TechSpot

United States Courts

Inactive-A
By Mikjensen
Jul 27, 2013
  1. Computer is locked. I cannot get into safe mode, computer reboots before it gets to safe mode. I made an AVG boot CD and scanned but it still is locked and still won't go to safe mode. Computer no longer goes to US Courts screen, now just a white screen when I let windows start. Windows 7.

    Please help me get rid of this. Thanks in advance,

    Mike
     
  2. Mikjensen

    Mikjensen TS Rookie Topic Starter Posts: 37

    I was able to delete a file named Skype.dat in the appdata/roaming dir and now I can get to Safe Mode but I still have many problems; Microsoft Security Essentials is gone, the Action Center is disabled and it will not let me enable it, and everything I download gets a pop up that says (file*) contains a virus and was deleted. I am going to download MSE on to a thumb drive and try to install from that.
     
  3. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  4. Mikjensen

    Mikjensen TS Rookie Topic Starter Posts: 37

    Here is the FRST scan file:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-07-2013 04
    Ran by SYSTEM on 27-07-2013 19:59:45
    Running from G:\
    Windows 7 Professional (X86) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Recovery
    The current controlset is ControlSet002
    ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-09-29] (CyberLink Corp.)
    HKLM\...\Run: [] - [x]
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
    HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2010-11-20] (Microsoft Corporation)
    HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2010-11-20] (Microsoft Corporation)
    HKU\User\...\Winlogon: [Shell] explor
    ========================== Services (Whitelisted) =================
    S2 FastFreeConverterUpdt; C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe [687104 2012-11-26] ()
    S3 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [271760 2009-04-15] ()
    S2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
    S3 NecUsb; C:\Windows\system32\NUSB3w32.dll [x]
    ==================== Drivers (Whitelisted) ====================
    S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
    S3 cpuz131; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz131\cpuz_x32.sys [x]
    S3 cpuz132; \??\C:\Users\User\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [x]
    S3 MFE_RR; \??\C:\Users\User\AppData\Local\Temp\mfe_rr.sys [x]
    S1 MpKsl07ee8541; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F7447AB2-F1D7-44FD-8613-ED2257EE2FB2}\MpKsl07ee8541.sys [x]
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2013-07-27 19:59 - 2013-07-27 19:59 - 00000000 ____D C:\FRST
    2013-07-27 15:48 - 2013-07-27 15:48 - 02092792 _____ C:\Users\User\Desktop\avira_free_antivirus.exe
    2013-07-27 15:47 - 2013-07-27 15:48 - 02092792 _____ C:\Users\User\Downloads\avira_free_antivirus_exe
    2013-07-27 15:36 - 2013-07-27 15:36 - 00002520 _____ C:\Users\User\Desktop\MyDefrag.dat
    2013-07-27 15:34 - 2013-07-27 15:34 - 00000534 _____ C:\Users\User\Desktop\MyDefrag.debuglog
    2013-07-27 15:33 - 2013-07-27 15:33 - 00002455 _____ C:\Users\Public\Desktop\SlimCleaner.lnk
    2013-07-27 15:33 - 2013-07-27 15:33 - 00000000 ____D C:\Users\User\AppData\Local\SlimWare Utilities Inc
    2013-07-27 15:33 - 2013-07-27 15:33 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
    2013-07-27 15:33 - 2013-07-27 15:33 - 00000000 ____D C:\Program Files\SlimCleaner
    2013-07-27 15:01 - 2013-07-27 15:01 - 00868093 _____ C:\Users\User\AppData\Local\census.cache
    2013-07-27 15:01 - 2013-07-27 15:01 - 00144437 _____ C:\Users\User\AppData\Local\ars.cache
    2013-07-27 14:50 - 2013-07-27 14:50 - 00000036 _____ C:\Users\User\AppData\Local\housecall.guid.cache
    2013-07-27 14:50 - 2012-07-26 18:02 - 00257928 _____ (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
    2013-07-27 14:46 - 2013-07-27 14:46 - 00000000 ____D C:\Windows\TempBDD4F4D8-978C-5C75-4D95-CBE179C7C82A-Signatures
    2013-07-27 12:52 - 2013-07-27 14:15 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
    2013-07-26 11:47 - 2013-07-26 11:47 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
    2013-07-26 11:47 - 2013-07-26 11:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
    2013-07-22 05:47 - 2013-07-27 15:21 - 00002652 _____ C:\Windows\setupact.log
    2013-07-22 05:47 - 2013-07-27 14:25 - 00003748 _____ C:\Windows\PFRO.log
    2013-07-22 05:47 - 2013-07-22 05:47 - 00000000 _____ C:\Windows\setuperr.log
    2013-07-22 05:31 - 2013-07-22 05:31 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-07-22 05:31 - 2013-07-22 05:31 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-07-22 05:31 - 2013-07-22 05:31 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2013-07-22 05:31 - 2013-07-22 05:31 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-07-22 05:31 - 2013-07-22 05:31 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2013-07-22 05:30 - 2013-07-22 05:30 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
    2013-07-22 05:24 - 2013-07-22 05:24 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
    2013-07-22 05:24 - 2013-07-22 05:24 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2013-07-22 05:12 - 2013-07-22 05:29 - 44052480 _____ C:\Windows\System32\config\SOFTWARE.iobit
    2013-07-22 05:12 - 2013-07-22 05:29 - 00258048 _____ C:\Windows\System32\config\DEFAULT.iobit
    2013-07-22 05:12 - 2013-07-22 05:29 - 00028672 _____ C:\Windows\System32\config\SAM.iobit
    2013-07-22 05:12 - 2013-07-22 05:29 - 00024576 _____ C:\Windows\System32\config\SECURITY.iobit
    2013-07-21 09:36 - 2013-07-21 09:36 - 00000440 _____ C:\Users\User\Desktop\Procharger Centrifugal Supercharger kits.url
    2013-07-20 08:10 - 2013-07-20 08:10 - 00000609 _____ C:\Users\User\Desktop\shorty header spark plugs - Google Search.url
    2013-07-06 17:55 - 2013-07-06 17:55 - 00000377 _____ C:\Users\User\Desktop\DODGE MAGNUM Sherman Radiator Core Supports - Free Shipping on Orders Over $99 at Summit Racing.url
    2013-07-01 03:55 - 2013-07-01 03:55 - 00000281 _____ C:\Users\User\Desktop\2012 Ford f-350 superduty front bumper.url
    ==================== One Month Modified Files and Folders =======
    2013-07-27 19:59 - 2013-07-27 19:59 - 00000000 ____D C:\FRST
    2013-07-27 15:53 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
    2013-07-27 15:48 - 2013-07-27 15:48 - 02092792 _____ C:\Users\User\Desktop\avira_free_antivirus.exe
    2013-07-27 15:48 - 2013-07-27 15:47 - 02092792 _____ C:\Users\User\Downloads\avira_free_antivirus_exe
    2013-07-27 15:41 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
    2013-07-27 15:36 - 2013-07-27 15:36 - 00002520 _____ C:\Users\User\Desktop\MyDefrag.dat
    2013-07-27 15:34 - 2013-07-27 15:34 - 00000534 _____ C:\Users\User\Desktop\MyDefrag.debuglog
    2013-07-27 15:34 - 2010-09-25 10:09 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
    2013-07-27 15:34 - 2010-08-06 17:29 - 00000000 ____D C:\Windows\Panther
    2013-07-27 15:33 - 2013-07-27 15:33 - 00002455 _____ C:\Users\Public\Desktop\SlimCleaner.lnk
    2013-07-27 15:33 - 2013-07-27 15:33 - 00000000 ____D C:\Users\User\AppData\Local\SlimWare Utilities Inc
    2013-07-27 15:33 - 2013-07-27 15:33 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
    2013-07-27 15:33 - 2013-07-27 15:33 - 00000000 ____D C:\Program Files\SlimCleaner
    2013-07-27 15:26 - 2009-07-13 20:34 - 00015184 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-07-27 15:26 - 2009-07-13 20:34 - 00015184 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-07-27 15:25 - 2010-08-06 14:35 - 00795874 _____ C:\Windows\System32\PerfStringBackup.INI
    2013-07-27 15:21 - 2013-07-22 05:47 - 00002652 _____ C:\Windows\setupact.log
    2013-07-27 15:16 - 2010-08-06 16:33 - 01064021 _____ C:\Windows\WindowsUpdate.log
    2013-07-27 15:14 - 2009-07-13 20:33 - 00301712 _____ C:\Windows\System32\FNTCACHE.DAT
    2013-07-27 15:13 - 2010-08-06 14:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-07-27 15:13 - 2009-07-13 23:50 - 00000000 ____D C:\Program Files\Windows Journal
    2013-07-27 15:01 - 2013-07-27 15:01 - 00868093 _____ C:\Users\User\AppData\Local\census.cache
    2013-07-27 15:01 - 2013-07-27 15:01 - 00144437 _____ C:\Users\User\AppData\Local\ars.cache
    2013-07-27 14:50 - 2013-07-27 14:50 - 00000036 _____ C:\Users\User\AppData\Local\housecall.guid.cache
    2013-07-27 14:49 - 2012-01-29 08:32 - 00002141 _____ C:\Windows\epplauncher.mif
    2013-07-27 14:46 - 2013-07-27 14:46 - 00000000 ____D C:\Windows\TempBDD4F4D8-978C-5C75-4D95-CBE179C7C82A-Signatures
    2013-07-27 14:46 - 2012-01-29 08:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-07-27 14:25 - 2013-07-22 05:47 - 00003748 _____ C:\Windows\PFRO.log
    2013-07-27 14:16 - 2010-09-29 12:40 - 00000000 ____D C:\Program Files\Yahoo!
    2013-07-27 14:15 - 2013-07-27 12:52 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
    2013-07-27 14:15 - 2011-09-01 08:27 - 00000000 ____D C:\Program Files\PCPitstop
    2013-07-27 14:07 - 2011-09-01 08:27 - 00000000 ____D C:\ProgramData\PCPitstop
    2013-07-27 14:07 - 2011-09-01 08:27 - 00000000 ____D C:\Program Files\CA
    2013-07-27 14:07 - 2010-12-02 06:03 - 00000000 ____D C:\Users\User\AppData\Roaming\Apple Computer
    2013-07-27 14:03 - 2011-05-27 13:29 - 00000000 ____D C:\Windows\Sun
    2013-07-27 14:02 - 2013-05-28 07:15 - 00000000 ____D C:\Users\User\AppData\Local\SwvUpdater
    2013-07-27 13:15 - 2011-12-04 15:41 - 00057856 ___SH C:\Users\User\Desktop\Thumbs.db
    2013-07-27 12:44 - 2012-10-20 06:16 - 00014456 _____ C:\Users\User\Desktop\Rkill.txt
    2013-07-26 11:47 - 2013-07-26 11:47 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
    2013-07-26 11:47 - 2013-07-26 11:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
    2013-07-25 07:41 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
    2013-07-22 05:47 - 2013-07-22 05:47 - 00000000 _____ C:\Windows\setuperr.log
    2013-07-22 05:31 - 2013-07-22 05:31 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-07-22 05:31 - 2013-07-22 05:31 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-07-22 05:31 - 2013-07-22 05:31 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2013-07-22 05:31 - 2013-07-22 05:31 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-07-22 05:31 - 2013-07-22 05:31 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-07-22 05:31 - 2013-07-22 05:31 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2013-07-22 05:30 - 2013-07-22 05:30 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
    2013-07-22 05:29 - 2013-07-22 05:12 - 44052480 _____ C:\Windows\System32\config\SOFTWARE.iobit
    2013-07-22 05:29 - 2013-07-22 05:12 - 00258048 _____ C:\Windows\System32\config\DEFAULT.iobit
    2013-07-22 05:29 - 2013-07-22 05:12 - 00028672 _____ C:\Windows\System32\config\SAM.iobit
    2013-07-22 05:29 - 2013-07-22 05:12 - 00024576 _____ C:\Windows\System32\config\SECURITY.iobit
    2013-07-22 05:24 - 2013-07-22 05:24 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
    2013-07-22 05:24 - 2013-07-22 05:24 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2013-07-21 09:36 - 2013-07-21 09:36 - 00000440 _____ C:\Users\User\Desktop\Procharger Centrifugal Supercharger kits.url
    2013-07-20 08:10 - 2013-07-20 08:10 - 00000609 _____ C:\Users\User\Desktop\shorty header spark plugs - Google Search.url
    2013-07-06 17:55 - 2013-07-06 17:55 - 00000377 _____ C:\Users\User\Desktop\DODGE MAGNUM Sherman Radiator Core Supports - Free Shipping on Orders Over $99 at Summit Racing.url
    2013-07-04 06:35 - 2013-05-05 03:21 - 00001132 _____ C:\Users\Public\Desktop\Smart Defrag 2.lnk
    2013-07-04 06:34 - 2012-10-20 05:46 - 00000000 ____D C:\Users\User\AppData\Roaming\IObit
    2013-07-01 03:55 - 2013-07-01 03:55 - 00000281 _____ C:\Users\User\Desktop\2012 Ford f-350 superduty front bumper.url
    2013-06-28 02:38 - 2012-06-14 05:35 - 00000000 ____D C:\Users\User\AppData\Local\Google
    2013-06-28 02:36 - 2013-05-28 07:15 - 00000000 ____D C:\Users\User\AppData\Local\DownloadTerms
    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-18\$cd228f3612c17d1bf9927bd4d8bdb8c9
    C:\$Recycle.Bin\S-1-5-18\$cd228f3612c17d1bf9927bd4d8bdb8c9\L
    C:\$Recycle.Bin\S-1-5-18\$cd228f3612c17d1bf9927bd4d8bdb8c9\U
    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-18\$cd228f3612c17d1bf9927bd4d8bdb8c9
    C:\$Recycle.Bin\S-1-5-18\$cd228f3612c17d1bf9927bd4d8bdb8c9\L
    C:\$Recycle.Bin\S-1-5-18\$cd228f3612c17d1bf9927bd4d8bdb8c9\U
    ==================== Known DLLs (Whitelisted) ============

    ==================== Bamital & volsnap Check =================
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
    C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2013-06-16 15:00:29
    Restore point made on: 2013-06-22 05:34:09
    Restore point made on: 2013-06-22 05:35:51
    Restore point made on: 2013-06-22 05:36:51
    Restore point made on: 2013-06-22 05:44:28
    Restore point made on: 2013-06-23 15:00:19
    Restore point made on: 2013-06-30 15:00:27
    Restore point made on: 2013-07-07 15:00:27
    Restore point made on: 2013-07-14 15:00:27
    Restore point made on: 2013-07-21 15:00:24
    Restore point made on: 2013-07-22 05:21:53
    Restore point made on: 2013-07-22 05:22:55
    Restore point made on: 2013-07-27 15:07:17
    Restore point made on: 2013-07-27 15:07:50
    ==================== Memory info ===========================
    Percentage of memory in use: 15%
    Total physical RAM: 3070.49 MB
    Available physical RAM: 2601.21 MB
    Total Pagefile: 3068.77 MB
    Available Pagefile: 2597.63 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1918.81 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:148.95 GB) (Free:111.88 GB) NTFS
    Drive d: () (Fixed) (Total:149.05 GB) (Free:46.67 GB) NTFS
    Drive g: () (Removable) (Total:1.88 GB) (Free:1.13 GB) FAT
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 2E986156)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: D6B0D92D)
    Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 2 (Size: 2 GB) (Disk ID: 91F72D24)
    Partition 1: (Active) - (Size=2 GB) - (Type=06)

    LastRegBack: 2013-07-22 20:17
    ==================== End Of Log ============================
     
  5. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
    See if you can boot normally.

    If so....

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     

    Attached Files:

  6. Mikjensen

    Mikjensen TS Rookie Topic Starter Posts: 37

    Here is the Fixlog:
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-07-2013 04
    Ran by SYSTEM at 2013-07-27 22:23:45 Run:1
    Running from G:\
    Boot Mode: Recovery
    ==============================================
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
    HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
    HKU\User\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
    MFE_RR => Service deleted successfully.
    C:\$Recycle.Bin\S-1-5-18\$cd228f3612c17d1bf9927bd4d8bdb8c9 => Moved successfully.
    "C:\$Recycle.Bin\S-1-5-18\$cd228f3612c17d1bf9927bd4d8bdb8c9" => File/Directory not found.
    ==== End of Fixlog ====

    and here is the new FRST:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-07-2013 04
    Ran by User (administrator) on 27-07-2013 22:28:26
    Running from C:\Users\User\Desktop
    Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Normal
    ==================== Processes (Whitelisted) ===================
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-09-29] (CyberLink Corp.)
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1531692483-2461748013-3860129713-1000\$cd228f3612c17d1bf9927bd4d8bdb8c9\n. ATTENTION! ====> ZeroAccess?
    HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2010-11-20] (Microsoft Corporation)
    HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2010-11-20] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
    SearchScopes: HKLM - DefaultScope {AC25F593-D506-4A69-94CC-7D8BD4707B20} URL =
    SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1320680
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Fast Free Converter 4.1 - {B422F1BC-9ADB-48A7-8B13-00C176039DC5} - C:\PROGRA~1\FASTFR~1\FASTFR~1\FASTFR~1.DLL (Fast Free Converter)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO: No Name - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - No File
    BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
    BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - No Name - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
    Winsock: Catalog5 08 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 18 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 19 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 20 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 21 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 22 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 23 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 24 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 25 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 26 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 27 mswsock.dll File Not found (Microsoft Corporation)
    Winsock: Catalog9 28 mswsock.dll File Not found (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
    FireFox:
    ========
    FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f08iuyw8.default
    FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f08iuyw8.default\user.js
    FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    FF Extension: ShopAtHome.com Intelligent Shopping Toolbar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f08iuyw8.default\Extensions\toolbar@shopathome.com
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF HKLM\...\Firefox\Extensions: [ntfdsaftsfdfdxx@mozilla.org] C:\Users\User\AppData\Roaming\iPumper\extension_firefox.xpi
    FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0
    CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0
    CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0
    CHR HKLM\...\Chrome\Extension: [kekfoodhbhpjhjcdecjngamojfhknooc] - C:\Users\User\AppData\Roaming\iPumper\extension_chrome.crx
    ========================== Services (Whitelisted) =================
    R2 FastFreeConverterUpdt; C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe [687104 2012-11-26] ()
    S3 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [271760 2009-04-15] ()
    S2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
    S3 NecUsb; C:\Windows\system32\NUSB3w32.dll [x]
    ==================== Drivers (Whitelisted) ====================
    R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
    S3 cpuz131; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz131\cpuz_x32.sys [x]
    S3 cpuz132; \??\C:\Users\User\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [x]
    S1 MpKsl07ee8541; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F7447AB2-F1D7-44FD-8613-ED2257EE2FB2}\MpKsl07ee8541.sys [x]
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2013-07-27 23:59 - 2013-07-27 23:59 - 00000000 ____D C:\FRST
    2013-07-27 22:27 - 2013-07-27 22:26 - 01221426 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
    2013-07-27 19:48 - 2013-07-27 19:48 - 02092792 _____ C:\Users\User\Desktop\avira_free_antivirus.exe
    2013-07-27 19:47 - 2013-07-27 19:48 - 02092792 _____ C:\Users\User\Downloads\avira_free_antivirus_exe
    2013-07-27 19:36 - 2013-07-27 19:36 - 00002520 _____ C:\Users\User\Desktop\MyDefrag.dat
    2013-07-27 19:34 - 2013-07-27 19:34 - 00000534 _____ C:\Users\User\Desktop\MyDefrag.debuglog
    2013-07-27 19:33 - 2013-07-27 19:33 - 00002455 _____ C:\Users\Public\Desktop\SlimCleaner.lnk
    2013-07-27 19:33 - 2013-07-27 19:33 - 00000000 ____D C:\Users\User\AppData\Local\SlimWare Utilities Inc
    2013-07-27 19:33 - 2013-07-27 19:33 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
    2013-07-27 19:33 - 2013-07-27 19:33 - 00000000 ____D C:\Program Files\SlimCleaner
    2013-07-27 19:01 - 2013-07-27 19:01 - 00868093 _____ C:\Users\User\AppData\Local\census.cache
    2013-07-27 19:01 - 2013-07-27 19:01 - 00144437 _____ C:\Users\User\AppData\Local\ars.cache
    2013-07-27 18:50 - 2013-07-27 18:50 - 00000036 _____ C:\Users\User\AppData\Local\housecall.guid.cache
    2013-07-27 18:50 - 2012-07-26 22:02 - 00257928 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
    2013-07-27 18:46 - 2013-07-27 18:46 - 00000000 ____D C:\Windows\TempBDD4F4D8-978C-5C75-4D95-CBE179C7C82A-Signatures
    2013-07-27 16:52 - 2013-07-27 18:15 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
    2013-07-26 15:47 - 2013-07-26 15:47 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
    2013-07-26 15:47 - 2013-07-26 15:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
    2013-07-22 09:47 - 2013-07-27 22:24 - 00002764 _____ C:\Windows\setupact.log
    2013-07-22 09:47 - 2013-07-27 18:25 - 00003748 _____ C:\Windows\PFRO.log
    2013-07-22 09:47 - 2013-07-22 09:47 - 00000000 _____ C:\Windows\setuperr.log
    2013-07-22 09:31 - 2013-07-22 09:31 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2013-07-22 09:31 - 2013-07-22 09:31 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2013-07-22 09:31 - 2013-07-22 09:31 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2013-07-22 09:31 - 2013-07-22 09:31 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2013-07-22 09:31 - 2013-07-22 09:31 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2013-07-22 09:30 - 2013-07-22 09:30 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2013-07-22 09:24 - 2013-07-22 09:24 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2013-07-22 09:24 - 2013-07-22 09:24 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2013-07-22 09:12 - 2013-07-22 09:29 - 44052480 _____ C:\Windows\system32\config\SOFTWARE.iobit
    2013-07-22 09:12 - 2013-07-22 09:29 - 00258048 _____ C:\Windows\system32\config\DEFAULT.iobit
    2013-07-22 09:12 - 2013-07-22 09:29 - 00028672 _____ C:\Windows\system32\config\SAM.iobit
    2013-07-22 09:12 - 2013-07-22 09:29 - 00024576 _____ C:\Windows\system32\config\SECURITY.iobit
    2013-07-21 13:36 - 2013-07-21 13:36 - 00000440 _____ C:\Users\User\Desktop\Procharger Centrifugal Supercharger kits.url
    2013-07-20 12:10 - 2013-07-20 12:10 - 00000609 _____ C:\Users\User\Desktop\shorty header spark plugs - Google Search.url
    2013-07-06 21:55 - 2013-07-06 21:55 - 00000377 _____ C:\Users\User\Desktop\DODGE MAGNUM Sherman Radiator Core Supports - Free Shipping on Orders Over $99 at Summit Racing.url
    2013-07-01 07:55 - 2013-07-01 07:55 - 00000281 _____ C:\Users\User\Desktop\2012 Ford f-350 superduty front bumper.url
    ==================== One Month Modified Files and Folders =======
    2013-07-27 23:59 - 2013-07-27 23:59 - 00000000 ____D C:\FRST
    2013-07-27 22:27 - 2012-06-14 09:47 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-07-27 22:26 - 2013-07-27 22:27 - 01221426 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
    2013-07-27 22:25 - 2012-06-14 09:47 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-07-27 22:25 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-07-27 22:24 - 2013-07-22 09:47 - 00002764 _____ C:\Windows\setupact.log
    2013-07-27 19:53 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\LogFiles
    2013-07-27 19:48 - 2013-07-27 19:48 - 02092792 _____ C:\Users\User\Desktop\avira_free_antivirus.exe
    2013-07-27 19:48 - 2013-07-27 19:47 - 02092792 _____ C:\Users\User\Downloads\avira_free_antivirus_exe
    2013-07-27 19:41 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
    2013-07-27 19:36 - 2013-07-27 19:36 - 00002520 _____ C:\Users\User\Desktop\MyDefrag.dat
    2013-07-27 19:34 - 2013-07-27 19:34 - 00000534 _____ C:\Users\User\Desktop\MyDefrag.debuglog
    2013-07-27 19:34 - 2010-09-25 14:09 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
    2013-07-27 19:34 - 2010-08-06 21:29 - 00000000 ____D C:\Windows\Panther
    2013-07-27 19:33 - 2013-07-27 19:33 - 00002455 _____ C:\Users\Public\Desktop\SlimCleaner.lnk
    2013-07-27 19:33 - 2013-07-27 19:33 - 00000000 ____D C:\Users\User\AppData\Local\SlimWare Utilities Inc
    2013-07-27 19:33 - 2013-07-27 19:33 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
    2013-07-27 19:33 - 2013-07-27 19:33 - 00000000 ____D C:\Program Files\SlimCleaner
    2013-07-27 19:26 - 2009-07-14 00:34 - 00015184 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-07-27 19:26 - 2009-07-14 00:34 - 00015184 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-07-27 19:25 - 2010-08-06 18:35 - 00795874 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-07-27 19:16 - 2010-08-06 20:33 - 01064021 _____ C:\Windows\WindowsUpdate.log
    2013-07-27 19:14 - 2009-07-14 00:33 - 00301712 _____ C:\Windows\system32\FNTCACHE.DAT
    2013-07-27 19:13 - 2010-08-06 18:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-07-27 19:13 - 2009-07-14 03:50 - 00000000 ____D C:\Program Files\Windows Journal
    2013-07-27 19:10 - 2012-04-17 10:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-07-27 19:01 - 2013-07-27 19:01 - 00868093 _____ C:\Users\User\AppData\Local\census.cache
    2013-07-27 19:01 - 2013-07-27 19:01 - 00144437 _____ C:\Users\User\AppData\Local\ars.cache
    2013-07-27 18:50 - 2013-07-27 18:50 - 00000036 _____ C:\Users\User\AppData\Local\housecall.guid.cache
    2013-07-27 18:49 - 2012-01-29 12:32 - 00002141 _____ C:\Windows\epplauncher.mif
    2013-07-27 18:46 - 2013-07-27 18:46 - 00000000 ____D C:\Windows\TempBDD4F4D8-978C-5C75-4D95-CBE179C7C82A-Signatures
    2013-07-27 18:46 - 2012-01-29 12:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-07-27 18:25 - 2013-07-22 09:47 - 00003748 _____ C:\Windows\PFRO.log
    2013-07-27 18:16 - 2010-09-29 16:40 - 00000000 ____D C:\Program Files\Yahoo!
    2013-07-27 18:15 - 2013-07-27 16:52 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
    2013-07-27 18:15 - 2011-09-01 12:27 - 00000000 ____D C:\Program Files\PCPitstop
    2013-07-27 18:07 - 2011-09-01 12:27 - 00000000 ____D C:\ProgramData\PCPitstop
    2013-07-27 18:07 - 2011-09-01 12:27 - 00000000 ____D C:\Program Files\CA
    2013-07-27 18:07 - 2010-12-02 10:03 - 00000000 ____D C:\Users\User\AppData\Roaming\Apple Computer
    2013-07-27 18:03 - 2011-05-27 17:29 - 00000000 ____D C:\Windows\Sun
    2013-07-27 18:02 - 2013-05-28 11:15 - 00000000 ____D C:\Users\User\AppData\Local\SwvUpdater
    2013-07-27 17:15 - 2011-12-04 19:41 - 00057856 ___SH C:\Users\User\Desktop\Thumbs.db
    2013-07-27 16:44 - 2012-10-20 10:16 - 00014456 _____ C:\Users\User\Desktop\Rkill.txt
    2013-07-26 15:47 - 2013-07-26 15:47 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
    2013-07-26 15:47 - 2013-07-26 15:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
    2013-07-26 00:33 - 2010-09-24 21:14 - 00000414 _____ C:\Windows\Tasks\ParetoLogic Update Version2.job
    2013-07-25 18:00 - 2010-09-24 21:15 - 00000440 _____ C:\Windows\Tasks\ParetoLogic Registration.job
    2013-07-25 11:41 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\NDF
    2013-07-22 09:47 - 2013-07-22 09:47 - 00000000 _____ C:\Windows\setuperr.log
    2013-07-22 09:31 - 2013-07-22 09:31 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2013-07-22 09:31 - 2013-07-22 09:31 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2013-07-22 09:31 - 2013-07-22 09:31 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2013-07-22 09:31 - 2013-07-22 09:31 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2013-07-22 09:31 - 2013-07-22 09:31 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2013-07-22 09:31 - 2013-07-22 09:31 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2013-07-22 09:30 - 2013-07-22 09:30 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2013-07-22 09:29 - 2013-07-22 09:12 - 44052480 _____ C:\Windows\system32\config\SOFTWARE.iobit
    2013-07-22 09:29 - 2013-07-22 09:12 - 00258048 _____ C:\Windows\system32\config\DEFAULT.iobit
    2013-07-22 09:29 - 2013-07-22 09:12 - 00028672 _____ C:\Windows\system32\config\SAM.iobit
    2013-07-22 09:29 - 2013-07-22 09:12 - 00024576 _____ C:\Windows\system32\config\SECURITY.iobit
    2013-07-22 09:24 - 2013-07-22 09:24 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2013-07-22 09:24 - 2013-07-22 09:24 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2013-07-21 13:36 - 2013-07-21 13:36 - 00000440 _____ C:\Users\User\Desktop\Procharger Centrifugal Supercharger kits.url
    2013-07-20 12:10 - 2013-07-20 12:10 - 00000609 _____ C:\Users\User\Desktop\shorty header spark plugs - Google Search.url
    2013-07-06 21:55 - 2013-07-06 21:55 - 00000377 _____ C:\Users\User\Desktop\DODGE MAGNUM Sherman Radiator Core Supports - Free Shipping on Orders Over $99 at Summit Racing.url
    2013-07-04 10:35 - 2013-05-05 07:21 - 00001132 _____ C:\Users\Public\Desktop\Smart Defrag 2.lnk
    2013-07-04 10:34 - 2012-10-20 09:46 - 00000000 ____D C:\Users\User\AppData\Roaming\IObit
    2013-07-01 07:55 - 2013-07-01 07:55 - 00000281 _____ C:\Users\User\Desktop\2012 Ford f-350 superduty front bumper.url
    2013-06-28 06:38 - 2012-06-14 09:35 - 00000000 ____D C:\Users\User\AppData\Local\Google
    2013-06-28 06:36 - 2013-05-28 11:15 - 00000000 ____D C:\Users\User\AppData\Local\DownloadTerms
    ==================== Bamital & volsnap Check =================
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
    C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

    LastRegBack: 2013-07-23 00:17
    ==================== End Of Log ============================
     
  7. Mikjensen

    Mikjensen TS Rookie Topic Starter Posts: 37

    And Addition:

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-07-2013 04
    Ran by User at 2013-07-27 22:28:54
    Running from C:\Users\User\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Installed Programs =======================
    32 Bit HP CIO Components Installer (Version: 7.1.8)
    Adobe AIR (Version: 2.7.1.19610)
    Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
    Adobe Reader X (10.1.7) (Version: 10.1.7)
    Apple Application Support (Version: 1.4.1)
    Apple Mobile Device Support (Version: 3.3.0.69)
    Apple Software Update (Version: 2.1.2.120)
    Bejeweled 2 Deluxe 1.0
    Bonjour (Version: 2.0.4.0)
    Bookworm Deluxe 1.03
    BufferChm (Version: 140.0.212.000)
    C4700 (Version: 140.0.690.000)
    CCleaner (Version: 2.30)
    Destinations (Version: 140.0.77.000)
    DeviceDiscovery (Version: 140.0.212.000)
    ESET Online Scanner v3
    Expert PDF 7 Reader (Version: 7.0.1370.0)
    Fast Free Converter (Version: 4.1)
    Google Toolbar for Internet Explorer (Version: 1.0.0)
    Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
    Google Update Helper (Version: 1.3.21.153)
    GPBaseService2 (Version: 140.0.211.000)
    Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
    HiJackThis (Version: 1.0.0)
    Hoyle Card Games 2010 (remove only)
    HP Customer Participation Program 14.0 (Version: 14.0)
    HP Imaging Device Functions 14.0 (Version: 14.0)
    HP Photo Creations (Version: 1.0.0.2024)
    HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0)
    HP Product Detection (Version: 11.14.0001)
    HP Smart Web Printing 4.60 (Version: 4.60)
    HP Solution Center 14.0 (Version: 14.0)
    HP Update (Version: 5.003.001.001)
    HPPhotoGadget (Version: 140.0.524.000)
    HPProductAssistant (Version: 140.0.212.000)
    HPSSupply (Version: 140.0.211.000)
    IZArc 4.0 beta 1 (Version: 4.0 Build 1760)
    Java Auto Updater (Version: 2.0.6.1)
    Java(TM) 6 Update 30 (Version: 6.0.300)
    JNLP
    LG CyberLink LabelPrint (Version: 2.5.2111)
    LG CyberLink Power2Go (Version: 6.2.3325)
    LG CyberLink PowerBackup (Version: 2.5.5529)
    LG CyberLink PowerDVD (Version: 8.0.2815d)
    LG CyberLink PowerProducer (Version: 5.0.2.2130)
    LG CyberLink YouCam (Version: 2.0.3123)
    LG ODD Auto Firmware Update (Version: 9.01.1124.01)
    LG Power Tools (Version: 6.0.3316)
    Luxor (remove only)
    Luxor 2 (remove only)
    Luxor 3
    Luxor Amun Rising (remove only)
    MarketResearch (Version: 140.0.212.000)
    MediaMonkey 3.2 (Version: 3.2)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
    Microsoft Application Error Reporting (Version: 12.0.6012.5000)
    Microsoft Choice Guard (Version: 2.0.48.0)
    Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
    Microsoft Silverlight (Version: 5.1.20513.0)
    Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    MSVCRT (Version: 14.0.1468.721)
    MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
    MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
    Network (Version: 140.0.215.000)
    OpenOffice.org 3.2 (Version: 3.2.9483)
    PS_AIO_06_C4700_SW_Min (Version: 140.0.690.000)
    QuickTransfer (Version: 140.0.98.000)
    Scan (Version: 140.0.80.000)
    Shop for HP Supplies (Version: 14.0)
    ShopAtHome.com Toolbar
    ShufflePlusVLOI (Version: 1.00.0000)
    SlimCleaner (Version: 4.0.30878)
    Slingo Deluxe (Version: 1.0.11)
    Smart Defrag 2 (Version: 2.7)
    Smart Defrag 2 (Version: 2.8)
    SmartWebPrinting (Version: 140.0.186.000)
    SolutionCenter (Version: 140.0.213.000)
    Status (Version: 140.0.212.000)
    TidyView (Version: 1.0.0.0)
    Toolbox (Version: 140.0.428.000)
    TrayApp (Version: 140.0.212.000)
    Unity Web Player (HKCU Version: )
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
    VLC media player 1.1.4 (Version: 1.1.4)
    WebReg (Version: 140.0.212.017)
    Windows Driver Package - Broadcom (b57nd60x) Net (05/10/2011 14.8.0.5) (Version: 05/10/2011 14.8.0.5)
    Windows Live Communications Platform (Version: 14.0.8117.416)
    Windows Live Essentials (Version: 14.0.8117.0416)
    Windows Live Essentials (Version: 14.0.8117.416)
    Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
    Windows Live Photo Gallery (Version: 14.0.8117.416)
    Windows Live Sync (Version: 14.0.8117.416)
    Windows Live Upload Tool (Version: 14.0.8014.1029)
    Zuma Deluxe 1.0

    ==================== Restore Points =========================
    16-06-2013 23:00:20 Windows Backup
    22-06-2013 13:33:55 IObit Uninstaller restore point
    22-06-2013 13:35:42 IObit Uninstaller restore point
    22-06-2013 13:36:43 IObit Uninstaller restore point
    22-06-2013 13:44:21 IObit Uninstaller restore point
    23-06-2013 23:00:12 Windows Backup
    30-06-2013 23:00:19 Windows Backup
    07-07-2013 23:00:18 Windows Backup
    14-07-2013 23:00:19 Windows Backup
    21-07-2013 23:00:15 Windows Backup
    22-07-2013 13:21:44 Windows Modules Installer
    22-07-2013 13:22:42 Windows Modules Installer
    27-07-2013 23:06:57 Restore Operation
    27-07-2013 23:07:24 Windows Update
    ==================== Hosts content: ==========================
    2012-01-24 22:47 - 2012-01-24 22:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ==================== Scheduled Tasks (whitelisted) =============
    Task: {1EC34E55-3176-4DF5-B1CC-33F3CD2C80A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-14] (Google Inc.)
    Task: {4793344D-D363-4200-9C6F-EEEEC3BBBB6D} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13] ()
    Task: {555555D1-0305-40BB-AD9C-53C1747CD178} - System32\Tasks\ParetoLogic Registration => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
    Task: {79F9DC68-1F54-46B3-992B-54C87AC66127} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
    Task: {7A8953B0-9F27-4A1B-B5DA-A3CFF39751B5} - System32\Tasks\AmiUpdXp => C:\Users\User\AppData\Local\SwvUpdater\Updater.exe No File
    Task: {88327827-49EA-46DD-B026-9F303123402F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-14] (Google Inc.)
    Task: {9AA220C7-8831-4F92-A63B-78DE34D7358E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
    Task: {A915F5AE-C532-4C4F-BF4A-E9C1E9E6E21B} - System32\Tasks\SlimCleaner Run => C:\Program Files\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
    Task: {DF4784E6-2203-4E74-9D42-0C5549C8E166} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] ()
    Task: {F2D266B6-7BE0-4FC9-B626-39809BE06C25} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
    Task: {F5CD89AD-7093-461B-A62F-E16C0974B060} - System32\Tasks\Escolade => C:\Users\User\AppData\Roaming\iPumper\Updater.exe No File
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Windows\system32\rundll32.exe
    Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
    ==================== Faulty Device Manager Devices =============
    Name: MpKsl07ee8541
    Description: MpKsl07ee8541
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: MpKsl07ee8541
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (07/27/2013 10:21:13 PM) (Source: Windows Search Service) (User: )
    Description: The index cannot be initialized.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (07/27/2013 10:21:13 PM) (Source: Windows Search Service) (User: )
    Description: The application cannot be initialized.
    Context: Windows Application

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (07/27/2013 10:21:13 PM) (Source: Windows Search Service) (User: )
    Description: The gatherer object cannot be initialized.
    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (07/27/2013 10:21:13 PM) (Source: Windows Search Service) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
    Context: Windows Application, SystemIndex Catalog

    Details:
    Element not found. (HRESULT : 0x80070490) (0x80070490)
    Error: (07/27/2013 10:21:12 PM) (Source: Windows Search Service) (User: )
    Description: The plug-in in <Search.JetPropStore> cannot be initialized.
    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (07/27/2013 10:21:12 PM) (Source: Windows Search Service) (User: )
    Description: The Windows Search Service cannot load the property store information.
    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)
    Error: (07/27/2013 10:21:12 PM) (Source: Windows Search Service) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (07/27/2013 10:21:12 PM) (Source: Windows Search Service) (User: )
    Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (07/27/2013 10:21:12 PM) (Source: Windows Search Service) (User: )
    Description: The Windows Search Service cannot open the Jet property store.

    Details:
    0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))
    Error: (07/27/2013 10:21:12 PM) (Source: ESENT) (User: )
    Description: Windows (244) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS001C8.log.

    System errors:
    =============
    Error: (07/27/2013 10:25:29 PM) (Source: Service Control Manager) (User: )
    Description: The Function Discovery Resource Publication service terminated with the following error:
    %%-2147024891
    Error: (07/27/2013 10:25:29 PM) (Source: Service Control Manager) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
    %%-2147024891
    Error: (07/27/2013 10:25:04 PM) (Source: Service Control Manager) (User: )
    Description: The Computer Browser service terminated with the following error:
    %%1060
    Error: (07/27/2013 10:25:02 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    Error: (07/27/2013 10:25:02 PM) (Source: Service Control Manager) (User: )
    Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
    Error: (07/27/2013 10:25:02 PM) (Source: Service Control Manager) (User: )
    Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    Error: (07/27/2013 10:24:53 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
    Description: Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    Error: (07/27/2013 10:24:53 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
    Description: Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    Error: (07/27/2013 10:21:26 PM) (Source: Service Control Manager) (User: )
    Description: The Function Discovery Resource Publication service terminated with the following error:
    %%-2147024891
    Error: (07/27/2013 10:21:26 PM) (Source: Service Control Manager) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
    %%-2147024891

    Microsoft Office Sessions:
    =========================
    Error: (07/27/2013 10:21:13 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (07/27/2013 10:21:13 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (07/27/2013 10:21:13 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Error: (07/27/2013 10:21:13 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog

    Details:
    Element not found. (HRESULT : 0x80070490) (0x80070490)
    Search.TripoliIndexer
    Error: (07/27/2013 10:21:12 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    Search.JetPropStore
    Error: (07/27/2013 10:21:12 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog

    Details:
    The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)
    Error: (07/27/2013 10:21:12 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    The catalog is corrupt
    Error: (07/27/2013 10:21:12 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    4700
    Error: (07/27/2013 10:21:12 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
    0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))
    Error: (07/27/2013 10:21:12 PM) (Source: ESENT)(User: )
    Description: Windows244Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS001C8.log-1811

    ==================== Memory info ===========================
    Percentage of memory in use: 26%
    Total physical RAM: 3070.49 MB
    Available physical RAM: 2254.89 MB
    Total Pagefile: 6139.27 MB
    Available Pagefile: 5296.97 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1903.52 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:148.95 GB) (Free:111.86 GB) NTFS
    Drive d: () (Fixed) (Total:149.05 GB) (Free:46.67 GB) NTFS
    Drive g: () (Removable) (Total:1.88 GB) (Free:1.13 GB) FAT
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 2E986156)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: D6B0D92D)
    Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 2 (Size: 2 GB) (Disk ID: 91F72D24)
    Partition 1: (Active) - (Size=2 GB) - (Type=06)
    ==================== End Of Log ============================
     
  8. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    I can see you booted to normal mode no problem :)

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Re-run FRST one more time and post new log.
    Also let me know how the computer is doing.
     

    Attached Files:

  9. Mikjensen

    Mikjensen TS Rookie Topic Starter Posts: 37

    The computer is working fine now. I was able to reinstall Microsoft Security Essentials and I am able to download.
    Here is the Fixlog:
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-07-2013 04
    Ran by User at 2013-07-28 07:08:54 Run:2
    Running from C:\Users\User\Desktop
    Boot Mode: Normal
    ==============================================
    [1508] C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe => Process closed successfully.
    C:\Program Files\Fast Free Converter => Moved successfully.
    HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
    HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B422F1BC-9ADB-48A7-8B13-00C176039DC5} => Key deleted successfully.
    HKCR\CLSID\{B422F1BC-9ADB-48A7-8B13-00C176039DC5} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2} => Key deleted successfully.
    HKCR\CLSID\{E8DAAA30-6CAA-4b58-9603-8E54238219E2} => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4} => Value deleted successfully.
    HKCR\CLSID\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4} => Key not found.
    Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
    Winsock: Catalog5 entry 000000000008\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
    HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
    FF Plugin: @microsoft.com/GENUINE - disabled No File not found.
    FastFreeConverterUpdt => Service deleted successfully.
    NecUsb => Service deleted successfully.
    "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
    "C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
    "C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\DbgHelp.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\EppManifest.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\MpCommu.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\MSESysprep.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\msseoobe.exe" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\msseooberes.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\NisLog.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\NisSrv.exe" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\NisWFP.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\Setup.exe" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\SetupRes.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\sqmapi.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\SymSrv.dll" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking done.
    "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A8953B0-9F27-4A1B-B5DA-A3CFF39751B5} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A8953B0-9F27-4A1B-B5DA-A3CFF39751B5} => Key deleted successfully.
    C:\Windows\System32\Tasks\AmiUpdXp => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5CD89AD-7093-461B-A62F-E16C0974B060} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5CD89AD-7093-461B-A62F-E16C0974B060} => Key deleted successfully.
    C:\Windows\System32\Tasks\Escolade => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Escolade => Key deleted successfully.

    The system needs a manual reboot.
    ==== End of Fixlog ====
     
  10. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Good news :)

     
  11. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    Still with me?
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,015   +255

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.