Win32.Load Money and Yandex removal advice please

[wendyseana]

It is with great relief - I suspect and hope - that I have found the Malware Removal community and forums hosted by Spybot. This is my first post and although I have read up on the general before you post 'To do's and don'ts' it may yet happen that I make a mistake for which I ask your patient indulgence - I will try to do my best to learn and evolve.

So my problems are 2 :

The first is the high level threat of the title Win.32 Load Money which Spybot identifies but can only temporarily remove.

The second is the hijacking browser Yandex which, was I believe, behind a crashing of my computer about a week ago. Spybot however did not identify Yandex probably because I created a 'whitelist' after receiving my computer back from one of our town's computer service technicians with the expectation that Yandex had been removed though, as I subsequently discovered he had not, or not thoroughly enough.

As per your general instructions in 'Before you post ' I attach the DDS and aswMBR logs.

I await your response with new confidence that I have finally found the IT equivalent of an ie., a resource for my computer ailments that will not only suggest the right fix but really help me learn more about this brave new world of IT.

Yours faithfully, Wendy

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16521
Run by gokarna at 23:48:48 on 2014-03-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1911 [GMT 2:00]
.
AV: Spybot - Search and Destroy *Enabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = about:blank
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1394956558&from=cor&uid=ST9500325AS_5VEJD9L0XXXX5VEJD9L0&q={searchTerms}
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1394956558&from=cor&uid=ST9500325AS_5VEJD9L0XXXX5VEJD9L0&q={searchTerms}
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {8984B388-A5BB-4DF7-B274-77B879E179DB} - <orphaned>
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - <orphaned>
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [AtherosBtStack] "c:\program files\bluetooth suite\btvstack.exe"
mRun: [AthBtTray] "c:\program files\bluetooth suite\athbttray.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\gokarna\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.141\SSScheduler.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_03\bin\npjpi150_03.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{733E2F48-96DF-4D1F-8B3A-CF5DC96FDA40} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{733E2F48-96DF-4D1F-8B3A-CF5DC96FDA40}\14A5A554 : DHCPNameServer = 195.175.39.40 195.175.39.39 192.168.2.10
TCP: Interfaces\{733E2F48-96DF-4D1F-8B3A-CF5DC96FDA40}\742716E646028416C696360284F64756C6 : DHCPNameServer = 10.11.128.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gokarna\appdata\roaming\mozilla\firefox\profiles\hullhm7j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx browser plug-in\npdivx32.dll
FF - plugin: c:\program files\mcafee security scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2014-3-21 541680]
R0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2014-3-21 26608]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2014-3-21 16880]
R1 SDHookDriver;Hook Test Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2014-3-15 46248]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2012-5-30 97920]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-3-15 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-3-15 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-3-15 171416]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2012-5-30 327296]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2012-5-30 35968]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2014-3-21 302920]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2014-3-21 101192]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2014-3-21 27976]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2014-3-21 158688]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2014-3-21 66448]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2014-3-21 119624]
R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2014-3-21 496456]
R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\TeeDriver.sys [2014-3-21 85976]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2014-3-21 258704]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2014-3-21 643656]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-8-3 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 Update Mega Browse;Update Mega Browse;"c:\program files\mega browse\updatemegabrowse.exe" --> c:\program files\mega browse\updateMegaBrowse.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-22 108032]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.141\McCHSvc.exe [2014-1-16 235696]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-3-13 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-3-19 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-3-15 1343400]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [2014-3-4 107776]
.
=============== Created Last 30 ================
.
2014-03-29 14:13:08 -------- d-----w- c:\users\gokarna\appdata\roaming\uTorrent
2014-03-28 20:04:42 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f0354568-d455-4741-96a9-201fa625da5f}\offreg.dll
2014-03-27 06:56:05 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-26 15:45:44 7969936 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f0354568-d455-4741-96a9-201fa625da5f}\mpengine.dll
2014-03-23 01:00:36 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-03-21 14:47:36 16880 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys
2014-03-21 14:46:47 3109888 ----a-w- c:\windows\system32\drivers\athr.sys
2014-03-21 14:45:37 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-21 14:45:37 62752 ----a-w- c:\windows\system32\nvshext.dll
2014-03-21 14:45:37 4119328 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-21 14:45:37 3014432 ----a-w- c:\windows\system32\nvsvc.dll
2014-03-21 14:45:37 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2014-03-21 14:45:37 223008 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-21 14:45:11 53024 ----a-w- c:\windows\system32\OpenCL.dll
2014-03-21 14:44:33 -------- d-----w- c:\programdata\NVIDIA Corporation
2014-03-21 14:44:28 -------- d-----w- c:\program files\NVIDIA Corporation
2014-03-21 14:44:03 8952608 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-21 14:43:59 13088000 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-03-21 14:43:58 6271872 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-21 14:43:54 20542752 ----a-w- c:\windows\system32\nvoglv32.dll
2014-03-21 14:43:49 2728736 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-21 14:43:49 15042928 ----a-w- c:\windows\system32\nvd3dum.dll
2014-03-21 14:43:46 1995552 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-21 14:43:45 7959000 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-21 14:43:42 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-21 14:43:39 2539128 ----a-w- c:\windows\system32\nvapi.dll
2014-03-21 14:43:25 892704 ----a-w- c:\windows\system32\nvdispgenco3231422.dll
2014-03-21 14:43:25 1012512 ----a-w- c:\windows\system32\nvdispco3231422.dll
2014-03-21 14:42:40 -------- d-----w- c:\program files\CONEXANT
2014-03-21 14:42:28 1293440 ----a-w- c:\windows\system32\drivers\CHDRT32.sys
2014-03-21 14:42:26 352256 ----a-w- c:\windows\system32\UCI32A80.dll
2014-03-21 14:42:24 90752 ----a-w- c:\windows\system32\FMPropPageExt.dll
2014-03-21 14:42:20 1475200 ----a-w- c:\windows\system32\CX32AP51.dll
2014-03-21 14:40:10 892704 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2014-03-21 14:40:10 28448 ----a-w- c:\windows\system32\nvhdap32.dll
2014-03-21 14:40:10 154400 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2014-03-21 14:39:47 541680 ----a-w- c:\windows\system32\drivers\iaStorA.sys
2014-03-21 14:39:47 26608 ----a-w- c:\windows\system32\drivers\iaStorF.sys
2014-03-21 14:39:06 643656 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2014-03-21 14:39:03 85064 ----a-w- c:\windows\system32\RtNicProp32.dll
2014-03-21 14:36:38 85976 ----a-w- c:\windows\system32\drivers\TeeDriver.sys
2014-03-21 14:36:38 1629040 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2014-03-21 14:36:12 258704 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2014-03-21 14:36:10 9888400 ----a-w- c:\windows\system32\RtsPStorIcon.dll
2014-03-21 14:34:04 158688 ----a-w- c:\windows\system32\drivers\btath_hcrp.sys
2014-03-21 14:32:48 27976 ----a-w- c:\windows\system32\drivers\btath_bus.sys
2014-03-21 14:31:24 496456 ----a-w- c:\windows\system32\drivers\btfilter.sys
2014-03-21 14:27:24 66448 ----a-w- c:\windows\system32\drivers\btath_lwflt.sys
2014-03-21 14:27:16 302920 ----a-w- c:\windows\system32\drivers\btath_a2dp.sys
2014-03-21 14:27:16 119624 ----a-w- c:\windows\system32\drivers\btath_rcp.sys
2014-03-21 14:27:16 101192 ----a-w- c:\windows\system32\drivers\btath_avdt.sys
2014-03-21 09:51:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-03-21 09:51:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-03-21 09:51:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-03-21 09:51:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-03-21 09:51:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2014-03-21 07:48:21 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2014-03-21 07:48:17 317440 ----a-w- c:\windows\system32\spoolsv.exe
2014-03-21 07:48:13 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-21 07:48:09 2616320 ----a-w- c:\windows\explorer.exe
2014-03-21 07:48:08 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-03-21 07:48:08 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-03-21 01:21:06 -------- d-----w- c:\windows\Migration
2014-03-21 01:10:58 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-03-21 01:10:57 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-03-21 01:02:14 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-03-20 08:31:56 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2014-03-20 08:30:58 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-03-20 08:25:20 918528 ----a-w- c:\windows\system32\rdpcorets.dll
2014-03-20 08:25:20 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-03-20 08:25:04 101720 ----a-w- c:\windows\system32\consent.exe
2014-03-20 08:25:03 47104 ----a-w- c:\windows\system32\appinfo.dll
2014-03-20 01:02:57 -------- d-----w- c:\windows\system32\SPReview
2014-03-20 01:02:32 -------- d-----w- c:\windows\system32\EventProviders
2014-03-20 01:00:39 -------- d-----w- c:\windows\system32\MRT
2014-03-19 14:16:08 1130824 ----a-w- c:\windows\system32\dfshim.dll
2014-03-19 14:16:05 53760 ----a-w- c:\windows\system32\LSCSHostPolicy.dll
2014-03-19 14:16:05 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-03-19 14:16:05 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-19 14:16:02 954752 ----a-w- c:\windows\system32\mfc40.dll
2014-03-19 14:16:02 954288 ----a-w- c:\windows\system32\mfc40u.dll
2014-03-19 14:16:02 80896 ----a-w- c:\windows\system32\RDVGHelper.exe
2014-03-19 14:16:02 120320 ----a-w- c:\windows\system32\tssrvlic.dll
2014-03-19 14:16:01 1159168 ----a-w- c:\windows\system32\sysmain.dll
2014-03-19 14:14:59 9728 ----a-w- c:\windows\system32\sscore.dll
2014-03-19 13:17:54 -------- d-----w- c:\program files\McAfee Security Scan
2014-03-16 08:04:39 -------- d-----w- c:\windows\system32\appmgmt
2014-03-16 07:58:25 -------- d-----w- c:\users\gokarna\appdata\roaming\AnySend
2014-03-16 07:58:12 -------- d-----w- c:\programdata\AnySend
2014-03-16 07:56:10 -------- d-----w- c:\users\gokarna\appdata\roaming\sweet-page
2014-03-16 07:55:39 -------- d-----w- c:\users\gokarna\appdata\roaming\systweak
2014-03-16 07:48:41 128000 ----a-w- c:\program files\uninstall information\97\4258\uninstall.exe
2014-03-16 07:35:56 -------- d-----w- c:\programdata\Guard.Mail.Ru
2014-03-16 07:34:48 -------- d-----w- c:\users\gokarna\appdata\local\Yandex
2014-03-16 07:34:45 -------- d-----w- c:\users\gokarna\appdata\roaming\Opera Software
2014-03-16 07:34:45 -------- d-----w- c:\users\gokarna\appdata\local\Opera
2014-03-16 07:34:41 -------- d-----w- c:\users\gokarna\appdata\local\Chromium
2014-03-16 07:34:38 -------- d-----w- c:\users\gokarna\appdata\roaming\Yandex
2014-03-16 07:33:53 -------- d-----w- c:\users\gokarna\appdata\roaming\PerformerSoft
2014-03-16 07:33:51 -------- d-----w- c:\users\gokarna\appdata\roaming\freegames111
2014-03-16 07:31:22 -------- d-----w- c:\users\gokarna\appdata\roaming\DRPSu
2014-03-16 07:30:39 -------- d-----w- c:\program files\Mail.Ru
2014-03-16 07:30:20 101448 ----a-w- c:\windows\system32\RTNUninst32.dll
2014-03-16 07:17:08 -------- d-----w- c:\windows\system32\wbem\framework\root\OpenHardwareMonitor
2014-03-16 07:17:08 -------- d-----w- c:\windows\system32\wbem\framework\root
2014-03-16 07:17:08 -------- d-----w- c:\windows\system32\wbem\Framework
2014-03-16 07:15:06 -------- d-----w- c:\users\gokarna\appdata\roaming\OpenCandy
2014-03-16 00:48:28 1699328 ----a-w- c:\windows\system32\esent.dll
2014-03-16 00:48:28 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2014-03-16 00:48:27 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2014-03-16 00:48:27 74240 ----a-w- c:\windows\system32\fsutil.exe
2014-03-16 00:48:27 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2014-03-16 00:48:27 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2014-03-16 00:48:27 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2014-03-16 00:48:27 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2014-03-16 00:48:23 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2014-03-16 00:48:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2014-03-16 00:48:23 219648 ----a-w- c:\windows\system32\fsquirt.exe
2014-03-15 21:36:30 -------- d-----w- c:\users\gokarna\appdata\local\Macromedia
2014-03-15 21:29:26 -------- d-----w- c:\programdata\McAfee Security Scan
2014-03-15 21:28:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-15 21:28:58 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-15 21:24:26 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-15 12:38:01 -------- d-sh--w- c:\windows\system32\%APPDATA%
2014-03-15 12:23:05 -------- d-----w- c:\users\gokarna\appdata\local\Apple Computer
2014-03-15 12:22:51 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-03-15 12:22:04 -------- d-----w- c:\program files\iPod
2014-03-15 12:22:03 -------- d-----w- c:\program files\iTunes
2014-03-15 12:02:59 -------- d-----w- c:\users\gokarna\appdata\local\Apple
2014-03-15 12:02:25 -------- d-----w- c:\program files\Bonjour
2014-03-15 11:08:15 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-03-15 11:08:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-03-15 11:06:43 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-03-15 11:06:16 -------- d-----w- c:\users\gokarna\appdata\local\Programs
2014-03-15 08:17:53 -------- d-----w- c:\users\gokarna\appdata\local\ElevatedDiagnostics
2014-03-15 07:43:38 -------- d-----w- c:\users\gokarna\appdata\local\Diagnostics
2014-03-15 07:30:05 -------- d-----w- c:\windows\system32\Wat
2014-03-15 05:35:41 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-03-15 05:35:41 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-03-15 05:35:01 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-03-15 05:35:01 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-03-15 05:35:00 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-03-15 05:35:00 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-03-15 05:35:00 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-03-15 05:35:00 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-03-15 05:35:00 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-03-15 05:33:56 5120 ----a-w- c:\windows\system32\wmi.dll
2014-03-15 05:33:56 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-03-13 07:05:11 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-03-13 07:05:08 626688 ----a-w- c:\windows\system32\usp10.dll
2014-03-13 07:05:07 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2014-03-13 07:05:07 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-03-13 07:05:07 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-03-13 07:05:03 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2014-03-13 07:04:43 376832 ----a-w- c:\windows\system32\dpnet.dll
2014-03-13 07:04:43 31232 ----a-w- c:\windows\system32\prevhost.exe
2014-03-13 07:04:43 2560 ----a-w- c:\windows\system32\dpnaddr.dll
2014-03-13 07:04:09 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2014-03-13 07:04:07 708608 ----a-w- c:\program files\common files\system\wab32.dll
2014-03-13 07:04:07 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2014-03-13 07:04:07 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2014-03-13 07:04:05 69632 ----a-w- c:\windows\system32\smss.exe
2014-03-13 07:04:05 38912 ----a-w- c:\windows\system32\csrsrv.dll
2014-03-13 07:03:10 478720 ----a-w- c:\windows\system32\timedate.cpl
2014-03-13 07:03:09 75776 ----a-w- c:\windows\system32\psisrndr.ax
2014-03-13 07:03:09 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2014-03-13 07:03:09 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2014-03-13 07:03:09 465408 ----a-w- c:\windows\system32\psisdecd.dll
2014-03-13 07:03:09 204288 ----a-w- c:\windows\system32\MSNP.ax
2014-03-13 07:03:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-03-13 07:03:08 15872 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-03-13 07:03:08 134656 ----a-w- c:\windows\system32\rdpudd.dll
2014-03-13 07:03:01 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2014-03-13 07:03:01 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2014-03-13 07:02:40 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2014-03-13 07:02:40 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2014-03-13 07:02:40 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2014-03-13 07:02:39 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-03-13 07:02:39 233472 ----a-w- c:\windows\system32\oleacc.dll
2014-03-13 07:02:28 1785344 ----a-w- c:\program files\windows journal\Journal.exe
2014-03-13 07:02:25 36864 ----a-w- c:\windows\system32\tsgqec.dll
2014-03-13 07:02:25 3217408 ----a-w- c:\windows\system32\mstscax.dll
2014-03-13 07:02:25 131584 ----a-w- c:\windows\system32\aaclient.dll
2014-03-13 07:02:11 1389568 ----a-w- c:\windows\system32\msxml6.dll
2014-03-13 07:02:10 741376 ----a-w- c:\windows\system32\inetcomm.dll
2014-03-13 07:01:12 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-03-13 07:01:10 67072 ----a-w- c:\windows\system32\packager.dll
2014-03-13 06:59:42 642048 ----a-w- c:\windows\system32\CPFilters.dll
2014-03-13 06:58:52 314880 ----a-w- c:\windows\system32\webio.dll
2014-03-13 06:57:55 1137664 ----a-w- c:\windows\system32\mfc42.dll
2014-03-13 06:57:54 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2014-03-13 06:57:50 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2014-03-13 06:57:43 123904 ----a-w- c:\windows\system32\poqexec.exe
2014-03-13 06:57:42 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-03-13 06:56:15 107520 ----a-w- c:\windows\system32\cdd.dll
2014-03-13 06:19:56 7969936 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-03-13 06:15:08 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-03-13 06:15:08 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-03-13 06:15:08 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2014-03-10 08:50:31 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-03-10 08:50:25 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-03-10 08:50:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-03-10 08:50:20 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-03-09 18:54:15 -------- d-----w- c:\users\gokarna\appdata\local\CrashDumps
2014-03-08 08:09:52 -------- d-----w- c:\users\gokarna\appdata\local\Microsoft Games
2014-03-07 18:50:13 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-07 14:08:09 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-03-04 20:42:41 -------- d-----w- c:\windows\Panther
2014-03-04 11:40:25 -------- d-----r- c:\program files\Skype
2014-03-04 11:28:40 -------- d-----w- c:\users\gokarna\appdata\local\BMExplorer
2014-03-04 11:28:35 -------- d-----w- c:\programdata\Atheros
2014-03-04 11:25:16 -------- d-----w- c:\users\gokarna\appdata\roaming\Atheros
2014-03-04 11:24:55 -------- d-----w- c:\program files\common files\Atheros
2014-03-04 11:24:49 -------- d-----w- c:\program files\Bluetooth Suite
2014-03-04 11:20:57 2231808 ----a-w- c:\windows\system32\athr.sys
2014-03-04 11:20:56 -------- d-----w- c:\program files\Qualcomm Atheros WiFi Driver Installation
2014-03-04 11:20:29 -------- d-----w- c:\programdata\Qualcomm Atheros
2014-03-04 11:15:05 6416928 ----a-w- c:\windows\system\DriveIcon.dll
2014-03-04 11:15:05 62976 ----a-w- c:\windows\system32\drivers\RTSTOR.sys
2014-03-04 11:14:22 -------- d-----w- c:\program files\Broadcom
2014-03-04 11:12:41 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2014-03-04 11:09:29 13312 ------w- c:\windows\system32\agrscoin.dll
2014-03-04 11:09:21 -------- d-----w- c:\windows\Options
2014-03-04 10:59:26 6318 ----a-w- c:\windows\Suyin.reg
2014-03-04 10:59:26 626688 ----a-w- c:\windows\Image.dll
2014-03-04 10:59:26 20480 ----a-w- c:\windows\USB_VIDEO_REG.exe
2014-03-04 10:59:26 200704 ----a-w- c:\windows\PLFSetI.exe
2014-03-04 10:59:26 1380352 ----a-w- c:\windows\Acer Crystal Eye webcam.EXE
2014-03-04 10:57:50 106496 ----a-w- c:\windows\FixUVC.exe
2014-03-04 10:57:50 -------- d-----w- c:\program files\Acer
2014-03-04 09:55:23 107776 ----a-w- c:\windows\system32\drivers\ZTEusbvoice.sys
2014-03-04 09:55:23 107776 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2014-03-04 09:55:23 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2014-03-04 09:55:23 107776 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2014-03-04 09:55:16 -------- d-----w- c:\windows\system32\SupportAppXL
2014-03-04 09:55:14 -------- d-----w- c:\program files\Beetel Connection Manager
2014-03-04 09:37:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-03-04 09:30:46 -------- d-----w- C:\Intel
2014-03-04 09:18:59 -------- d-----w- c:\users\gokarna\appdata\local\Adobe
2014-03-04 09:17:32 59904 ----a-w- c:\windows\system32\wbemdisp.tlb
2014-03-04 09:17:32 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2014-03-04 09:17:32 115016 ----a-w- c:\windows\system32\MSINET.OCX
2014-03-04 09:17:32 102912 ----a-w- c:\windows\system32\Vb6stkit.dll
2014-03-04 09:17:32 102160 ----a-w- c:\windows\system32\VB6KO.DLL
2014-03-04 09:17:31 -------- d-----w- c:\program files\lg_fwupdate
2014-03-04 09:17:27 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2014-03-04 09:17:27 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2014-03-04 09:17:27 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2014-03-04 09:17:27 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2014-03-04 09:00:29 175616 ----a-w- c:\windows\system32\unrar.dll
2014-03-04 09:00:28 839680 ----a-w- c:\windows\system32\lameACM.acm
2014-03-04 09:00:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2014-03-04 09:00:28 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2014-03-04 09:00:28 151552 ----a-w- c:\windows\system32\ac3acm.acm
2014-03-04 09:00:27 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2014-03-04 09:00:26 -------- d-----w- c:\program files\K-Lite Codec Pack
2014-03-04 08:59:19 -------- d-----w- c:\program files\Winamp Detect
2014-03-04 08:59:16 -------- d-----w- c:\program files\common files\PX Storage Engine
2014-03-04 08:39:20 -------- d-----w- c:\program files\DivX
2014-03-04 08:37:32 -------- d-----w- c:\users\gokarna\appdata\local\Mozilla
2014-03-04 08:32:51 306688 ----a-w- c:\windows\IsUninst.exe
2014-03-04 08:31:13 -------- d-----w- c:\program files\VideoLAN
2014-03-04 08:28:33 -------- d-----w- c:\users\gokarna\appdata\local\Google
2014-03-04 08:23:00 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2014-03-04 08:20:55 -------- d-----w- c:\users\gokarna\appdata\local\{32A3A4F2-B792-11D6-A78A-00B0D0150030}
2014-03-04 07:49:33 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2014-03-04 07:49:32 32592 ----a-w- c:\windows\system32\msonpmon.dll
2014-03-04 07:48:38 -------- d-----w- c:\windows\PCHEALTH
2014-03-04 07:47:38 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2014-03-04 07:47:06 -------- d-----w- c:\users\gokarna\appdata\local\Microsoft Help
2014-03-04 07:44:17 -------- d-sh--w- c:\windows\Installer
2014-03-04 07:25:54 -------- d-----w- c:\windows\system32\wbem\Performance
2014-03-04 07:19:00 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2014-03-21 01:03:49 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-03-20 01:07:41 152576 ----a-w- c:\windows\system32\msclmd.dll
2014-03-04 11:25:17 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2014-03-01 04:11:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-01 04:10:48 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 03:52:43 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 03:38:23 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 03:37:35 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 03:31:30 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 03:14:15 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:00:08 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 02:06:47 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-17 14:24:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-01-17 14:24:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 23:59:06.62 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-29 23:51:54
-----------------------------
23:51:54.915 OS Version: Windows 6.1.7601 Service Pack 1
23:51:54.915 Number of processors: 4 586 0x2A07
23:51:54.917 ComputerName: GOKARNA-PC UserName: gokarna
23:51:57.590 Initialize success
23:54:56.627 AVAST engine defs: 14032902
00:04:44.551 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
00:04:44.551 Disk 0 Vendor: ATA_____ SDM2 Size: 476940MB BusType: 11
00:04:44.691 Disk 0 MBR read successfully
00:04:44.691 Disk 0 MBR scan
00:04:44.707 Disk 0 Windows 7 default MBR code
00:04:44.722 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:04:44.722 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 279896 MB offset 206848
00:04:44.738 Disk 0 Partition - 00 0F Extended LBA 196941 MB offset 573435904
00:04:44.769 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 196940 MB offset 573437952
00:04:44.769 Disk 0 scanning sectors +976771072
00:04:44.941 Disk 0 scanning C:\Windows\system32\drivers
00:04:58.263 Service scanning
00:05:25.828 Modules scanning
00:05:33.956 Disk 0 trace - called modules:
00:05:33.971 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys halmacpi.dll iaStorA.sys
00:05:33.987 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88278288]
00:05:33.987 3 CLASSPNP.SYS[8bbb259e] -> nt!IofCallDriver -> [0x882787e0]
00:05:33.987 5 iaStorF.sys[8bdd5850] -> nt!IofCallDriver -> \Device\00000069[0x87131030]
00:05:35.516 AVAST engine scan C:\Windows
00:05:38.948 AVAST engine scan C:\Windows\system32
00:08:33.046 AVAST engine scan C:\Windows\system32\drivers
00:08:50.191 AVAST engine scan C:\Users\gokarna
00:15:40.176 File: C:\Users\gokarna\Downloads\FreeCodecPackSetup.exe **INFECTED** Win32:Malware-gen
00:15:59.444 AVAST engine scan C:\ProgramData
00:16:20.738 Scan finished successfully
00:28:09.366 Disk 0 MBR has been saved successfully to "C:\Users\gokarna\Documents\Spybot Docs\MBR.dat"
00:28:09.366 The log file has been saved successfully to "C:\Users\gokarna\Documents\Spybot Docs\aswMBR.txt"

[Juliet]

Hi and welcome


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

1. rkill.exe
2. rkill.com
3. rkill.scr
4. rkill.pif
5. WiNlOgOn.exe
6. uSeRiNiT.exe

***************

Please download Farbar Recovery Scan Tool

(use correct version for your system.....Which system am I using?)
and Tutorial http://www.geekstogo.com/forum/topic...ery-scan-tool/



Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[wendyseana]

Hello Juliet, and thanks for your so prompt attention to my problems. I have done as you suggested below however some things were a bit different than as specified:

1. Right clicking on the rkill.exe did not respond to a right click so I used a left.

2. The scan that resulted using Spybot came up with a message saying "out of memory"

Copy and pasted are the two logs from the Farbar tool :

First notepad:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by gokarna (administrator) on GOKARNA-PC on 01-04-2014 12:19:33
Running from C:\Users\gokarna\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2011-07-12] (Nullsoft, Inc.)
HKLM\...\Run: [LGODDFU] - C:\Program Files\lg_fwupdate\fwupdate.exe [548864 2008-10-01] (BL)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [AtherosBtStack] - C:\Program Files\Bluetooth Suite\btvstack.exe [878208 2012-05-30] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files\Bluetooth Suite\athbttray.exe [696448 2012-05-30] (Atheros Commnucations)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2014-03-20] (Microsoft Corporation)
HKU\S-1-5-21-3506391524-3815322815-2224249592-1000\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-3506391524-3815322815-2224249592-1000\...\MountPoints2: {eafd7e00-a37c-11e3-814c-e614c28d7e75} - G:\AutoRun.exe
Startup: C:\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()

==================== Internet (Whitelisted) ====================


Addition Notepad

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by gokarna at 2014-04-01 12:20:15
Running from C:\Users\gokarna\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

Acer Crystal Eye Webcam (HKLM\...\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}) (Version: 5.0.7.1 - Suyin Optronics Corp)
Acer Crystal Eye webcam Ver:1.1.74.216 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.74.216 - Chicony Electronics Co.,Ltd.)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.4.0.140 - Atheros)
Beetel Connection Manager (HKLM\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.02 - Broadcom Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.18.51 - Conexant)
DivX Browser Plug-In (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 0.9.1 - DivXNetworks, Inc.)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - FreeCodecPack)
Google Chrome (HKCU\...\Google Chrome) (Version: 2.0.172.37 - Google Inc.)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - FreeCodecPack)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
J2SE Development Kit 5.0 Update 3 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0150030}) (Version: 1.5.0.30 - Sun Microsystems, Inc.)
J2SE Runtime Environment 5.0 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150030}) (Version: 1.5.0.30 - Sun Microsystems, Inc.)
K-Lite Codec Pack 7.8.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.8.0 - )
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 8.01.1209.01 - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
NVIDIA Control Panel 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Qualcomm Atheros)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
RICOH R5U241 / R5C847 Media Driver ver.2.04.01.00 (HKLM\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.04.01.00 - RICOH)
Skype™ 4.0 (HKLM\...\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}) (Version: 4.0.227 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
Winamp (HKLM\...\Winamp) (Version: 5.621 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Realtek (RTL8167) Net (08/20/2009 7.006.0820.2009) (HKLM\...\5C3C6E4376259861E39CB54075002B714220026C) (Version: 08/20/2009 7.006.0820.2009 - Realtek)
Windows Driver Package - Realtek Net (08/20/2009 7.006.0820.2009) (HKLM\...\CD0E34A952350DC3169BCA897106C995BFD430AE) (Version: 08/20/2009 7.006.0820.2009 - Realtek)
WPM17.8.0.3442 (HKLM\...\WPM) (Version: 17.8.0.3442 - Cherished Technololgy LIMITED) <==== ATTENTION
Yandex (HKCU\...\YandexBrowser) (Version: 30.0.1599.13014 - YANDEX)

==================== Restore Points =========================

21-03-2014 01:00:23 Windows Update
21-03-2014 09:50:19 Installed QuickTime 7
21-03-2014 12:01:10 Windows Update
21-03-2014 14:28:16 Device Driver Package Install: Qualcomm Atheros Communications Bluetooth Virtual Devices
21-03-2014 14:29:09 Device Driver Package Install: Qualcomm Atheros Communications Human Interface Devices
21-03-2014 14:30:09 Device Driver Package Install: Qualcomm Atheros Communications Sound, video and game controllers
21-03-2014 14:31:30 Device Driver Package Install: Qualcomm Atheros Communications Bluetooth Radios
21-03-2014 14:33:09 Device Driver Package Install: Qualcomm Atheros Communications System devices
21-03-2014 14:35:46 Device Driver Package Install: Qualcomm Atheros Communications Universal Serial Bus controllers
21-03-2014 14:41:48 Device Driver Package Install: NVIDIA Corporation Sound, video and game controllers
23-03-2014 01:00:20 Windows Update
26-03-2014 15:44:25 Windows Update

==================== Hosts content: ==========================

2009-07-14 05:04 - 2014-03-28 23:09 - 00450709 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1FA538BD-E74C-4167-A98B-01ECD2C8D972} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {3CB31C28-0C5A-45AD-9A8F-8BF1D9D4CC59} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-19] (Adobe Systems Incorporated)
Task: {9FABBF89-AD1F-454E-B8B5-E46DE5B90CEB} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3506391524-3815322815-2224249592-1000
Task: {ABA54CA7-186D-413A-ACC3-C71538136C4C} - System32\Tasks\Everyday scan => Spybot
Task: {B21C0119-4D02-4951-83C7-65BCD2FA474B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files\Spybot - Search &amp; Destroy 2\SDOnAccess.exe
Task: {C470ECAE-43A9-43C0-8BBF-A6A92B3737D5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E59163AB-34D6-4B6C-BC84-AC0F7D051FBB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {EDC315B8-4E4F-4F12-8218-A687C7DF824E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-21 17:45 - 2013-03-15 05:59 - 00078624 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-15 14:08 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-15 14:08 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-15 14:08 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-15 14:08 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-15 14:08 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-29 17:55 - 2014-03-29 17:55 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2014 11:05:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/01/2014 09:45:17 AM) (Source: Application Error) (User: )
Description: Faulting application name: nvtray.exe, version: 7.17.13.1422, time stamp: 0x5142857f
Faulting module name: NvUI.dll, version: 8.17.13.1422, time stamp: 0x51427c1d
Exception code: 0xc00000fd
Fault offset: 0x00029732
Faulting process id: 0x86c
Faulting application start time: 0xnvtray.exe0
Faulting application path: nvtray.exe1
Faulting module path: nvtray.exe2
Report Id: nvtray.exe3

Error: (03/30/2014 09:36:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2106

Error: (03/30/2014 09:36:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2106

Error: (03/30/2014 09:36:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/30/2014 09:36:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1030

Error: (03/30/2014 09:36:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1030

Error: (03/30/2014 09:36:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/30/2014 01:40:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3089

Error: (03/30/2014 01:40:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3089


System errors:
=============
Error: (04/01/2014 09:44:35 AM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2

Error: (03/31/2014 03:33:56 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/30/2014 00:32:24 PM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2

Error: (03/29/2014 03:43:58 PM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2

Error: (03/29/2014 05:33:39 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/28/2014 00:10:43 PM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2

Error: (03/27/2014 04:02:02 PM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2

Error: (03/27/2014 09:56:22 AM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2

Error: (03/26/2014 06:38:15 PM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2

Error: (03/22/2014 11:15:38 PM) (Source: Service Control Manager) (User: )
Description: The Update Mega Browse service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-04-01 12:18:45.776
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-01 11:40:53.358
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-01 11:26:33.472
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-01 11:17:29.351
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-01 10:47:19.922
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-01 10:36:09.408
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-01 10:27:36.608
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-01 10:18:25.445
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-01 10:06:43.440
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-04-01 09:56:47.488
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 3061.86 MB
Available physical RAM: 1795.25 MB
Total Pagefile: 6122.01 MB
Available Pagefile: 3028.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.97 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:273.34 GB) (Free:239.14 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:192.32 GB) (Free:192.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 887BD72F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=273 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=192 GB) - (Type=OF Extended)

==================== End Of Log ============================

Hoping to hear from you again soon,

Kindest regards, Wendy

Hi and welcome


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

1. rkill.exe
2. rkill.com
3. rkill.scr
4. rkill.pif
5. WiNlOgOn.exe
6. uSeRiNiT.exe

***************

Please download Farbar Recovery Scan Tool

(use correct version for your system.....Which system am I using?)
and Tutorial http://www.geekstogo.com/forum/topic...ery-scan-tool/



Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[Juliet]

What antivirus software do you have on the computer?

Please download Malwarebytes Anti-Malware to your desktop
(If uninstalling and doing a reinstall the link is below)
http://www.bleepingcomputer.com/down...-anti-malware/
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits




Go back to the Dashboard and select Scan Now





If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.






On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop.

Please Post this log

**********************

please download Shortcut Cleaner from the following web page and save it to your Windows desktop.

Shortcut Cleaner Download Link - http://www.bleepingcomputer.com/down...rtcut-cleaner/

Once the file is downloaded, double-click on the ss-cleaner.exe file that should now be on your desktop.

If you are using Windows Vista, 7, or 8 you will need to allow it to run when the prompt appears.

Shortcut Cleaner will now start and scan your computer for hijacked Windows shortcuts and if any are found it will automatically clean them for you.

When it is done, it will show you a log that contains a list of shortcuts that were cleaned.
When you have finished reviewing the log file, please close it and continue with the rest of the steps.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We now need to reset the home page for Internet Explorer, Firefox, Chrome, and any other browsers you may have installed. Please perform the following steps for each of the installed browsers.

Internet Explorer - Internet Explorer should already be reset. If not, then open IE and click on the Tools menu and then select Internet Options. On the General tab, change your home page to your desired home page and then close the options screen.

Firefox- To reset Firefox click on the Tools menu and then select Option. When the settings screen opens, click on the General tab and change your home page to your desired site.

Chrome - To reset Chome click on the menu button (Chrome Menu). When the menu appears, click on the Settings menu option. When the Settings screen opens, click on the Set Pages link under the On Startup category to specify the pages that should start automatically when Chrome opens.


As many malware and unwanted programs are installed through vulnerabilities found in out-dated and insecure programs, it is strongly suggested that you use Secunia PSI to scan for vulnerable programs on your computer. A tutorial on how to use Secunia PSI to scan for vulnerable programs can be found here:
How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)
http://www.bleepingcomputer.com/tuto...h-secunia-psi/

[wendyseana]

Hi Juliet, At the moment I don't run any antivirus software beyond Windows defender and Spybot SandD - which I think is not what you mean by antivirus - right ? I used to have a VAIO ie. Sony system in place but when my computer crashed in India in February the technician I consulted completely cleaned it out and reinstalled Windows 7 but not anything from VAIO.

Here is the antiwalware log you requested:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/2/2014
Scan Time: 8:09:29 PM
Logfile: anti malware log.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.02.05
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: gokarna

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 249405
Time Elapsed: 11 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

I have also done the shortcut cleaner download and run it. I enclose its results below although I know you didn't ask for it.


I appreciate your help very much, thanks again, Wendy

[wendyseana]

Hi Juliet,
Just a query about Yandex as it is till on my computer and seems determined to stay and it did look as if it was responsible for the computer crash I mentioned in my last post which occured in India in February, when everything was cleaned out and Windows 7 was reinstalledut none of the Sony/VAIO protection, enhancement and managment software. Were the things you got me to do involved in trying to remove it ?

Thanks again, Wendy

[Juliet]

You need an antivirus software on your computer or you'll soon be reinfected.

Secure My Computer: A Layered Approach


Free Antivirus-AntiSpyware-Firewall Software

~~~~~~~~~~~~~

AdwCleaner by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open windows and browsers.

• Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  
  *****
  
  
  
• Click the Scan button and wait for the scan to finish.

• After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please don't delete anything at this time.
• Click the Report button to get the log
• Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
• Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
• NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

****************


Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Please post these 2 logs when finished.

[Juliet]

Please use the reply to thread button, it will make it easier to read.

After you finish the above scans mentioned please do this:


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
Yandex (HKCU\...\YandexBrowser) (Version: 30.0.1599.13014 - YANDEX)
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

[Juliet]

Still need help?

[wendyseana]

Still need help?

Hello Juliet,

I have followed your instructions to the point of c and p the anti Adware log :

# AdwCleaner v3.023 - Report created 05/04/2014 at 21:53:30
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : gokarna - GOKARNA-PC
# Running from : C:\Users\gokarna\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\.autoreg
File Found : C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\user.js
Folder Found : C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found C:\Program Files\Mail.Ru
Folder Found C:\Users\gokarna\AppData\Local\Temp\Mega Browse
Folder Found C:\Users\gokarna\AppData\Local\Yandex
Folder Found C:\Users\gokarna\AppData\LocalLow\Yandex
Folder Found C:\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex
Folder Found C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\Yandex
Folder Found C:\Users\gokarna\AppData\Roaming\PerformerSoft
Folder Found C:\Users\gokarna\AppData\Roaming\Systweak
Folder Found C:\Users\gokarna\AppData\Roaming\Yandex

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Key Found : HKLM\Software\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.sweet-page.com/web/?type=ds&ts=1394956558&from=cor&uid=ST9500325AS_5VEJD9L0XXXX5VEJD9L0&q={searchTerms}

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\gokarna\AppData\Roaming\Mozilla\Firefox\Profiles\hullhm7j.default\prefs.js ]

Line Found : user_pref("extensions.vb@yandex.ru.description", "Keep all your favorite sites in one place with Visual Bookmarks. Simply click on one of the mini-webpages to visit a site. You can customize the numbe[...]

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\gokarna\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3070 octets] - [05/04/2014 21:53:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3130 octets] ##########



Now turning to the second part of your recommendations re : anti- junkware

Stay tuned for second report log,

Salute, Wendy