 2013-11-05 12:32 - 00000000 ____D C:\Spacekace
2013-11-03 02:25 - 2013-11-03 02:25 - 00000000 ____D C:\Program Files (x86)\Convert Audio Free

==================== One Month Modified Files and Folders =======

2013-11-19 05:07 - 2013-11-13 19:24 - 00000672 _____ C:\Windows\setupact.log
2013-11-19 05:07 - 2013-08-17 02:47 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\Dropbox
2013-11-19 05:07 - 2013-05-16 07:35 - 00000000 ____D C:\Users\Peverley\AppData\Local\HTC MediaHub
2013-11-19 05:07 - 2012-09-12 01:10 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-19 05:07 - 2010-01-01 03:53 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-19 05:07 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-19 04:43 - 2012-04-04 10:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-19 04:38 - 2013-08-17 02:53 - 00000000 ___RD C:\Users\Peverley\Dropbox
2013-11-19 04:33 - 2010-01-01 03:52 - 02091483 _____ C:\Windows\WindowsUpdate.log
2013-11-19 04:33 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-19 04:33 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-19 04:29 - 2013-11-19 04:29 - 00003352 ____N C:\bootsqm.dat
2013-11-19 04:28 - 2013-11-19 04:28 - 00000000 __SHD C:\found.000
2013-11-19 00:59 - 2013-09-09 10:17 - 00000000 ____D C:\ProgramData\MFAData
2013-11-19 00:59 - 2009-07-13 21:13 - 00006450 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-19 00:57 - 2013-11-19 00:57 - 00159914 _____ C:\Users\Peverley\Downloads\Need_For_Speed_Rivals_XBOX360-PROTOCOL.torrent
2013-11-13 20:51 - 2012-09-12 01:10 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-13 20:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 19:24 - 2013-11-13 19:24 - 00000000 _____ C:\Windows\setuperr.log
2013-11-13 19:05 - 2009-08-14 10:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 19:04 - 2013-08-06 18:08 - 00000000 ____D C:\Windows\System32\MRT
2013-11-13 19:01 - 2010-01-02 12:34 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-12 11:09 - 2013-11-12 11:09 - 00000000 ____D C:\Users\Peverley\Desktop\Disc 2
2013-11-12 11:09 - 2013-11-12 11:05 - 00000000 ____D C:\Users\Peverley\Desktop\Disc 1
2013-11-12 11:05 - 2013-11-12 11:05 - 00000000 ____D C:\Users\Peverley\Desktop\$SystemUpdate
2013-11-12 10:39 - 2013-11-12 10:39 - 00000000 ____D C:\Users\Peverley\Desktop\content
2013-11-12 07:20 - 2010-01-02 05:00 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\vlc
2013-11-12 06:54 - 2013-02-06 08:29 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\Skype
2013-11-12 02:35 - 2010-01-21 09:54 - 00000000 ____D C:\Windows\Minidump
2013-11-11 07:06 - 2013-11-11 06:57 - 00000066 _____ C:\Users\Peverley\AppData\Roaming\vso_ts_preview.xml
2013-11-11 07:06 - 2010-01-04 00:59 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\Vso
2013-11-11 06:59 - 2010-12-06 06:22 - 00000000 ____D C:\Users\Peverley\Documents\ConvertXtoDVD
2013-11-11 05:30 - 2013-11-11 05:30 - 3581045979 _____ C:\Users\Peverley\Desktop\Linkin Park Live From Madison Square Garden 2011.mkv
2013-11-11 05:25 - 2012-11-13 11:43 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\uTorrent
2013-11-11 05:22 - 2013-11-11 05:22 - 00034481 _____ C:\Users\Peverley\Downloads\Linkin Park - Live From Madison Square Garden 2011 720p HDTV x264 AVC.torrent
2013-11-10 09:14 - 2012-05-14 02:37 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\Mozilla
2013-11-10 09:14 - 2011-05-04 10:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-06 12:54 - 2010-01-02 09:30 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\abgx360
2013-11-05 21:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-11-05 12:32 - 2013-11-05 12:32 - 00000000 ____D C:\Spacekace
2013-11-04 07:47 - 2013-08-05 20:33 - 00219648 _____ C:\Users\Peverley\Desktop\Shift Plan.xls
2013-11-03 02:25 - 2013-11-03 02:25 - 00000000 ____D C:\Program Files (x86)\Convert Audio Free
2013-10-27 01:26 - 2013-10-18 01:53 - 00000000 ____D C:\Users\Peverley\Desktop\Xbox
ZeroAccess:
C:\Users\Peverley\AppData\Local\Google\Desktop\Install

Files to move or delete:
====================
C:\ProgramData\hj1ofrlc.ctrl
C:\ProgramData\hj1ofrlc.pff


Some content of TEMP:
====================
C:\Users\Peverley\AppData\Local\Temp\pQNGl6W.exe
C:\Users\Peverley\AppData\Local\Temp\pQNGl6W0.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

4
Restore point made on: 2013-10-27 02:42:32
Restore point made on: 2013-11-03 16:00:21
Restore point made on: 2013-11-10 09:15:23
Restore point made on: 2013-11-13 19:00:50

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3838.55 MB
Available physical RAM: 3157.43 MB
Total Pagefile: 3836.7 MB
Available Pagefile: 3143.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:291.2 GB) (Free:172.46 GB) NTFS
Drive e: (DATA) (Fixed) (Total:291.2 GB) (Free:122.7 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:13.67 GB) (Free:4.49 GB) NTFS
Drive j: () (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 6C03016C)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=291 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=291 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 4 GB) (Disk ID: DC79BDFE)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-11-10 06:22

==================== End Of Log ============================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
On your clean PC, download the following file by right-clicking it and select save as

[attachment=6264]

and save it onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Attempt to boot normally.
 

Attachments

  • fixlist.txt
    1.3 KB · Views: 67
J

jamespev

New Member
Thread author
Nov 19, 2013
6
Yes that has worked and it has booted up ok thank you.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013
Ran by SYSTEM at 2013-11-19 21:37:41 Run:4
Running from J:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstalla...QBNAEIAUgA"&"inst=NwA2AC0ANQAwADkAOAA1ADcANQA3ADAALQBYAE8AMwA2ACsAMQAtAFMAVAAxACsAMgAtAFQAQgA?5ACsAMgAtAE4AMQBEACsAMQAtAFAATAArADkALQBEAEQAVAArADIAMgAzADkANgAtAEQARAA5ADAAKwA?xAC0AUwBUADkAMABBAFAAUAArADEALQBGAFUASQArADIALQBQADkAMABUAEIAKwAyAC0ARAAzADgAMQB?MACsANQA"&"prod=54"&"ver=9.0.894 [x]
HKU\Peverley\...\Winlogon: [Shell] explorer.exe,C:\Users\Peverley\AppData\Roaming\Other.res [90624 2013-08-28] () <==== ATTENTION
C:\Users\Peverley\AppData\Roaming\Other.res
C:\ProgramData\hj1ofrlc.ctrl
C:\ProgramData\hj1ofrlc.pff
C:\Users\Peverley\AppData\Local\Temp

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => Value deleted successfully.
HKU\Peverley\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Peverley\AppData\Roaming\Other.res => Moved successfully.
C:\ProgramData\hj1ofrlc.ctrl => Moved successfully.
C:\ProgramData\hj1ofrlc.pff => Moved successfully.
C:\Users\Peverley\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Great, let's check system once more


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 
J

jamespev

New Member
Thread author
Nov 19, 2013
6
it didn't give me the addition.txt but here is the other info.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Peverley (administrator) on PEVERLEY-PC on 19-11-2013 21:50:28
Running from C:\Users\Peverley\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\UpdatusUser\...\Run: [ISUSPM] - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
HKU\UpdatusUser\...\Run: [BitTorrent] - "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
HKU\UpdatusUser\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\UpdatusUser\...\Run: [EA Core] - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent
HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
Startup: C:\Users\Peverley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Peverley\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM-x32 - DefaultScope {F47507B3-F134-45F0-88CF-1942324CF84C} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll (Yontoo LLC)
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 05 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 06 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 17 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 18 %SYSTEMROOT%\system32\nvLsp64.dll [434208] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

Chrome:
=======
CHR HomePage: http:\/\/search.conduit.com\/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP96EB6D66-94EF-4DC3-A6D8-6EAD818B7883&SSPV=
CHR RestoreOnStartup: "http:\/\/search.conduit.com\/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP96EB6D66-94EF-4DC3-A6D8-6EAD818B7883&SSPV="]},"sync_promo":{"show_on_first_run_allowed":false},"webkit":{"webprefs":{"allow_running_insecure_content"
CHR Extension: (entrusted) - C:\Users\Peverley\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk\10.14.370.25_0
CHR Extension: (BitTorrentBar) - C:\Users\Peverley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.7.1_0
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Peverley\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
CHR HKLM-x32\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\Peverley\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Peverley\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx

==================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [931640 2011-11-07] (Trusteer Ltd.)
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [x]
S4 vToolbarUpdater11.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-09-04] (Emsisoft GmbH)
S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [16877 2002-07-17] (Adaptec)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 ck3pro; C:\Windows\System32\DRIVERS\ck3pro64.sys [97280 2010-07-14] (XECUTER)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2013-09-04] (Emsisoft GmbH)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [16896 2007-03-20] (http://libusb-win32.sourceforge.net)
R1 RapportCerberus_43926; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-10-30] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2011-11-07] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [63760 2011-11-07] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [61712 2011-11-07] (Trusteer Ltd.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-02-13] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-19 21:50 - 2013-11-19 21:50 - 01957964 _____ (Farbar) C:\Users\Peverley\Downloads\FRST64.exe
2013-11-19 21:50 - 2013-11-19 21:50 - 00012175 _____ C:\Users\Peverley\Downloads\FRST.txt
2013-11-19 21:43 - 2013-11-19 21:43 - 00000000 ___SD C:\ComboFix
2013-11-19 21:40 - 2013-11-19 21:43 - 00000000 ___SD C:\32788R22FWJFW
2013-11-19 12:29 - 2013-11-19 12:29 - 00003352 ____N C:\bootsqm.dat
2013-11-19 12:28 - 2013-11-19 12:28 - 00000000 __SHD C:\found.000
2013-11-19 08:57 - 2013-11-19 08:57 - 00159914 _____ C:\Users\Peverley\Downloads\Need_For_Speed_Rivals_XBOX360-PROTOCOL.torrent
2013-11-14 03:24 - 2013-11-19 21:38 - 00000728 _____ C:\Windows\setupact.log
2013-11-14 03:24 - 2013-11-14 03:24 - 00000000 _____ C:\Windows\setuperr.log
2013-11-14 03:05 - 2013-10-12 08:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 03:05 - 2013-10-12 08:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 03:05 - 2013-10-12 08:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 03:05 - 2013-10-12 08:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 03:05 - 2013-10-12 08:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 03:05 - 2013-10-12 08:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 03:05 - 2013-10-12 08:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 03:05 - 2013-10-12 08:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 03:05 - 2013-10-12 08:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 03:05 - 2013-10-12 08:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 03:05 - 2013-10-12 08:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 03:05 - 2013-10-12 08:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 03:05 - 2013-10-12 08:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 03:05 - 2013-10-12 08:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 03:05 - 2013-10-12 07:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 03:05 - 2013-10-12 07:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 03:05 - 2013-10-12 07:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 03:05 - 2013-10-12 07:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 03:05 - 2013-10-12 07:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 03:05 - 2013-10-12 07:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 03:05 - 2013-10-12 07:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 03:05 - 2013-10-12 07:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 03:05 - 2013-10-12 07:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 03:05 - 2013-10-12 07:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 03:05 - 2013-10-12 07:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 03:05 - 2013-10-12 07:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 03:05 - 2013-10-12 07:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 03:05 - 2013-10-12 06:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 03:05 - 2013-10-12 06:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 03:05 - 2013-10-12 05:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 03:05 - 2013-10-12 05:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 04:18 - 2013-10-05 20:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 04:18 - 2013-10-05 19:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 04:18 - 2013-09-28 01:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 04:17 - 2013-10-04 02:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 04:17 - 2013-10-04 02:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 04:17 - 2013-10-04 02:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 04:17 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 04:17 - 2013-10-04 01:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 04:17 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 04:17 - 2013-09-25 02:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 04:17 - 2013-09-25 02:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 04:17 - 2013-09-25 02:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 04:17 - 2013-09-25 02:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 04:17 - 2013-09-25 02:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 04:17 - 2013-09-25 02:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 04:17 - 2013-09-25 02:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 04:17 - 2013-09-25 02:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 04:17 - 2013-09-25 01:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 04:17 - 2013-09-25 01:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 04:17 - 2013-09-25 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 04:17 - 2013-09-25 01:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 04:17 - 2013-09-25 01:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 04:17 - 2013-07-04 12:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 04:16 - 2013-10-12 02:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 04:16 - 2013-10-12 02:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 04:16 - 2013-10-12 02:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 04:16 - 2013-10-12 02:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 04:16 - 2013-10-12 02:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 04:16 - 2013-10-03 02:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 04:16 - 2013-10-03 02:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-12 19:09 - 2013-11-12 19:09 - 00000000 ____D C:\Users\Peverley\Desktop\Disc 2
2013-11-12 19:05 - 2013-11-12 19:09 - 00000000 ____D C:\Users\Peverley\Desktop\Disc 1
2013-11-12 19:05 - 2013-11-12 19:05 - 00000000 ____D C:\Users\Peverley\Desktop\$SystemUpdate
2013-11-12 18:39 - 2013-11-12 18:39 - 00000000 ____D C:\Users\Peverley\Desktop\content
2013-11-11 14:57 - 2013-11-11 15:06 - 00000066 _____ C:\Users\Peverley\AppData\Roaming\vso_ts_preview.xml
2013-11-11 13:30 - 2013-11-11 13:30 - 3581045979 _____ C:\Users\Peverley\Desktop\Linkin Park Live From Madison Square Garden 2011.mkv
2013-11-11 13:22 - 2013-11-11 13:22 - 00034481 _____ C:\Users\Peverley\Downloads\Linkin Park - Live From Madison Square Garden 2011 720p HDTV x264 AVC.torrent
2013-11-05 20:32 - 2013-11-05 20:32 - 00000000 ____D C:\Spacekace
2013-11-03 10:25 - 2013-11-03 10:25 - 00000000 ____D C:\Program Files (x86)\Convert Audio Free

==================== One Month Modified Files and Folders =======

2013-11-19 22:00 - 2013-11-19 21:50 - 00012175 _____ C:\Users\Peverley\Downloads\FRST.txt
2013-11-19 21:50 - 2013-11-19 21:50 - 01957964 _____ (Farbar) C:\Users\Peverley\Downloads\FRST64.exe
2013-11-19 21:47 - 2009-07-14 04:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-19 21:47 - 2009-07-14 04:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-19 21:45 - 2013-09-09 18:17 - 00000000 ____D C:\ProgramData\MFAData
2013-11-19 21:43 - 2013-11-19 21:43 - 00000000 ___SD C:\ComboFix
2013-11-19 21:43 - 2013-11-19 21:40 - 00000000 ___SD C:\32788R22FWJFW
2013-11-19 21:43 - 2013-09-05 13:27 - 00000000 ____D C:\Qoobox
2013-11-19 21:41 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-19 21:40 - 2013-09-09 16:45 - 05146522 ____R (Swearware) C:\Users\Peverley\Desktop\ComboFix.exe
2013-11-19 21:39 - 2013-08-17 10:53 - 00000000 ___RD C:\Users\Peverley\Dropbox
2013-11-19 21:39 - 2013-08-17 10:47 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\Dropbox
2013-11-19 21:39 - 2013-05-16 15:35 - 00000000 ____D C:\Users\Peverley\AppData\Local\HTC MediaHub
2013-11-19 21:39 - 2012-09-12 09:10 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-19 21:38 - 2013-11-14 03:24 - 00000728 _____ C:\Windows\setupact.log
2013-11-19 21:38 - 2010-01-01 11:53 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-19 21:38 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-19 12:43 - 2012-04-04 18:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-19 12:33 - 2010-01-01 11:52 - 02091483 _____ C:\Windows\WindowsUpdate.log
2013-11-19 12:29 - 2013-11-19 12:29 - 00003352 ____N C:\bootsqm.dat
2013-11-19 12:28 - 2013-11-19 12:28 - 00000000 __SHD C:\found.000
2013-11-19 08:59 - 2009-07-14 05:13 - 00006450 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-19 08:57 - 2013-11-19 08:57 - 00159914 _____ C:\Users\Peverley\Downloads\Need_For_Speed_Rivals_XBOX360-PROTOCOL.torrent
2013-11-14 04:51 - 2012-09-12 09:10 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-14 04:01 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-11-14 03:24 - 2013-11-14 03:24 - 00000000 _____ C:\Windows\setuperr.log
2013-11-14 03:05 - 2009-08-14 18:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 03:04 - 2013-08-07 02:08 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 03:01 - 2010-01-02 20:34 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-12 19:09 - 2013-11-12 19:09 - 00000000 ____D C:\Users\Peverley\Desktop\Disc 2
2013-11-12 19:09 - 2013-11-12 19:05 - 00000000 ____D C:\Users\Peverley\Desktop\Disc 1
2013-11-12 19:05 - 2013-11-12 19:05 - 00000000 ____D C:\Users\Peverley\Desktop\$SystemUpdate
2013-11-12 18:39 - 2013-11-12 18:39 - 00000000 ____D C:\Users\Peverley\Desktop\content
2013-11-12 15:20 - 2010-01-02 13:00 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\vlc
2013-11-12 14:54 - 2013-02-06 16:29 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\Skype
2013-11-12 10:35 - 2010-01-21 17:54 - 00000000 ____D C:\Windows\Minidump
2013-11-11 15:06 - 2013-11-11 14:57 - 00000066 _____ C:\Users\Peverley\AppData\Roaming\vso_ts_preview.xml
2013-11-11 15:06 - 2010-01-04 08:59 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\Vso
2013-11-11 14:59 - 2010-12-06 14:22 - 00000000 ____D C:\Users\Peverley\Documents\ConvertXtoDVD
2013-11-11 13:30 - 2013-11-11 13:30 - 3581045979 _____ C:\Users\Peverley\Desktop\Linkin Park Live From Madison Square Garden 2011.mkv
2013-11-11 13:25 - 2012-11-13 19:43 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\uTorrent
2013-11-11 13:22 - 2013-11-11 13:22 - 00034481 _____ C:\Users\Peverley\Downloads\Linkin Park - Live From Madison Square Garden 2011 720p HDTV x264 AVC.torrent
2013-11-10 17:14 - 2012-05-14 10:37 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\Mozilla
2013-11-10 17:14 - 2011-05-04 18:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-10 17:13 - 2013-10-19 10:33 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2013-11-06 20:54 - 2010-01-02 17:30 - 00000000 ____D C:\Users\Peverley\AppData\Roaming\abgx360
2013-11-06 05:29 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-05 20:32 - 2013-11-05 20:32 - 00000000 ____D C:\Spacekace
2013-11-04 15:47 - 2013-08-06 04:33 - 00219648 _____ C:\Users\Peverley\Desktop\Shift Plan.xls
2013-11-03 10:25 - 2013-11-03 10:25 - 00000000 ____D C:\Program Files (x86)\Convert Audio Free
2013-10-27 09:26 - 2013-10-18 09:53 - 00000000 ____D C:\Users\Peverley\Desktop\Xbox
ZeroAccess:
C:\Users\Peverley\AppData\Local\Google\Desktop\Install

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-10 14:22

==================== End Of Log ============================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.



<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>




After these steps, tell me how are the things now, any problems?
 

Attachments

  • fixlist.txt
    995 bytes · Views: 98
Last edited by a moderator:
J

jamespev

New Member
Thread author
Nov 19, 2013
6
FRST Report

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013
Ran by Peverley at 2013-11-20 09:35:38 Run:5
Running from C:\Users\Peverley\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BHO-x32: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll (Yontoo LLC)
C:\Program Files (x86)\Yontoo Layers Client
cmd: netsh winsock reset
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Peverley\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
C:\Users\Peverley\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
CHR Extension: (entrusted) - C:\Users\Peverley\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk\10.14.370.25_0
C:\Users\Peverley\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Peverley\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx
C:\Users\Peverley\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx
C:\Users\Peverley\AppData\Local\Google\Desktop\Install
cmd: ipconfig /flushdns
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} => Key deleted successfully.
C:\Program Files (x86)\Yontoo Layers Client => Moved successfully.

========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda => Key deleted successfully.
"C:\Users\Peverley\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx" => File/Directory not found.
"C:\Users\Peverley\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx" => File/Directory not found.
C:\Users\Peverley\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk => Moved successfully.
"C:\Users\Peverley\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid => Key deleted successfully.
C:\Users\Peverley\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx => Moved successfully.
"C:\Users\Peverley\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx" => File/Directory not found.
C:\Users\Peverley\AppData\Local\Google\Desktop\Install => Moved successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


==== End of Fixlog ====

Adwcleaner report

# AdwCleaner v3.012 - Report created 20/11/2013 at 09:39:19
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Peverley - PEVERLEY-PC
# Running from : C:\Users\Peverley\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater11.2.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BonanzaDealsLive
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\BonanzaDeals
Folder Deleted : C:\Program Files (x86)\BonanzaDealsLive
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Peverley\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Peverley\AppData\Local\BonanzaDealsLive
Folder Deleted : C:\Users\Peverley\AppData\Local\Conduit
Folder Deleted : C:\Users\Peverley\AppData\Local\Discount Buddy
Folder Deleted : C:\Users\Peverley\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Peverley\AppData\Local\PackageAware
Folder Deleted : C:\Users\Peverley\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Peverley\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Peverley\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Peverley\AppData\LocalLow\Doko-Toolbar
Folder Deleted : C:\Users\Peverley\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Peverley\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Peverley\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Peverley\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Peverley\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Peverley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\Users\Peverley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
File Deleted : C:\Users\Peverley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Peverley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\5d6dbdde568ea47
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3281675
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BonanzaDealsLive
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Doko-Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BonanzaDealsLive
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Doko-Toolbar
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Peverley\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url

*************************

AdwCleaner[R0].txt - [15001 octets] - [20/11/2013 09:37:45]
AdwCleaner[S0].txt - [13328 octets] - [20/11/2013 09:39:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13389 octets] ##########
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

> I don't need DelFix log report.


Cheers :)
 

Similar threads

M
  • Locked
BBWC not detected by malwarebytes and rkill but is there?
Replies
13
Views
567
Windows Malware Removal Help & Support
icotonev
icotonev
M
  • Locked
No Reply at a complete loss
Replies
7
Views
627
Windows Malware Removal Help & Support
icotonev
icotonev
A
  • Locked
UDLA - I´m I the only one infected?
Replies
1
Views
251
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top