3 Attachment(s)
Win32.Load Money and Yandex removal advice please
:greeting: It is with great relief - I suspect and hope - that I have found the Malware Removal community and forums hosted by Spybot. This is my first post and although I have read up on the general before you post 'To do's and don'ts' it may yet happen that I make a mistake for which I ask your patient indulgence - I will try to do my best to learn and evolve.
So my problems are 2 :
The first is the high level threat of the title Win.32 Load Money which Spybot identifies but can only temporarily remove.
The second is the hijacking browser Yandex which, was I believe, behind a crashing of my computer about a week ago. Spybot however did not identify Yandex probably because I created a 'whitelist' after receiving my computer back from one of our town's computer service technicians with the expectation that Yandex had been removed though, as I subsequently discovered he had not, or not thoroughly enough.
As per your general instructions in 'Before you post ' I attach the DDS and aswMBR logs.
I await your response with new confidence that I have finally found the IT equivalent of an :angel: ie., a resource for my computer ailments that will not only suggest the right fix but really help me learn more about this brave new world of IT.
Yours faithfully, Wendy
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16521
Run by gokarna at 23:48:48 on 2014-03-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1911 [GMT 2:00]
.
AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = about:blank
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1394956558&from=cor&uid=ST9500325AS_5VEJD9L0XXXX5VEJD9L0&q={searchTerms}
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1394956558&from=cor&uid=ST9500325AS_5VEJD9L0XXXX5VEJD9L0&q={searchTerms}
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {8984B388-A5BB-4DF7-B274-77B879E179DB} - <orphaned>
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - <orphaned>
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [AtherosBtStack] "c:\program files\bluetooth suite\btvstack.exe"
mRun: [AthBtTray] "c:\program files\bluetooth suite\athbttray.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\gokarna\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.141\SSScheduler.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_03\bin\npjpi150_03.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{733E2F48-96DF-4D1F-8B3A-CF5DC96FDA40} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{733E2F48-96DF-4D1F-8B3A-CF5DC96FDA40}\14A5A554 : DHCPNameServer = 195.175.39.40 195.175.39.39 192.168.2.10
TCP: Interfaces\{733E2F48-96DF-4D1F-8B3A-CF5DC96FDA40}\742716E646028416C696360284F64756C6 : DHCPNameServer = 10.11.128.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gokarna\appdata\roaming\mozilla\firefox\profiles\hullhm7j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx browser plug-in\npdivx32.dll
FF - plugin: c:\program files\mcafee security scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2014-3-21 541680]
R0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2014-3-21 26608]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2014-3-21 16880]
R1 SDHookDriver;Hook Test Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2014-3-15 46248]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2012-5-30 97920]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-3-15 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-3-15 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-3-15 171416]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2012-5-30 327296]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2012-5-30 35968]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2014-3-21 302920]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2014-3-21 101192]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2014-3-21 27976]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2014-3-21 158688]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2014-3-21 66448]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2014-3-21 119624]
R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2014-3-21 496456]
R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\TeeDriver.sys [2014-3-21 85976]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2014-3-21 258704]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2014-3-21 643656]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-8-3 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 Update Mega Browse;Update Mega Browse;"c:\program files\mega browse\updatemegabrowse.exe" --> c:\program files\mega browse\updateMegaBrowse.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-22 108032]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.141\McCHSvc.exe [2014-1-16 235696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-3-13 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-3-19 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-3-15 1343400]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [2014-3-4 107776]
.
=============== Created Last 30 ================
.
2014-03-29 14:13:08 -------- d-----w- c:\users\gokarna\appdata\roaming\uTorrent
2014-03-28 20:04:42 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f0354568-d455-4741-96a9-201fa625da5f}\offreg.dll
2014-03-27 06:56:05 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-26 15:45:44 7969936 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f0354568-d455-4741-96a9-201fa625da5f}\mpengine.dll
2014-03-23 01:00:36 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-03-21 14:47:36 16880 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys
2014-03-21 14:46:47 3109888 ----a-w- c:\windows\system32\drivers\athr.sys
2014-03-21 14:45:37 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-21 14:45:37 62752 ----a-w- c:\windows\system32\nvshext.dll
2014-03-21 14:45:37 4119328 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-21 14:45:37 3014432 ----a-w- c:\windows\system32\nvsvc.dll
2014-03-21 14:45:37 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2014-03-21 14:45:37 223008 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-21 14:45:11 53024 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-21 14:44:33 -------- d-----w- c:\programdata\NVIDIA Corporation
2014-03-21 14:44:28 -------- d-----w- c:\program files\NVIDIA Corporation
2014-03-21 14:44:03 8952608 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-21 14:43:59 13088000 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-03-21 14:43:58 6271872 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-21 14:43:54 20542752 ----a-w- c:\windows\system32\nvoglv32.dll
2014-03-21 14:43:49 2728736 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-21 14:43:49 15042928 ----a-w- c:\windows\system32\nvd3dum.dll
2014-03-21 14:43:46 1995552 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-21 14:43:45 7959000 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-21 14:43:42 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-21 14:43:39 2539128 ----a-w- c:\windows\system32\nvapi.dll
2014-03-21 14:43:25 892704 ----a-w- c:\windows\system32\nvdispgenco3231422.dll
2014-03-21 14:43:25 1012512 ----a-w- c:\windows\system32\nvdispco3231422.dll
2014-03-21 14:42:40 -------- d-----w- c:\program files\CONEXANT
2014-03-21 14:42:28 1293440 ----a-w- c:\windows\system32\drivers\CHDRT32.sys
2014-03-21 14:42:26 352256 ----a-w- c:\windows\system32\UCI32A80.dll
2014-03-21 14:42:24 90752 ----a-w- c:\windows\system32\FMPropPageExt.dll
2014-03-21 14:42:20 1475200 ----a-w- c:\windows\system32\CX32AP51.dll
2014-03-21 14:40:10 892704 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2014-03-21 14:40:10 28448 ----a-w- c:\windows\system32\nvhdap32.dll
2014-03-21 14:40:10 154400 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2014-03-21 14:39:47 541680 ----a-w- c:\windows\system32\drivers\iaStorA.sys
2014-03-21 14:39:47 26608 ----a-w- c:\windows\system32\drivers\iaStorF.sys
2014-03-21 14:39:06 643656 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2014-03-21 14:39:03 85064 ----a-w- c:\windows\system32\RtNicProp32.dll
2014-03-21 14:36:38 85976 ----a-w- c:\windows\system32\drivers\TeeDriver.sys
2014-03-21 14:36:38 1629040 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2014-03-21 14:36:12 258704 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2014-03-21 14:36:10 9888400 ----a-w- c:\windows\system32\RtsPStorIcon.dll
2014-03-21 14:34:04 158688 ----a-w- c:\windows\system32\drivers\btath_hcrp.sys
2014-03-21 14:32:48 27976 ----a-w- c:\windows\system32\drivers\btath_bus.sys
2014-03-21 14:31:24 496456 ----a-w- c:\windows\system32\drivers\btfilter.sys
2014-03-21 14:27:24 66448 ----a-w- c:\windows\system32\drivers\btath_lwflt.sys
2014-03-21 14:27:16 302920 ----a-w- c:\windows\system32\drivers\btath_a2dp.sys
2014-03-21 14:27:16 119624 ----a-w- c:\windows\system32\drivers\btath_rcp.sys
2014-03-21 14:27:16 101192 ----a-w- c:\windows\system32\drivers\btath_avdt.sys
2014-03-21 09:51:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-03-21 09:51:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-03-21 09:51:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-03-21 09:51:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-03-21 09:51:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2014-03-21 07:48:21 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2014-03-21 07:48:17 317440 ----a-w- c:\windows\system32\spoolsv.exe
2014-03-21 07:48:13 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-21 07:48:09 2616320 ----a-w- c:\windows\explorer.exe
2014-03-21 07:48:08 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-03-21 07:48:08 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-03-21 01:21:06 -------- d-----w- c:\windows\Migration
2014-03-21 01:10:58 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-03-21 01:10:57 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-03-21 01:02:14 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-03-20 08:31:56 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2014-03-20 08:30:58 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-03-20 08:25:20 918528 ----a-w- c:\windows\system32\rdpcorets.dll
2014-03-20 08:25:20 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-03-20 08:25:04 101720 ----a-w- c:\windows\system32\consent.exe
2014-03-20 08:25:03 47104 ----a-w- c:\windows\system32\appinfo.dll
2014-03-20 01:02:57 -------- d-----w- c:\windows\system32\SPReview
2014-03-20 01:02:32 -------- d-----w- c:\windows\system32\EventProviders
2014-03-20 01:00:39 -------- d-----w- c:\windows\system32\MRT
2014-03-19 14:16:08 1130824 ----a-w- c:\windows\system32\dfshim.dll
2014-03-19 14:16:05 53760 ----a-w- c:\windows\system32\LSCSHostPolicy.dll
2014-03-19 14:16:05 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-03-19 14:16:05 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-19 14:16:02 954752 ----a-w- c:\windows\system32\mfc40.dll
2014-03-19 14:16:02 954288 ----a-w- c:\windows\system32\mfc40u.dll
2014-03-19 14:16:02 80896 ----a-w- c:\windows\system32\RDVGHelper.exe
2014-03-19 14:16:02 120320 ----a-w- c:\windows\system32\tssrvlic.dll
2014-03-19 14:16:01 1159168 ----a-w- c:\windows\system32\sysmain.dll
2014-03-19 14:14:59 9728 ----a-w- c:\windows\system32\sscore.dll
2014-03-19 13:17:54 -------- d-----w- c:\program files\McAfee Security Scan
2014-03-16 08:04:39 -------- d-----w- c:\windows\system32\appmgmt
2014-03-16 07:58:25 -------- d-----w- c:\users\gokarna\appdata\roaming\AnySend
2014-03-16 07:58:12 -------- d-----w- c:\programdata\AnySend
2014-03-16 07:56:10 -------- d-----w- c:\users\gokarna\appdata\roaming\sweet-page
2014-03-16 07:55:39 -------- d-----w- c:\users\gokarna\appdata\roaming\systweak
2014-03-16 07:48:41 128000 ----a-w- c:\program files\uninstall information\97\4258\uninstall.exe
2014-03-16 07:35:56 -------- d-----w- c:\programdata\Guard.Mail.Ru
2014-03-16 07:34:48 -------- d-----w- c:\users\gokarna\appdata\local\Yandex
2014-03-16 07:34:45 -------- d-----w- c:\users\gokarna\appdata\roaming\Opera Software
2014-03-16 07:34:45 -------- d-----w- c:\users\gokarna\appdata\local\Opera
2014-03-16 07:34:41 -------- d-----w- c:\users\gokarna\appdata\local\Chromium
2014-03-16 07:34:38 -------- d-----w- c:\users\gokarna\appdata\roaming\Yandex
2014-03-16 07:33:53 -------- d-----w- c:\users\gokarna\appdata\roaming\PerformerSoft
2014-03-16 07:33:51 -------- d-----w- c:\users\gokarna\appdata\roaming\freegames111
2014-03-16 07:31:22 -------- d-----w- c:\users\gokarna\appdata\roaming\DRPSu
2014-03-16 07:30:39 -------- d-----w- c:\program files\Mail.Ru
2014-03-16 07:30:20 101448 ----a-w- c:\windows\system32\RTNUninst32.dll
2014-03-16 07:17:08 -------- d-----w- c:\windows\system32\wbem\framework\root\OpenHardwareMonitor
2014-03-16 07:17:08 -------- d-----w- c:\windows\system32\wbem\framework\root
2014-03-16 07:17:08 -------- d-----w- c:\windows\system32\wbem\Framework
2014-03-16 07:15:06 -------- d-----w- c:\users\gokarna\appdata\roaming\OpenCandy
2014-03-16 00:48:28 1699328 ----a-w- c:\windows\system32\esent.dll
2014-03-16 00:48:28 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2014-03-16 00:48:27 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2014-03-16 00:48:27 74240 ----a-w- c:\windows\system32\fsutil.exe
2014-03-16 00:48:27 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2014-03-16 00:48:27 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2014-03-16 00:48:27 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2014-03-16 00:48:27 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2014-03-16 00:48:23 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2014-03-16 00:48:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2014-03-16 00:48:23 219648 ----a-w- c:\windows\system32\fsquirt.exe
2014-03-15 21:36:30 -------- d-----w- c:\users\gokarna\appdata\local\Macromedia
2014-03-15 21:29:26 -------- d-----w- c:\programdata\McAfee Security Scan
2014-03-15 21:28:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-15 21:28:58 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-15 21:24:26 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-15 12:38:01 -------- d-sh--w- c:\windows\system32\%APPDATA%
2014-03-15 12:23:05 -------- d-----w- c:\users\gokarna\appdata\local\Apple Computer
2014-03-15 12:22:51 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-03-15 12:22:04 -------- d-----w- c:\program files\iPod
2014-03-15 12:22:03 -------- d-----w- c:\program files\iTunes
2014-03-15 12:02:59 -------- d-----w- c:\users\gokarna\appdata\local\Apple
2014-03-15 12:02:25 -------- d-----w- c:\program files\Bonjour
2014-03-15 11:08:15 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-03-15 11:08:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-03-15 11:06:43 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-03-15 11:06:16 -------- d-----w- c:\users\gokarna\appdata\local\Programs
2014-03-15 08:17:53 -------- d-----w- c:\users\gokarna\appdata\local\ElevatedDiagnostics
2014-03-15 07:43:38 -------- d-----w- c:\users\gokarna\appdata\local\Diagnostics
2014-03-15 07:30:05 -------- d-----w- c:\windows\system32\Wat
2014-03-15 05:35:41 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-03-15 05:35:41 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-03-15 05:35:01 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-03-15 05:35:01 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-03-15 05:35:00 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-03-15 05:35:00 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-03-15 05:35:00 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-03-15 05:35:00 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-03-15 05:35:00 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-03-15 05:33:56 5120 ----a-w- c:\windows\system32\wmi.dll
2014-03-15 05:33:56 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-03-13 07:05:11 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-03-13 07:05:08 626688 ----a-w- c:\windows\system32\usp10.dll
2014-03-13 07:05:07 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2014-03-13 07:05:07 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-03-13 07:05:07 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-03-13 07:05:03 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2014-03-13 07:04:43 376832 ----a-w- c:\windows\system32\dpnet.dll
2014-03-13 07:04:43 31232 ----a-w- c:\windows\system32\prevhost.exe
2014-03-13 07:04:43 2560 ----a-w- c:\windows\system32\dpnaddr.dll
2014-03-13 07:04:09 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2014-03-13 07:04:07 708608 ----a-w- c:\program files\common files\system\wab32.dll
2014-03-13 07:04:07 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2014-03-13 07:04:07 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2014-03-13 07:04:05 69632 ----a-w- c:\windows\system32\smss.exe
2014-03-13 07:04:05 38912 ----a-w- c:\windows\system32\csrsrv.dll
2014-03-13 07:03:10 478720 ----a-w- c:\windows\system32\timedate.cpl
2014-03-13 07:03:09 75776 ----a-w- c:\windows\system32\psisrndr.ax
2014-03-13 07:03:09 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2014-03-13 07:03:09 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2014-03-13 07:03:09 465408 ----a-w- c:\windows\system32\psisdecd.dll
2014-03-13 07:03:09 204288 ----a-w- c:\windows\system32\MSNP.ax
2014-03-13 07:03:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-03-13 07:03:08 15872 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-03-13 07:03:08 134656 ----a-w- c:\windows\system32\rdpudd.dll
2014-03-13 07:03:01 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2014-03-13 07:03:01 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2014-03-13 07:02:40 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2014-03-13 07:02:40 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2014-03-13 07:02:40 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2014-03-13 07:02:39 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-03-13 07:02:39 233472 ----a-w- c:\windows\system32\oleacc.dll
2014-03-13 07:02:28 1785344 ----a-w- c:\program files\windows journal\Journal.exe
2014-03-13 07:02:25 36864 ----a-w- c:\windows\system32\tsgqec.dll
2014-03-13 07:02:25 3217408 ----a-w- c:\windows\system32\mstscax.dll
2014-03-13 07:02:25 131584 ----a-w- c:\windows\system32\aaclient.dll
2014-03-13 07:02:11 1389568 ----a-w- c:\windows\system32\msxml6.dll
2014-03-13 07:02:10 741376 ----a-w- c:\windows\system32\inetcomm.dll
2014-03-13 07:01:12 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-03-13 07:01:10 67072 ----a-w- c:\windows\system32\packager.dll
2014-03-13 06:59:42 642048 ----a-w- c:\windows\system32\CPFilters.dll
2014-03-13 06:58:52 314880 ----a-w- c:\windows\system32\webio.dll
2014-03-13 06:57:55 1137664 ----a-w- c:\windows\system32\mfc42.dll
2014-03-13 06:57:54 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2014-03-13 06:57:50 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2014-03-13 06:57:43 123904 ----a-w- c:\windows\system32\poqexec.exe
2014-03-13 06:57:42 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-03-13 06:56:15 107520 ----a-w- c:\windows\system32\cdd.dll
2014-03-13 06:19:56 7969936 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-03-13 06:15:08 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-03-13 06:15:08 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-03-13 06:15:08 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2014-03-10 08:50:31 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-03-10 08:50:25 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-03-10 08:50:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-03-10 08:50:20 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-03-09 18:54:15 -------- d-----w- c:\users\gokarna\appdata\local\CrashDumps
2014-03-08 08:09:52 -------- d-----w- c:\users\gokarna\appdata\local\Microsoft Games
2014-03-07 18:50:13 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-07 14:08:09 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-03-04 20:42:41 -------- d-----w- c:\windows\Panther
2014-03-04 11:40:25 -------- d-----r- c:\program files\Skype
2014-03-04 11:28:40 -------- d-----w- c:\users\gokarna\appdata\local\BMExplorer
2014-03-04 11:28:35 -------- d-----w- c:\programdata\Atheros
2014-03-04 11:25:16 -------- d-----w- c:\users\gokarna\appdata\roaming\Atheros
2014-03-04 11:24:55 -------- d-----w- c:\program files\common files\Atheros
2014-03-04 11:24:49 -------- d-----w- c:\program files\Bluetooth Suite
2014-03-04 11:20:57 2231808 ----a-w- c:\windows\system32\athr.sys
2014-03-04 11:20:56 -------- d-----w- c:\program files\Qualcomm Atheros WiFi Driver Installation
2014-03-04 11:20:29 -------- d-----w- c:\programdata\Qualcomm Atheros
2014-03-04 11:15:05 6416928 ----a-w- c:\windows\system\DriveIcon.dll
2014-03-04 11:15:05 62976 ----a-w- c:\windows\system32\drivers\RTSTOR.sys
2014-03-04 11:14:22 -------- d-----w- c:\program files\Broadcom
2014-03-04 11:12:41 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2014-03-04 11:09:29 13312 ------w- c:\windows\system32\agrscoin.dll
2014-03-04 11:09:21 -------- d-----w- c:\windows\Options
2014-03-04 10:59:26 6318 ----a-w- c:\windows\Suyin.reg
2014-03-04 10:59:26 626688 ----a-w- c:\windows\Image.dll
2014-03-04 10:59:26 20480 ----a-w- c:\windows\USB_VIDEO_REG.exe
2014-03-04 10:59:26 200704 ----a-w- c:\windows\PLFSetI.exe
2014-03-04 10:59:26 1380352 ----a-w- c:\windows\Acer Crystal Eye webcam.EXE
2014-03-04 10:57:50 106496 ----a-w- c:\windows\FixUVC.exe
2014-03-04 10:57:50 -------- d-----w- c:\program files\Acer
2014-03-04 09:55:23 107776 ----a-w- c:\windows\system32\drivers\ZTEusbvoice.sys
2014-03-04 09:55:23 107776 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2014-03-04 09:55:23 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2014-03-04 09:55:23 107776 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2014-03-04 09:55:16 -------- d-----w- c:\windows\system32\SupportAppXL
2014-03-04 09:55:14 -------- d-----w- c:\program files\Beetel Connection Manager
2014-03-04 09:37:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-03-04 09:30:46 -------- d-----w- C:\Intel
2014-03-04 09:18:59 -------- d-----w- c:\users\gokarna\appdata\local\Adobe
2014-03-04 09:17:32 59904 ----a-w- c:\windows\system32\wbemdisp.tlb
2014-03-04 09:17:32 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2014-03-04 09:17:32 115016 ----a-w- c:\windows\system32\MSINET.OCX
2014-03-04 09:17:32 102912 ----a-w- c:\windows\system32\Vb6stkit.dll
2014-03-04 09:17:32 102160 ----a-w- c:\windows\system32\VB6KO.DLL
2014-03-04 09:17:31 -------- d-----w- c:\program files\lg_fwupdate
2014-03-04 09:17:27 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2014-03-04 09:17:27 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2014-03-04 09:17:27 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2014-03-04 09:17:27 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2014-03-04 09:00:29 175616 ----a-w- c:\windows\system32\unrar.dll
2014-03-04 09:00:28 839680 ----a-w- c:\windows\system32\lameACM.acm
2014-03-04 09:00:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2014-03-04 09:00:28 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2014-03-04 09:00:28 151552 ----a-w- c:\windows\system32\ac3acm.acm
2014-03-04 09:00:27 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2014-03-04 09:00:26 -------- d-----w- c:\program files\K-Lite Codec Pack
2014-03-04 08:59:19 -------- d-----w- c:\program files\Winamp Detect
2014-03-04 08:59:16 -------- d-----w- c:\program files\common files\PX Storage Engine
2014-03-04 08:39:20 -------- d-----w- c:\program files\DivX
2014-03-04 08:37:32 -------- d-----w- c:\users\gokarna\appdata\local\Mozilla
2014-03-04 08:32:51 306688 ----a-w- c:\windows\IsUninst.exe
2014-03-04 08:31:13 -------- d-----w- c:\program files\VideoLAN
2014-03-04 08:28:33 -------- d-----w- c:\users\gokarna\appdata\local\Google
2014-03-04 08:23:00 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2014-03-04 08:20:55 -------- d-----w- c:\users\gokarna\appdata\local\{32A3A4F2-B792-11D6-A78A-00B0D0150030}
2014-03-04 07:49:33 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2014-03-04 07:49:32 32592 ----a-w- c:\windows\system32\msonpmon.dll
2014-03-04 07:48:38 -------- d-----w- c:\windows\PCHEALTH
2014-03-04 07:47:38 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2014-03-04 07:47:06 -------- d-----w- c:\users\gokarna\appdata\local\Microsoft Help
2014-03-04 07:44:17 -------- d-sh--w- c:\windows\Installer
2014-03-04 07:25:54 -------- d-----w- c:\windows\system32\wbem\Performance
2014-03-04 07:19:00 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2014-03-21 01:03:49 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-03-20 01:07:41 152576 ----a-w- c:\windows\system32\msclmd.dll
2014-03-04 11:25:17 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2014-03-01 04:11:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-01 04:10:48 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:00:08 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 02:06:47 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-17 14:24:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 14:24:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 23:59:06.62 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-29 23:51:54
-----------------------------
23:51:54.915 OS Version: Windows 6.1.7601 Service Pack 1
23:51:54.915 Number of processors: 4 586 0x2A07
23:51:54.917 ComputerName: GOKARNA-PC UserName: gokarna
23:51:57.590 Initialize success
23:54:56.627 AVAST engine defs: 14032902
00:04:44.551 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
00:04:44.551 Disk 0 Vendor: ATA_____ SDM2 Size: 476940MB BusType: 11
00:04:44.691 Disk 0 MBR read successfully
00:04:44.691 Disk 0 MBR scan
00:04:44.707 Disk 0 Windows 7 default MBR code
00:04:44.722 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:04:44.722 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 279896 MB offset 206848
00:04:44.738 Disk 0 Partition - 00 0F Extended LBA 196941 MB offset 573435904
00:04:44.769 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 196940 MB offset 573437952
00:04:44.769 Disk 0 scanning sectors +976771072
00:04:44.941 Disk 0 scanning C:\Windows\system32\drivers
00:04:58.263 Service scanning
00:05:25.828 Modules scanning
00:05:33.956 Disk 0 trace - called modules:
00:05:33.971 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys halmacpi.dll iaStorA.sys
00:05:33.987 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88278288]
00:05:33.987 3 CLASSPNP.SYS[8bbb259e] -> nt!IofCallDriver -> [0x882787e0]
00:05:33.987 5 iaStorF.sys[8bdd5850] -> nt!IofCallDriver -> \Device\00000069[0x87131030]
00:05:35.516 AVAST engine scan C:\Windows
00:05:38.948 AVAST engine scan C:\Windows\system32
00:08:33.046 AVAST engine scan C:\Windows\system32\drivers
00:08:50.191 AVAST engine scan C:\Users\gokarna
00:15:40.176 File: C:\Users\gokarna\Downloads\FreeCodecPackSetup.exe **INFECTED** Win32:Malware-gen
00:15:59.444 AVAST engine scan C:\ProgramData
00:16:20.738 Scan finished successfully
00:28:09.366 Disk 0 MBR has been saved successfully to "C:\Users\gokarna\Documents\Spybot Docs\MBR.dat"
00:28:09.366 The log file has been saved successfully to "C:\Users\gokarna\Documents\Spybot Docs\aswMBR.txt"
Completed tasks however......
Hello Juliet, and thanks for your so prompt attention to my problems. I have done as you suggested below however some things were a bit different than as specified:
1. Right clicking on the rkill.exe did not respond to a right click so I used a left.
2. The scan that resulted using Spybot came up with a message saying "out of memory"
Copy and pasted are the two logs from the Farbar tool :
First notepad:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by gokarna (administrator) on GOKARNA-PC on 01-04-2014 12:19:33
Running from C:\Users\gokarna\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2011-07-12] (Nullsoft, Inc.)
HKLM\...\Run: [LGODDFU] - C:\Program Files\lg_fwupdate\fwupdate.exe [548864 2008-10-01] (BL)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [AtherosBtStack] - C:\Program Files\Bluetooth Suite\btvstack.exe [878208 2012-05-30] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files\Bluetooth Suite\athbttray.exe [696448 2012-05-30] (Atheros Commnucations)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-20] (Microsoft Corporation)
HKU\S-1-5-21-3506391524-3815322815-2224249592-1000\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-3506391524-3815322815-2224249592-1000\...\MountPoints2: {eafd7e00-a37c-11e3-814c-e614c28d7e75} - G:\AutoRun.exe
Startup: C:\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
==================== Internet (Whitelisted) ====================
Addition Notepad
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by gokarna at 2014-04-01 12:20:15
Running from C:\Users\gokarna\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
Acer Crystal Eye Webcam (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 5.0.7.1 - Suyin Optronics Corp)
Acer Crystal Eye webcam Ver:1.1.74.216 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.74.216 - Chicony Electronics Co.,Ltd.)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.4.0.140 - Atheros)
Beetel Connection Manager (HKLM\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.02 - Broadcom Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.18.51 - Conexant)
DivX Browser Plug-In (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 0.9.1 - DivXNetworks, Inc.)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - FreeCodecPack)
Google Chrome (HKCU\...\Google Chrome) (Version: 2.0.172.37 - Google Inc.)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - FreeCodecPack)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
J2SE Development Kit 5.0 Update 3 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0150030}) (Version: 1.5.0.30 - Sun Microsystems, Inc.)
J2SE Runtime Environment 5.0 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150030}) (Version: 1.5.0.30 - Sun Microsystems, Inc.)
K-Lite Codec Pack 7.8.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.8.0 - )
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 8.01.1209.01 - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
NVIDIA Control Panel 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Qualcomm Atheros)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
RICOH R5U241 / R5C847 Media Driver ver.2.04.01.00 (HKLM\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.04.01.00 - RICOH)
Skype™ 4.0 (HKLM\...\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}) (Version: 4.0.227 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
Winamp (HKLM\...\Winamp) (Version: 5.621 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Realtek (RTL8167) Net (08/20/2009 7.006.0820.2009) (HKLM\...\5C3C6E4376259861E39CB54075002B714220026C) (Version: 08/20/2009 7.006.0820.2009 - Realtek)
Windows Driver Package - Realtek Net (08/20/2009 7.006.0820.2009) (HKLM\...\CD0E34A952350DC3169BCA897106C995BFD430AE) (Version: 08/20/2009 7.006.0820.2009 - Realtek)
WPM17.8.0.3442 (HKLM\...\WPM) (Version: 17.8.0.3442 - Cherished Technololgy LIMITED) <==== ATTENTION
Yandex (HKCU\...\YandexBrowser) (Version: 30.0.1599.13014 - YANDEX)
==================== Restore Points =========================
21-03-2014 01:00:23 Windows Update
21-03-2014 09:50:19 Installed QuickTime 7
21-03-2014 12:01:10 Windows Update
21-03-2014 14:28:16 Device Driver Package Install: Qualcomm Atheros Communications Bluetooth Virtual Devices
21-03-2014 14:29:09 Device Driver Package Install: Qualcomm Atheros Communications Human Interface Devices
21-03-2014 14:30:09 Device Driver Package Install: Qualcomm Atheros Communications Sound, video and game controllers
21-03-2014 14:31:30 Device Driver Package Install: Qualcomm Atheros Communications Bluetooth Radios
21-03-2014 14:33:09 Device Driver Package Install: Qualcomm Atheros Communications System devices
21-03-2014 14:35:46 Device Driver Package Install: Qualcomm Atheros Communications Universal Serial Bus controllers
21-03-2014 14:41:48 Device Driver Package Install: NVIDIA Corporation Sound, video and game controllers
23-03-2014 01:00:20 Windows Update
26-03-2014 15:44:25 Windows Update
==================== Hosts content: ==========================
2009-07-14 05:04 - 2014-03-28 23:09 - 00450709 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {1FA538BD-E74C-4167-A98B-01ECD2C8D972} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {3CB31C28-0C5A-45AD-9A8F-8BF1D9D4CC59} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-19] (Adobe Systems Incorporated)
Task: {9FABBF89-AD1F-454E-B8B5-E46DE5B90CEB} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3506391524-3815322815-2224249592-1000
Task: {ABA54CA7-186D-413A-ACC3-C71538136C4C} - System32\Tasks\Everyday scan => Spybot
Task: {B21C0119-4D02-4951-83C7-65BCD2FA474B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files\Spybot - Search & Destroy 2\SDOnAccess.exe
Task: {C470ECAE-43A9-43C0-8BBF-A6A92B3737D5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E59163AB-34D6-4B6C-BC84-AC0F7D051FBB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {EDC315B8-4E4F-4F12-8218-A687C7DF824E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-03-21 17:45 - 2013-03-15 05:59 - 00078624 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-15 14:08 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-15 14:08 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-15 14:08 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-15 14:08 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-15 14:08 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-29 17:55 - 2014-03-29 17:55 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/01/2014 11:05:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
Error: (04/01/2014 09:45:17 AM) (Source: Application Error) (User: )
Description: Faulting application name: nvtray.exe, version: 7.17.13.1422, time stamp: 0x5142857f
Faulting module name: NvUI.dll, version: 8.17.13.1422, time stamp: 0x51427c1d
Exception code: 0xc00000fd
Fault offset: 0x00029732
Faulting process id: 0x86c
Faulting application start time: 0xnvtray.exe0
Faulting application path: nvtray.exe1
Faulting module path: nvtray.exe2
Report Id: nvtray.exe3
Error: (03/30/2014 09:36:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2106
Error: (03/30/2014 09:36:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2106
Error: (03/30/2014 09:36:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/30/2014 09:36:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1030
Error: (03/30/2014 09:36:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1030
Error: (03/30/2014 09:36:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/30/2014 01:40:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3089
Error: (03/30/2014 01:40:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3089
System errors:
=============
Error: (04/01/2014 09:44:35 AM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2
Error: (03/31/2014 03:33:56 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (03/30/2014 00:32:24 PM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2
Error: (03/29/2014 03:43:58 PM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2
Error: (03/29/2014 05:33:39 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (03/28/2014 00:10:43 PM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2
Error: (03/27/2014 04:02:02 PM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2
Error: (03/27/2014 09:56:22 AM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2
Error: (03/26/2014 06:38:15 PM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2
Error: (03/22/2014 11:15:38 PM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-04-01 12:18:45.776
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-01 11:40:53.358
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-01 11:26:33.472
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-01 11:17:29.351
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-01 10:47:19.922
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-01 10:36:09.408
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-01 10:27:36.608
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-01 10:18:25.445
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-01 10:06:43.440
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-01 09:56:47.488
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 3061.86 MB
Available physical RAM: 1795.25 MB
Total Pagefile: 6122.01 MB
Available Pagefile: 3028.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.97 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:273.34 GB) (Free:239.14 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:192.32 GB) (Free:192.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 887BD72F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=273 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=192 GB) - (Type=OF Extended)
==================== End Of Log ============================
Hoping to hear from you again soon,
Kindest regards, Wendy
Quote:
Originally Posted by
Juliet
Hi and welcome
Please download and run the following tool to help allow other programs to run.
(courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose
Run as Admin
You only need to get one of them to run, not all of them.
- rkill.exe
- rkill.com
- rkill.scr
- rkill.pif
- WiNlOgOn.exe
- uSeRiNiT.exe
***************
Please download
Farbar Recovery Scan Tool
(use correct version for your system.....
Which system am I using?)
and Tutorial
http://www.geekstogo.com/forum/topic...ery-scan-tool/
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.