Jump to content

Recommended Posts

Posted

Hi Mike,

 

Not all AV vendors recognise this,

But these do:

McAfee ........ Artemis!B8C28F56DE98

Malwarebytes... Trojan.Dropper

ESET-NOD32..... a variant of Win32/Injector.BNUF

BitDefender.... Gen:Variant.Graftor.160158

Emsisoft....... Gen:Variant.Graftor.160158 (B)

DrWeb ......... Trojan.PWS.Panda.655

Baidu-International ....Trojan.Win32.Injector.BBNUF

 

Obviously the reason for the message at start up is because a security program has removed the threat but has left the startup entry on the system.

Windows is then looking for the file to start.

Just remove the entry from the startup folder.

 

can't find anything on it online?

Take a look Here

76c90dd0e79a714317a8daeecc1584d2.png

Posted

Hi Pete, sorry not understanding this, I looked in the Task Manager and Msconfig lists but not seeing an entry with the letters "yyge"? If you mean the programs under "All Programs" from the Start menu, not understanding which program to remove?

Posted

Hi Mike,

 

Ok, let's do this the easy way:

 

Note:

There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

 

If you are unsure what you're system bit type is..... click Here for help.

 

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

 

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

 

  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
     
    67b8a322b3fecbffae763351382a8dca.png
     
  • When the tool opens click Yes to disclaimer.
     
    cc2ccbb50981864d118e9de685cc046d.png
     
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.
     
    ef325918e61521910a00fa9df49ce75a.png
     
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

76c90dd0e79a714317a8daeecc1584d2.png

Posted

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2014

Ran by user (administrator) on USER-PC on 22-10-2014 16:29:48

Running from C:\Users\user\Desktop

Loaded Profile: user (Available profiles: user)

Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe

(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe

(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe

(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\System32\audiodg.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe

(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM\...\Run: [samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [566112 2014-07-29] (Copyright 2013 SAMSUNG)

HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [143792 2013-10-09] (Trend Micro Inc.)

HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKU\S-1-5-21-3001920249-2789374724-3985487498-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE [219008 2011-04-24] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-3001920249-2789374724-3985487498-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)

HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-04-22] (Microsoft Corporation)

Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yshrg.vbs ()

ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x26C8480E975DCF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)

BHO: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)

Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)

Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xt2fsygy.default

FF DefaultSearchEngine: Conduit Search

FF SelectedSearchEngine: Conduit Search

FF Homepage: https://my.yahoo.com/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xt2fsygy.default\searchplugins\conduit-search.xml

FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension

FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-08-26]

FF HKLM\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension

FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-05-21]

FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension

FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-05-21]

 

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]

CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]

CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]

CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]

CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]

CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [401800 2013-12-21] (Samsung) [File not signed]

R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [573280 2014-07-29] (Copyright 2013 SAMSUNG)

S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1343400 2014-04-21] () [File not signed]

S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb -dt=60000 -ad -bt=0 [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [164864 2009-07-13] (Intel Corporation)

R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)

R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [103416 2013-12-03] (Trend Micro Inc.)

R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [290376 2013-12-03] (Trend Micro Inc.)

R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [40736 2013-07-01] (Trend Micro Inc.)

R2 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [85280 2013-06-13] (Trend Micro Inc.)

R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [83864 2013-12-03] (Trend Micro Inc.)

R2 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [282272 2013-05-22] (Trend Micro Inc.)

R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.)

S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-22 16:29 - 2014-10-22 16:30 - 00012461 _____ () C:\Users\user\Desktop\FRST.txt

2014-10-22 16:29 - 2014-10-22 16:29 - 00000000 ____D () C:\FRST

2014-10-22 16:28 - 2014-10-22 16:28 - 01103360 _____ (Farbar) C:\Users\user\Desktop\FRST.exe

2014-10-21 13:07 - 2014-10-21 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint

2014-10-21 13:07 - 2014-10-21 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

2014-10-21 13:04 - 2014-10-21 13:04 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services

2014-10-21 13:04 - 2014-10-21 13:04 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-10-21 13:03 - 2014-10-21 13:03 - 00000000 ____D () C:\Windows\PCHEALTH

2014-10-21 13:03 - 2014-10-21 13:03 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework

2014-10-21 13:03 - 2014-10-21 13:03 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition

2014-10-21 13:01 - 2014-10-21 13:01 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8

2014-10-21 13:00 - 2014-10-21 13:00 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services

2014-10-21 12:59 - 2014-10-21 13:03 - 00000000 ____D () C:\Program Files\Microsoft Office

2014-10-21 12:59 - 2014-10-21 12:59 - 00000000 __RHD () C:\MSOCache

2014-10-20 07:29 - 2014-10-21 12:36 - 00000000 _____ () C:\Windows\DCEBOOT.LOG

2014-10-20 07:26 - 2014-10-20 07:30 - 00021528 _____ () C:\Windows\DCEBoot.exe

2014-10-20 07:25 - 2014-10-20 07:27 - 00000000 ____D () C:\Users\user\AppData\Roaming\sqmjyr

2014-10-15 01:27 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-15 01:27 - 2014-09-28 20:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-15 01:27 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-15 01:27 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-15 01:27 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-15 01:27 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-15 01:27 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-15 01:27 - 2014-09-18 21:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-15 01:27 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-15 01:27 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-15 01:27 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-15 01:27 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-15 01:27 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-15 01:27 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-15 01:27 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-15 01:27 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-15 01:27 - 2014-09-18 20:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-15 01:27 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-15 01:27 - 2014-09-18 20:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-15 01:27 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-15 01:27 - 2014-09-18 20:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-15 01:27 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-15 01:27 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-15 01:27 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-15 01:27 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-15 01:26 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-15 01:26 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-15 01:26 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-15 01:26 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-15 01:26 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-15 01:26 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-15 01:26 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-15 01:26 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-15 01:26 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-15 01:26 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-15 01:26 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-10-15 01:26 - 2014-07-16 21:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-15 01:26 - 2014-07-16 21:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-15 01:26 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll

2014-10-15 01:26 - 2014-07-16 21:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-15 01:26 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-15 01:26 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-15 01:26 - 2014-07-16 21:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-15 01:26 - 2014-07-16 21:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-15 01:26 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-15 01:26 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-15 01:26 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-15 01:26 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-10-15 01:26 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-10-15 01:26 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-10-15 01:26 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-10-15 01:25 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2014-10-15 01:25 - 2014-08-18 22:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2014-10-15 01:25 - 2014-08-18 22:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2014-10-15 01:25 - 2014-08-18 22:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2014-10-15 01:25 - 2014-08-18 22:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2014-10-15 01:25 - 2014-08-18 21:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2014-10-15 01:25 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2014-10-15 01:25 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2014-10-15 01:25 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2014-10-15 01:25 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2014-10-15 01:25 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2014-10-15 01:25 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-10-15 01:25 - 2014-07-06 21:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2014-10-15 01:25 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-10-15 01:25 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-10-15 01:25 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-10-15 01:25 - 2014-07-06 21:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2014-10-15 01:25 - 2014-06-27 20:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2014-10-15 01:25 - 2014-06-27 20:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2014-10-15 01:25 - 2014-06-27 20:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2014-10-14 17:45 - 2014-10-15 18:45 - 00000000 ____D () C:\ALBUMS

2014-10-14 08:03 - 2014-10-14 08:03 - 00000000 ____D () C:\Users\user\AppData\Local\MediaMonkey

2014-10-14 08:02 - 2014-10-20 07:27 - 00000000 ____D () C:\Users\user\AppData\Roaming\MediaMonkey

2014-10-14 08:02 - 2014-10-14 08:02 - 00001005 _____ () C:\Users\Public\Desktop\MediaMonkey.lnk

2014-10-14 08:02 - 2014-10-14 08:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey

2014-10-14 08:02 - 2014-10-14 08:02 - 00000000 ____D () C:\ProgramData\MediaMonkey

2014-10-14 08:02 - 2014-10-14 08:02 - 00000000 ____D () C:\Program Files\MediaMonkey

2014-10-14 08:01 - 2014-10-14 08:01 - 15197616 _____ (Ventis Media Inc. ) C:\Users\user\Downloads\MediaMonkey_4.1.4.1709.exe

2014-10-13 13:10 - 2014-10-13 13:10 - 00880272 _____ (Google Inc.) C:\Users\user\Downloads\googledrivesync.exe

2014-10-13 13:10 - 2014-10-13 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2014-10-08 16:29 - 2014-10-08 16:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RMPrepUSB

2014-10-08 16:29 - 2014-10-08 16:29 - 00000000 ____D () C:\Program Files\RMPrepUSB

2014-10-07 09:43 - 2014-10-07 09:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\PowerISO

2014-10-07 09:41 - 2014-10-08 08:01 - 00000000 ____D () C:\pebuilder3110a

2014-10-07 09:41 - 2014-10-07 09:41 - 03306678 _____ (Bart Lagerweij ) C:\Users\user\Downloads\pebuilder3110a.exe

2014-10-07 09:38 - 2014-10-07 09:38 - 02959872 _____ (Power Software Ltd) C:\Users\user\Downloads\PowerISO6.exe

2014-10-07 09:34 - 2014-10-07 09:34 - 00815616 _____ () C:\Users\user\Downloads\WinSetupFromUSB 0-2-2.exe

2014-10-07 09:31 - 2014-10-07 09:31 - 00815616 _____ () C:\Users\user\Downloads\WinSetupFromUSB 0-2-2.exe.exe

2014-10-06 18:35 - 2014-10-06 18:39 - 498751488 _____ () C:\Users\user\Documents\VRMSP_EN.ISO

2014-10-03 13:25 - 2014-10-03 13:59 - 00000000 ____D () C:\AlbumPlayerData

2014-10-03 13:23 - 2014-10-03 13:59 - 00000000 ____D () C:\Users\user\AppData\Roaming\AlbumPlayer

2014-10-03 13:23 - 2014-10-03 13:25 - 00000000 ____D () C:\ProgramData\AlbumPlayer

2014-10-03 13:23 - 2014-10-03 13:23 - 00000000 ____D () C:\Users\user\AppData\Local\AlbumPlayer

2014-10-03 13:23 - 2014-10-03 13:23 - 00000000 ____D () C:\Program Files\Bonjour

2014-10-03 13:22 - 2014-10-03 13:22 - 00001005 _____ () C:\Users\user\Desktop\AlbumPlayer.lnk

2014-10-03 13:22 - 2014-10-03 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AlbumPlayer

2014-10-03 13:21 - 2014-10-03 13:22 - 00000000 ____D () C:\Program Files\AlbumPlayer

2014-10-03 13:20 - 2014-10-03 13:21 - 27904340 _____ (Albumon ) C:\Users\user\Downloads\albumplayer_demo.exe

2014-09-27 07:37 - 2014-09-27 07:37 - 00000000 ___RD () C:\Program Files\Skype

2014-09-27 07:37 - 2014-09-27 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-27 07:37 - 2014-09-27 07:37 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-09-27 07:36 - 2014-09-27 07:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\Apple Computer

2014-09-24 18:55 - 2014-09-24 18:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-09-23 13:55 - 2014-09-23 13:55 - 00000000 ____D () C:\Users\user\AppData\Local\Apple Computer

2014-09-23 07:15 - 2014-09-23 07:16 - 00000000 ____D () C:\Program Files\QuickTime

2014-09-23 07:15 - 2014-09-23 07:15 - 00001815 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-09-23 07:15 - 2014-09-23 07:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-09-23 07:15 - 2014-09-23 07:15 - 00000000 ____D () C:\ProgramData\Apple Computer

2014-09-23 07:13 - 2014-09-23 07:13 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-09-23 07:12 - 2014-09-23 07:12 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2014-09-23 07:12 - 2014-09-23 07:12 - 00000000 ____D () C:\Users\user\AppData\Local\Apple

2014-09-23 07:12 - 2014-09-23 07:12 - 00000000 ____D () C:\ProgramData\Apple

2014-09-23 07:12 - 2014-09-23 07:12 - 00000000 ____D () C:\Program Files\Apple Software Update

2014-09-23 07:09 - 2014-09-23 07:09 - 41945432 _____ (Apple Inc.) C:\Users\user\Downloads\QuickTimeInstaller.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-22 16:28 - 2014-04-21 15:40 - 00115288 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT

2014-10-22 16:28 - 2009-07-14 00:34 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-22 16:28 - 2009-07-14 00:34 - 00010128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-22 16:15 - 2014-08-19 14:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-22 16:11 - 2014-08-26 09:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype

2014-10-22 15:59 - 2014-04-21 15:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-22 13:15 - 2014-08-19 14:16 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-22 12:13 - 2014-04-21 18:14 - 01085139 _____ () C:\Windows\WindowsUpdate.log

2014-10-22 12:08 - 2014-04-22 06:31 - 00017298 _____ () C:\Windows\PFRO.log

2014-10-22 12:08 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-22 12:08 - 2009-07-14 00:39 - 00060662 _____ () C:\Windows\setupact.log

2014-10-22 12:08 - 2009-07-14 00:33 - 00428096 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-22 11:54 - 2014-07-07 13:43 - 00000000 ____D () C:\Users\user\Desktop\JOBS

2014-10-22 06:38 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-10-21 19:25 - 2014-09-09 12:32 - 00000000 ____D () C:\Users\user\Desktop\Daisy

2014-10-21 14:27 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-10-21 13:11 - 2014-04-21 17:32 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-10-21 13:05 - 2009-07-14 03:48 - 00000000 ____D () C:\Windows\ShellNew

2014-10-21 13:05 - 2009-07-14 00:52 - 00000000 ____D () C:\Program Files\MSBuild

2014-10-21 13:05 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2014-10-21 13:03 - 2014-04-21 17:35 - 00000000 ____D () C:\Program Files\Microsoft.NET

2014-10-21 13:01 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\System

2014-10-21 13:01 - 2009-07-13 22:04 - 00000478 _____ () C:\Windows\win.ini

2014-10-20 07:31 - 2014-09-15 15:37 - 00000000 ____D () C:\Users\user\Desktop\Test

2014-10-20 07:27 - 2014-05-30 11:06 - 00209432 _____ () C:\Windows\RegBootClean.exe

2014-10-18 08:34 - 2014-06-25 12:55 - 00000000 ____D () C:\goldwave

2014-10-18 08:22 - 2014-04-21 15:22 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-17 13:36 - 2014-08-19 14:17 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-10-15 04:16 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache

2014-10-14 17:42 - 2014-09-09 15:58 - 00000000 ___RD () C:\LUTHER

2014-10-14 17:06 - 2014-07-22 06:51 - 00000000 ____D () C:\Users\user\Desktop\Sur pics

2014-10-14 11:05 - 2014-05-21 19:59 - 00000000 ____D () C:\ProgramData\Trend Micro

2014-10-13 13:10 - 2014-08-19 14:16 - 00000000 ____D () C:\Users\user\AppData\Local\Google

2014-10-13 13:10 - 2014-08-19 14:16 - 00000000 ____D () C:\Program Files\Google

2014-10-10 15:27 - 2014-07-22 16:52 - 00000000 ____D () C:\Users\user\Desktop\Speakers

2014-10-07 08:31 - 2014-05-21 20:00 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2014-10-06 18:30 - 2014-09-12 10:41 - 00000000 ____D () C:\Cruzer files

2014-09-29 06:32 - 2014-04-21 15:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-09-27 07:37 - 2014-08-26 09:48 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-27 07:37 - 2014-08-26 09:47 - 00000000 ____D () C:\ProgramData\Skype

2014-09-24 14:59 - 2014-04-21 15:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-09-24 14:59 - 2014-04-21 15:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

 

Some content of TEMP:

====================

C:\Users\user\AppData\Local\Temp\39340F291.exe

C:\Users\user\AppData\Local\Temp\68e3f.exe

C:\Users\user\AppData\Local\Temp\6F19Aa.exe

C:\Users\user\AppData\Local\Temp\7b26.exe

C:\Users\user\AppData\Local\Temp\burnsetup.exe

C:\Users\user\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\user\AppData\Local\Temp\i4jdel0.exe

C:\Users\user\AppData\Local\Temp\instract.exe

C:\Users\user\AppData\Local\Temp\nsc6F7D.exe

C:\Users\user\AppData\Local\Temp\nsh6D79.exe

C:\Users\user\AppData\Local\Temp\nsmF106.exe

C:\Users\user\AppData\Local\Temp\nss5248.exe

C:\Users\user\AppData\Local\Temp\nsx543C.exe

C:\Users\user\AppData\Local\Temp\ose00000.exe

C:\Users\user\AppData\Local\Temp\ose00001.exe

C:\Users\user\AppData\Local\Temp\SamsungAPInstaller_1409741304560.exe

C:\Users\user\AppData\Local\Temp\SearchProtectINT.exe

C:\Users\user\AppData\Local\Temp\sp-downloader.exe

C:\Users\user\AppData\Local\Temp\tmp8B39.exe

C:\Users\user\AppData\Local\Temp\vpsetup.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-10-16 08:41

 

==================== End Of Log ============================

Posted

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-10-2014

Ran by user at 2014-10-22 16:30:21

Running from C:\Users\user\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Trend Micro Titanium Maximum Security (Disabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Trend Micro Titanium Maximum Security (Disabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

95742 (HKLM\...\{d1e17d14-cabc-4f6f-9f46-c7ecf813645e}.sdb) (Version: - )

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

AlbumPlayer V5.3e Demo Edition (HKLM\...\AlbumPlayer Demo Edition_is1) (Version: - Albumon)

AllShare Framework DMS (HKLM\...\{1C2A409B-3D00-4EE7-B13C-3C70AB8704B0}) (Version: 1.3.23 - Samsung)

Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)

BPM Counter 1.6.0.0 (HKLM\...\BPM Counter_is1) (Version: 1.6.0.0 - AbyssMedia.com)

Briz MP3 Splitter (HKLM\...\Briz MP3 Splitter_is1) (Version: - )

CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden

CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)

EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version: - SEIKO EPSON Corporation)

erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden

Free YouTube to MP3 Converter version 3.12.34.430 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.)

GoldWave v5.70 (HKLM\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)

Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)

Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)

Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden

HP Softpaq SP45813 (HKLM\...\SP45813) (Version: - )

ImgBurn (HKLM\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!)

Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2413 - Intel Corporation)

Intel® Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)

IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)

Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)

LWS Facebook (Version: 13.50.854.0 - Logitech) Hidden

LWS Gallery (Version: 13.51.827.0 - Logitech) Hidden

LWS Help_main (Version: 13.51.828.0 - Logitech) Hidden

LWS Launcher (Version: 13.51.828.0 - Logitech) Hidden

LWS Motion Detection (Version: 13.51.815.0 - Logitech) Hidden

LWS Pictures And Video (Version: 13.51.815.0 - Logitech) Hidden

LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden

LWS Webcam Software (Version: 13.51.815.0 - Logitech) Hidden

LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden

LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden

MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MP3 Diags (HKLM\...\MP3Diags) (Version: - )

MP3 Splitter 5.5.1.a (HKLM\...\F87A61F2-76B1-4D8B-BBE5-C23086BF8E95_is1) (Version: - Accmeware Corporation)

OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)

QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)

RMPrepUSB (HKLM\...\RMPrepUSB) (Version: - )

Samsung Link 2.0.0.1407291559 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1407291559 - Copyright 2013 SAMSUNG)

Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)

TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)

Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden

Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)

VirtualDJ (HKLM\...\VirtualDJ) (Version: - )

WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points =========================

 

21-10-2014 16:28:23 Removed Microsoft Office Professional Plus 2010

21-10-2014 16:59:06 Installed Microsoft Office Professional Plus 2010

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0E577432-A09F-4C2C-97A7-FB0BF6BB203D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-19] (Google Inc.)

Task: {6B6C1EEA-9A81-42BF-A948-9CA95F810552} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-08-06] (Trend Micro Inc.)

Task: {854B572C-F8D7-4D76-8753-CD9E1C8A90DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {93AF4437-BB52-46F0-979A-AF35A95F3B4E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-19] (Google Inc.)

Task: {96EEC2D1-88A0-4324-8291-0F79E4AF8F60} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-04-21] ()

Task: {A2F352EE-0ABF-422D-8B97-4EDDE3E8E228} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-04-22 13:34 - 2014-07-29 15:59 - 00022016 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll

2014-04-22 13:34 - 2014-07-29 15:59 - 00041472 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll

2013-12-21 11:15 - 2013-12-21 11:15 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\JNIInterface.dll

2013-12-21 11:15 - 2013-12-21 11:15 - 00119296 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ASFAPI.dll

2013-12-21 11:17 - 2013-12-21 11:17 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MediaDB_Manager.dll

2013-10-01 09:46 - 2013-10-01 09:46 - 00025600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MediaDB.dll

2013-10-22 09:48 - 2013-10-22 09:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll

2013-12-21 11:17 - 2013-12-21 11:17 - 00589824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMS_Manager.dll

2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll

2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll

2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll

2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll

2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll

2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll

2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll

2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll

2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

2014-04-22 13:34 - 2014-07-29 15:59 - 01595392 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll

2014-04-22 13:34 - 2014-07-29 15:59 - 01165824 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll

2014-07-31 14:07 - 2014-07-31 14:07 - 00640512 _____ () C:\Windows\Temp\sqlite-3.7.151-x86-sqlitejdbc.dll

2013-12-11 16:46 - 2013-12-11 16:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll

2013-10-24 16:53 - 2013-10-24 16:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll

2013-12-11 16:46 - 2013-12-11 16:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll

2013-12-11 16:46 - 2013-12-11 16:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll

2013-10-25 19:48 - 2013-10-25 19:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll

2013-10-25 19:48 - 2013-10-25 19:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll

2013-10-25 19:49 - 2013-10-25 19:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll

2013-10-25 19:48 - 2013-10-25 19:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll

2013-10-25 19:48 - 2013-10-25 19:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll

2013-10-25 19:48 - 2013-10-25 19:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll

2013-12-11 16:45 - 2013-12-11 16:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll

2013-10-25 19:53 - 2013-10-25 19:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll

2013-10-25 19:53 - 2013-10-25 19:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll

2013-12-11 16:45 - 2013-12-11 16:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll

2013-10-25 19:48 - 2013-10-25 19:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll

2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll

2013-10-25 19:53 - 2013-10-25 19:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll

2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll

2013-10-25 19:48 - 2013-10-25 19:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll

2013-10-24 16:53 - 2013-10-24 16:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll

2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll

2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll

2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll

2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll

2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll

2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll

2014-09-24 18:55 - 2014-09-24 18:55 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

2014-09-09 17:59 - 2014-09-09 17:59 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-3001920249-2789374724-3985487498-500 - Administrator - Disabled)

Guest (S-1-5-21-3001920249-2789374724-3985487498-501 - Limited - Disabled)

user (S-1-5-21-3001920249-2789374724-3985487498-1000 - Administrator - Enabled) => C:\Users\user

 

==================== Faulty Device Manager Devices =============

 

Name: PCI Serial Port

Description: PCI Serial Port

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: PS/2 Compatible Mouse

Description: PS/2 Compatible Mouse

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

Name: Standard PS/2 Keyboard

Description: Standard PS/2 Keyboard

Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard keyboards)

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/22/2014 00:08:43 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

 

Error: (10/21/2014 00:36:46 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

 

Error: (10/20/2014 07:30:08 AM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

 

Error: (10/16/2014 06:19:19 AM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

 

Error: (10/15/2014 03:39:10 AM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

 

Error: (10/14/2014 07:33:21 AM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

 

Error: (10/12/2014 10:05:40 AM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

 

Error: (10/11/2014 07:14:02 AM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

 

Error: (10/11/2014 07:03:01 AM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

 

Error: (10/06/2014 04:02:40 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

 

 

System errors:

=============

Error: (10/21/2014 07:53:33 PM) (Source: DCOM) (EventID: 10001) (User: )

Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

 

Error: (10/21/2014 01:58:48 AM) (Source: DCOM) (EventID: 10001) (User: )

Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

 

Error: (10/20/2014 06:55:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The SPP Notification Service service terminated with the following error:

%%5

 

Error: (10/20/2014 05:55:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The SPP Notification Service service terminated with the following error:

%%5

 

Error: (10/20/2014 04:55:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The SPP Notification Service service terminated with the following error:

%%5

 

Error: (10/20/2014 03:55:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The SPP Notification Service service terminated with the following error:

%%5

 

Error: (10/20/2014 02:55:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The SPP Notification Service service terminated with the following error:

%%5

 

Error: (10/20/2014 01:55:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The SPP Notification Service service terminated with the following error:

%%5

 

Error: (10/20/2014 00:55:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The SPP Notification Service service terminated with the following error:

%%5

 

Error: (10/19/2014 11:55:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The SPP Notification Service service terminated with the following error:

%%5

 

 

Microsoft Office Sessions:

=========================

Error: (10/22/2014 00:08:43 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: 0x800700050x00000000

 

Error: (10/21/2014 00:36:46 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: 0x800700050x00000000

 

Error: (10/20/2014 07:30:08 AM) (Source: Winlogon) (EventID: 4103) (User: )

Description: 0x800700050x00000000

 

Error: (10/16/2014 06:19:19 AM) (Source: Winlogon) (EventID: 4103) (User: )

Description: 0x800700050x00000000

 

Error: (10/15/2014 03:39:10 AM) (Source: Winlogon) (EventID: 4103) (User: )

Description: 0x800700050x00000000

 

Error: (10/14/2014 07:33:21 AM) (Source: Winlogon) (EventID: 4103) (User: )

Description: 0x800700050x00000000

 

Error: (10/12/2014 10:05:40 AM) (Source: Winlogon) (EventID: 4103) (User: )

Description: 0x800700050x00000000

 

Error: (10/11/2014 07:14:02 AM) (Source: Winlogon) (EventID: 4103) (User: )

Description: 0x800700050x00000000

 

Error: (10/11/2014 07:03:01 AM) (Source: Winlogon) (EventID: 4103) (User: )

Description: 0x800700050x00000000

 

Error: (10/06/2014 04:02:40 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: 0x800700050x00000000

 

 

==================== Memory info ===========================

 

Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz

Percentage of memory in use: 64%

Total physical RAM: 1977.25 MB

Available physical RAM: 709.05 MB

Total Pagefile: 3954.49 MB

Available Pagefile: 2612.65 MB

Total Virtual: 2047.88 MB

Available Virtual: 1902.21 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:465.76 GB) (Free:61.75 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 07F2837E)

Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Posted

Hi Mike,

 

Ok, there wasn't actually an .exe called yyge in the startup folder.

But if you look at the link i gave earlier about the malware, you will see some files created at the bottom of the first page:

 

C:\DOCUME~1\User\LOCALS~1\Temp\NEW-ORDER_11.scr

C:\Documents and Settings\User\Application Data\sqmjyr\yyge.exe

C:\Documents and Settings\User\Application Data\sqmjyr\yyge.bat

C:\Documents and Settings\User\Start Menu\Programs\Startup\yshrsg.vbs

The startup entry in your report is actually the:

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yshrg.vbs

and although yyge.exe is not listed, the folder it resides in is showing:

C:\Users\user\AppData\Roaming\sqmjyr

So your security program that removed yyge.exe ... only did half a job.

 

Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.

NOTE.

It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine.

Running this on another machine may cause damage to your operating system

 

Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

 

0df4bc680758f78740215d6a95eed89e.png

 

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

 

This fix should sort the problem for you.

You also had remnants of conduit on the system... so i've added these to the fix as well.

fixlist.txt

76c90dd0e79a714317a8daeecc1584d2.png

Posted

Problem solved, wish I could do what you've just done, as usual thanks a million for the help Pete!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-10-2014

Ran by user at 2014-10-22 17:52:59 Run:1

Running from C:\Users\user\Desktop

Loaded Profile: user (Available profiles: user)

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

FF DefaultSearchEngine: Conduit Search

FF SelectedSearchEngine: Conduit Search

FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xt2fsygy.default\searchplugins\conduit-search.xml

Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yshrg.vbs ()

S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

2014-10-20 07:25 - 2014-10-20 07:27 - 00000000 ____D () C:\Users\user\AppData\Roaming\sqmjyr

C:\Users\user\AppData\Local\Temp\39340F291.exe

C:\Users\user\AppData\Local\Temp\68e3f.exe

C:\Users\user\AppData\Local\Temp\6F19Aa.exe

C:\Users\user\AppData\Local\Temp\7b26.exe

C:\Users\user\AppData\Local\Temp\burnsetup.exe

C:\Users\user\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\user\AppData\Local\Temp\i4jdel0.exe

C:\Users\user\AppData\Local\Temp\instract.exe

C:\Users\user\AppData\Local\Temp\nsc6F7D.exe

C:\Users\user\AppData\Local\Temp\nsh6D79.exe

C:\Users\user\AppData\Local\Temp\nsmF106.exe

C:\Users\user\AppData\Local\Temp\nss5248.exe

C:\Users\user\AppData\Local\Temp\nsx543C.exe

C:\Users\user\AppData\Local\Temp\ose00000.exe

C:\Users\user\AppData\Local\Temp\ose00001.exe

C:\Users\user\AppData\Local\Temp\SamsungAPInstaller_1409741304560.exe

C:\Users\user\AppData\Local\Temp\SearchProtectINT.exe

C:\Users\user\AppData\Local\Temp\sp-downloader.exe

C:\Users\user\AppData\Local\Temp\tmp8B39.exe

C:\Users\user\AppData\Local\Temp\vpsetup.exe

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yshrg.vbs

Hosts:

CMD: ipconfig /flushdns

EmptyTemp:

*****************

 

Firefox DefaultSearchEngine deleted successfully.

Firefox SelectedSearchEngine deleted successfully.

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xt2fsygy.default\searchplugins\conduit-search.xml => Moved successfully.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yshrg.vbs => Moved successfully.

MBAMSwissArmy => Service deleted successfully.

C:\Users\user\AppData\Roaming\sqmjyr => Moved successfully.

C:\Users\user\AppData\Local\Temp\39340F291.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\68e3f.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\6F19Aa.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\7b26.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\burnsetup.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\i4jdel0.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\instract.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\nsc6F7D.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\nsh6D79.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\nsmF106.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\nss5248.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\nsx543C.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\ose00000.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\ose00001.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\SamsungAPInstaller_1409741304560.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\SearchProtectINT.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\sp-downloader.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\tmp8B39.exe => Moved successfully.

C:\Users\user\AppData\Local\Temp\vpsetup.exe => Moved successfully.

"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yshrg.vbs" => File/Directory not found.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

 

========= ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

EmptyTemp: => Removed 2.1 GB temporary data.

 

 

The system needed a reboot.

 

==== End of Fixlog ====

Posted
Problem solved

That's good to hear.

 

thanks a million for the help Pete!

You're more than welcome Mike.

 

To completely remove FRST:

Right click on the FRST icon and select delete ( you can also do this for the files that have been created on the Desktop).

Then navigate to:

C:\FRST

 

and delete the FRST folder.

 

Glad I was able to help.

 

Safe surfing. e551c0a6c62160eeac0c672f27ea97b9.gif

76c90dd0e79a714317a8daeecc1584d2.png

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...