PDA

View Full Version : Help remove popup movie



Ghostryan
2014-06-26, 10:34
Ran spy bot a chose to fix all,seem to ok but said 5 threats unable to fix. These DDS and aswMBR logs are from 2nd scan. aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-06-25 18:18:28
-----------------------------
18:18:28.134 OS Version: Windows x64 6.1.7601 Service Pack 1
18:18:28.134 Number of processors: 2 586 0x200
18:18:28.136 ComputerName: GHOSTRYAN-PC UserName: Ghostryan
18:18:29.969 Initialize success
18:18:29.970 VM: initialized successfully
18:18:30.043 VM: Amd CPU supported
18:18:33.450 VM: disk I/O atapi.sys
18:19:16.232 The log file has been saved successfully to "C:\Users\Ghostryan\Documents\tex\F up Prosseses\aswMBR.txt" DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.55.2
Run by Ghostryan at 18:05:31 on 2014-06-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3576.1045 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\FOLDER~1\FGKey64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
svchost.exe
C:\PROGRAM FILES (X86)\QWEST 11N WIRELESS WPS TOOL\WPSCENTERV.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\explorer.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Windows Media Player\wmprph.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\Dwm.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
uDefault_Page_URL = hxxp://emachines.msn.com
mStart Page = hxxp://search.coupons.com/
uURLSearchHooks: {327f75ed-061b-4339-8cc6-5dd45ad1396d} - <orphaned>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Social Privacy: {91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} - C:\Program Files (x86)\Social Privacy\sp.dll
BHO: Ads Removal: {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: {c585d593-e7f4-4852-a200-561686ee02e4} - <orphaned>
uRun: [Google Update] "C:\Users\Ghostryan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [reresdfj] "C:\Users\Ghostryan\AppData\Local\idvocpfp.exe"
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [dcbjeutu] "C:\Users\Ghostryan\AppData\Local\dljutjde.exe"
mRun: [BCSSync] "c:\program files (x86)\microsoft office\office14\bcssync.exe" /delayservices
mRun: [EKIJ5000StatusMonitor] C:\Windows\System32\SPOOL\DRIVERS\X64\3\EKIJ5000MUI.EXE
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
dRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /Manual
dRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
StartupFolder: C:\Users\GHOSTR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutoRun = dword:67042867
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.5.1.0.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.fcd.maricopa.gov/Maps/gismaps/plugin/mgaxctrl6.5.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.126.206.18,184.173.169.186
TCP: NameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{1D0ACB32-9330-4A1C-B2A7-8AA8ACC492CA} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{1D0ACB32-9330-4A1C-B2A7-8AA8ACC492CA} : DHCPNameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{E9B3D5B2-A38A-46A9-8A75-8091E88179A5} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{E9B3D5B2-A38A-46A9-8A75-8091E88179A5} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E9B3D5B2-A38A-46A9-8A75-8091E88179A5}\1444D494E4D20534F5E4564777F627B6 : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{E9B3D5B2-A38A-46A9-8A75-8091E88179A5}\D697177756374713830373 : DHCPNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: ActionCenterDownloader.exe - C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO: Boost.exe - C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO: COMScore.exe - C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO: GameBooster.exe - C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO: GameConsole-wt.exe - C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=foxtab&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0DtAtC0EtD0AtDtBtBtDtN0D0Tzu0SyEzyzytN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1L1C1F1G1H1B1QtDyE&cr=891733045&ir=
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-IFEO: ActionCenterDownloader.exe - C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
x64-IFEO: Boost.exe - C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
x64-IFEO: COMScore.exe - C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
x64-IFEO: GameBooster.exe - C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
x64-IFEO: GameConsole-wt.exe - C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoReactivator.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-2-1 21184]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2014-1-28 881952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2011-8-4 137144]
R2 FGUARD64;FGUARD64;C:\Program Files\Folder Guard\FGUARD64.sys [2012-9-10 73552]
R2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2011-8-10 255376]
R2 PfFilter;PfFilter;C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [2014-1-29 39504]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-6-25 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-6-25 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-6-25 171928]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-3-13 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2014-1-29 34848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2014-3-31 271064]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-3-31 888536]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2014-1-30 14544]
S1 fzwgfhko;fzwgfhko;C:\Windows\System32\drivers\fzwgfhko.sys [2014-6-20 55104]
S1 wsmolbie;wsmolbie;C:\Windows\System32\drivers\wsmolbie.sys [2014-6-24 55104]
S2 AutoInstallEJCD;Auto Install Eject CD Service; [x]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
S2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2014-1-29 341824]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-1-28 2152736]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
S3 DataSafeService;DataSafe Service 1.0;C:\Program Files (x86)\SofGem\DataSafe Backup 1.0\DataSafeService.exe [2009-4-13 14848]
S3 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2011-5-29 36456]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-12 111616]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_hs.sys [2014-1-30 20232]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-19 23152]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 QW720S64;Qwest 802.11n XN720 Driver(win7);C:\Windows\System32\drivers\WLANUHN.sys [2012-3-12 752640]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-28 19456]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-13 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-28 30208]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2014-1-29 23016]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-13 1255736]
S3 ZDCNDIS6a64;ZDCNDIS Protocol Driver;C:\Windows\System32\ZDCNDIS6a64.sys [2012-3-12 45624]
S4 DataSafeHelper;DataSafe Helper 1.0;C:\Program Files (x86)\SofGem\DataSafe Backup 1.0\DataSafeHelper.exe [2009-4-13 12800]
S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2014-1-29 23048]
S4 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-1-27 227904]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-19 652872]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-26 00:23:32 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\tmeaelpx.exe
2014-06-25 22:24:25 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\qgcrsgpr.exe
2014-06-25 21:50:22 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\hfvkarcw.exe
2014-06-25 20:25:16 139264 ----a-w- C:\Users\Ghostryan\AppData\Local\dljutjde.exe
2014-06-25 20:08:12 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\xpqjpxdf.exe
2014-06-25 18:09:04 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\xmkvcqfi.exe
2014-06-25 14:10:31 92688 ----a-w- C:\Users\Ghostryan\AppData\Local\ejnredfa.exe
2014-06-25 12:11:21 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\vntulhjx.exe
2014-06-25 10:12:13 92688 ----a-w- C:\Users\Ghostryan\AppData\Local\caxwaqxw.exe
2014-06-25 09:38:09 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\orncfgmw.exe
2014-06-25 09:18:56 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-06-25 09:18:53 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-06-25 09:18:43 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-25 08:13:04 92688 ----a-w- C:\Users\Ghostryan\AppData\Local\upfwbpsf.exe
2014-06-25 07:39:49 -------- d-----w- C:\Users\Ghostryan\AppData\Roaming\ProductData
2014-06-25 06:13:49 92688 ----a-w- C:\Users\Ghostryan\AppData\Local\triqlokm.exe
2014-06-25 05:39:45 92688 ----a-w- C:\Users\Ghostryan\AppData\Local\mxrpjdwk.exe
2014-06-25 04:14:38 92688 ----a-w- C:\Users\Ghostryan\AppData\Local\goupjhor.exe
2014-06-25 02:15:30 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\mpwxcdfw.exe
2014-06-25 01:41:17 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\tppmbitt.exe
2014-06-25 00:16:09 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\owvwxwdg.exe
2014-06-24 22:17:02 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\ebsiiieb.exe
2014-06-24 21:42:59 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\xlklterc.exe
2014-06-24 20:17:53 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\voqrpvdl.exe
2014-06-24 18:52:48 139264 ----a-w- C:\Users\Ghostryan\AppData\Local\idvocpfp.exe
2014-06-24 18:18:45 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\osuawcpc.exe
2014-06-24 17:44:41 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\rpugtftm.exe
2014-06-24 16:19:35 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\ldnhcame.exe
2014-06-24 14:20:29 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\ccaihgkk.exe
2014-06-24 13:46:25 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\cvjqrvhv.exe
2014-06-24 12:21:17 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\hcddxqdh.exe
2014-06-24 10:22:10 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\fjtchwso.exe
2014-06-24 09:48:07 114696 ----a-w- C:\Users\Ghostryan\AppData\Local\thbphdkc.exe
2014-06-24 09:45:31 55104 ----a-w- C:\Windows\System32\drivers\wsmolbie.sys
2014-06-24 09:35:42 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B36AE4C-C71C-45BC-8518-60CB33F42111}\offreg.dll
2014-06-24 09:31:32 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B36AE4C-C71C-45BC-8518-60CB33F42111}\mpengine.dll
2014-06-24 08:23:01 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\rumtouqe.exe
2014-06-24 02:07:50 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\aalecdbt.exe
2014-06-24 01:50:48 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\qqoxtxmt.exe
2014-06-24 00:08:42 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\viiuewnh.exe
2014-06-23 22:09:34 92688 ----a-w- C:\Users\Ghostryan\AppData\Local\axnjopoo.exe
2014-06-23 21:52:32 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\aehuwlxj.exe
2014-06-23 20:10:18 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\lvflfjxm.exe
2014-06-23 19:53:16 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\xgqankje.exe
2014-06-23 08:09:58 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\wsabbsjl.exe
2014-06-23 06:10:45 92688 ----a-w- C:\Users\Ghostryan\AppData\Local\hmfkvtqe.exe
2014-06-23 05:53:41 92688 ----a-w- C:\Users\Ghostryan\AppData\Local\xatwjiii.exe
2014-06-23 04:11:26 92688 ----a-w- C:\Users\Ghostryan\AppData\Local\updokjig.exe
2014-06-23 02:12:12 92688 ----a-w- C:\Users\Ghostryan\AppData\Local\spejkboj.exe
2014-06-23 01:38:06 92688 ----a-w- C:\Users\Ghostryan\AppData\Local\rcqoojjq.exe
2014-06-23 00:12:54 92688 ----a-w- C:\Users\Ghostryan\AppData\Local\dfgdafgf.exe
2014-06-22 22:13:40 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\iupqetvp.exe
2014-06-22 21:39:34 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\eltdvrsc.exe
2014-06-22 20:14:22 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\ukxwtasn.exe
2014-06-22 18:15:09 114696 ----a-w- C:\Users\Ghostryan\AppData\Local\dxuwtjvo.exe
2014-06-22 17:41:02 114696 ----a-w- C:\Users\Ghostryan\AppData\Local\ofghsbbc.exe
2014-06-22 16:15:52 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\xtnqrlst.exe
2014-06-22 14:16:34 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\xsthhxqq.exe
2014-06-22 13:42:28 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\abxttkpf.exe
2014-06-22 12:17:17 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\ksruvkjq.exe
2014-06-22 10:18:05 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\qkchmuru.exe
2014-06-22 09:44:00 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\cldehqhq.exe
2014-06-22 08:18:39 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\sedkgkbw.exe
2014-06-22 06:19:30 114696 ----a-w- C:\Users\Ghostryan\AppData\Local\bfnqiswx.exe
2014-06-22 05:45:19 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\cvvtfstm.exe
2014-06-22 04:19:56 114696 ----a-w- C:\Users\Ghostryan\AppData\Local\moqvleqe.exe
2014-06-22 02:20:35 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\svcsmlbl.exe
2014-06-22 01:46:26 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\fnamehih.exe
2014-06-22 00:21:13 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\wlwwneql.exe
2014-06-21 22:21:48 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\gcikvkrv.exe
2014-06-21 21:47:41 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\qgdvmvrc.exe
2014-06-21 20:22:27 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\lsdximhp.exe
2014-06-21 18:23:06 114696 ----a-w- C:\Users\Ghostryan\AppData\Local\dowroopm.exe
2014-06-21 17:48:59 114696 ----a-w- C:\Users\Ghostryan\AppData\Local\gfgdnolb.exe
2014-06-21 17:14:53 114696 ----a-w- C:\Users\Ghostryan\AppData\Local\cbsuaglv.exe
2014-06-21 09:41:33 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\dxulmwup.exe
2014-06-21 08:16:18 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\efritvsg.exe
2014-06-21 06:17:04 98048 ----a-w- C:\Users\Ghostryan\AppData\Local\lsugtsfq.exe
2014-06-21 05:42:59 98048 ----a-w- C:\Users\Ghostryan\AppData\Local\tlbajvrh.exe
2014-06-21 04:34:46 98048 ----a-w- C:\Users\Ghostryan\AppData\Local\jwkwketx.exe
2014-06-21 02:16:58 98048 ----a-w- C:\Users\Ghostryan\AppData\Local\wfnlbgjt.exe
2014-06-21 01:42:56 98048 ----a-w- C:\Users\Ghostryan\AppData\Local\atnkgcmb.exe
2014-06-21 00:17:51 98048 ----a-w- C:\Users\Ghostryan\AppData\Local\oqotcnje.exe
2014-06-20 22:18:44 98048 ----a-w- C:\Users\Ghostryan\AppData\Local\hlqeqeos.exe
2014-06-20 21:44:41 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\taqabqot.exe
2014-06-20 20:19:35 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\thqsfolx.exe
2014-06-20 18:34:36 55104 ----a-w- C:\Windows\System32\drivers\fzwgfhko.sys
2014-06-20 18:20:27 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\klcaqehp.exe
2014-06-20 18:03:25 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\xjlugvfk.exe
2014-06-20 10:23:37 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\twmnjfmd.exe
2014-06-20 09:49:34 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\ebupcdhj.exe
2014-06-20 08:07:27 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\eexkvtlj.exe
2014-06-20 06:08:19 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\iexjnwgf.exe
2014-06-20 05:51:17 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\ebkwdvee.exe
2014-06-20 04:09:09 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\okbtsroh.exe
2014-06-20 02:17:27 -------- d-----w- C:\ProgramData\.mono
2014-06-20 02:10:01 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\pwiamcne.exe
2014-06-20 01:52:58 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\atccvcjn.exe
2014-06-20 00:10:51 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\bbmrgbwa.exe
2014-06-19 22:11:43 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\bvqxjjmw.exe
2014-06-19 21:37:28 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\lasfrkex.exe
2014-06-19 20:12:17 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\xbbdxnbh.exe
2014-06-19 18:13:10 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\xcertkjr.exe
2014-06-19 17:39:07 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\jcmraxcv.exe
2014-06-19 16:14:01 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\hconhrpc.exe
2014-06-19 14:14:53 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\xqoiflgj.exe
2014-06-19 13:40:50 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\dlocbmmc.exe
2014-06-19 12:15:44 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\tkcxrhav.exe
2014-06-19 10:15:51 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\tnavghfu.exe
2014-06-19 09:41:48 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\fkiaevrm.exe
2014-06-19 08:16:43 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\kchfjkfw.exe
2014-06-19 06:17:36 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\frkahboh.exe
2014-06-19 05:43:34 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\pcntddel.exe
2014-06-19 04:18:27 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\ckusodux.exe
2014-06-19 02:19:21 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\pmdwfiwk.exe
2014-06-19 01:44:05 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\ipfqelqg.exe
2014-06-19 00:18:54 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\wtawfubm.exe
2014-06-18 22:19:41 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\oojkokaw.exe
2014-06-18 21:45:35 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\spehhkvm.exe
2014-06-18 20:20:26 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\rsvuwntr.exe
2014-06-18 18:19:23 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\wljeioiw.exe
2014-06-18 17:45:17 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\ixqwwgsw.exe
2014-06-18 16:20:06 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\mramfevi.exe
2014-06-18 14:20:53 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\qngelbvq.exe
2014-06-18 13:46:47 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\itdajubg.exe
2014-06-18 12:21:38 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\lfxotvop.exe
2014-06-18 10:10:34 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\tkotersb.exe
2014-06-18 09:53:32 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\qdfjuglf.exe
2014-06-18 08:11:25 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\wmwwleok.exe
2014-06-18 06:12:17 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\nwlxgplk.exe
2014-06-18 05:38:12 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\tcvqrsiw.exe
2014-06-18 04:13:05 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\gxhgbhpc.exe
2014-06-18 02:13:58 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\mbpkirvu.exe
2014-06-18 01:39:54 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\fwklouec.exe
2014-06-18 00:14:48 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\nrxdfsis.exe
2014-06-17 22:15:41 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\nrswdosk.exe
2014-06-17 21:41:35 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\aqqiccsa.exe
2014-06-17 20:15:42 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\jphortpj.exe
2014-06-17 18:16:28 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\mtjahxtp.exe
2014-06-17 17:42:25 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\sjcbvevj.exe
2014-06-17 16:16:44 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\stphwrag.exe
2014-06-17 14:17:37 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\fsejrnui.exe
2014-06-17 13:43:34 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\hqjqraqi.exe
2014-06-17 12:18:29 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\qdsstgns.exe
2014-06-17 10:19:19 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\wpuclbiv.exe
2014-06-17 09:45:16 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\hkulwftv.exe
2014-06-17 08:20:08 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\rqrsxmsd.exe
2014-06-17 07:31:06 -------- d-----w- C:\Program Files (x86)\8BallClub
2014-06-17 06:37:48 -------- d-----w- C:\Users\Ghostryan\AppData\Local\Adobe
2014-06-17 06:20:58 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\mghdukqs.exe
2014-06-17 05:46:55 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\ebfbqacc.exe
2014-06-17 04:21:45 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\cxfbatap.exe
2014-06-17 02:22:38 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\ssjviurj.exe
2014-06-17 01:48:35 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\udcmgaot.exe
2014-06-17 00:23:29 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\fsrwuqew.exe
2014-06-16 22:07:21 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\gqqcbhun.exe
2014-06-16 21:50:18 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\ciikgrua.exe
2014-06-16 20:08:12 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\sqlldqwe.exe
2014-06-16 18:42:57 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\jqgqaqet.exe
2014-06-16 08:09:42 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\pwcjmawv.exe
2014-06-16 02:12:09 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\pjmolnde.exe
2014-06-16 01:38:06 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\rwassjpg.exe
2014-06-16 00:30:01 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\gjmrkaie.exe
2014-06-15 22:57:21 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\hhxqptha.exe
2014-06-14 16:12:59 -------- d-----w- C:\Users\Ghostryan\AppData\Local\Logishrd
2014-06-14 00:42:40 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\blcewlgn.exe
2014-06-13 22:13:10 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\xhwtsscm.exe
2014-06-13 21:38:10 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\mqacdfco.exe
2014-06-13 20:46:39 86024 ----a-w- C:\Users\Ghostryan\AppData\Local\gmmrsfva.exe
2014-06-13 08:10:43 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\lxdqceiq.exe
2014-06-13 05:37:33 109072 ----a-w- C:\Users\Ghostryan\AppData\Local\equxsmbt.exe
2014-06-13 04:20:57 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-13 04:20:56 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-13 02:10:53 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\iadwnwcc.exe
2014-06-13 01:53:50 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\aidmsjwk.exe
2014-06-13 01:13:06 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-06-13 01:13:05 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-06-13 01:12:16 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-06-13 01:12:16 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-06-13 01:11:32 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-06-13 01:11:32 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-06-13 01:11:32 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-06-13 01:11:32 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-06-13 01:11:32 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-06-13 01:11:32 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-06-13 01:11:32 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-06-13 01:11:32 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-06-13 01:10:41 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-13 01:10:40 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-06-12 17:37:09 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\fukkcaoi.exe
2014-06-12 10:14:34 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\mkpwkqjh.exe
2014-06-12 09:48:31 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\rfcrmddd.exe
2014-06-12 08:17:25 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\vvtojojw.exe
2014-06-12 06:07:15 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\ucpxlhav.exe
2014-06-12 05:41:12 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\lkhvwrgb.exe
2014-06-12 04:10:04 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\vnskkegs.exe
2014-06-12 02:12:56 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\ripjulbi.exe
2014-06-12 01:46:53 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\afocmtbs.exe
2014-06-12 00:15:46 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\rxgjwbwr.exe
2014-06-11 22:18:38 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\oawwklde.exe
2014-06-11 21:52:35 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\gfhvwlqu.exe
2014-06-11 20:18:08 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\ahsxlxge.exe
2014-06-11 18:19:52 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\vtpntwvr.exe
2014-06-11 16:09:35 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\vvvccoti.exe
2014-06-11 09:45:58 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\rdifigel.exe
2014-06-11 08:14:44 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\oxobqpog.exe
2014-06-11 04:19:58 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\davonehb.exe
2014-06-10 21:48:48 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\rxjnfqbo.exe
2014-06-10 20:16:38 131080 ----a-w- C:\Users\Ghostryan\AppData\Local\ncmrwfgl.exe
2014-06-10 18:10:05 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\shelpqii.exe
2014-06-10 17:57:02 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\eikpkevw.exe
2014-06-10 17:38:15 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\vwusaxue.exe
2014-06-10 00:16:47 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\rampputa.exe
2014-06-09 22:19:39 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\pifhgwno.exe
2014-06-09 21:40:36 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\pidgdevf.exe
2014-06-09 18:11:51 72208 ----a-w- C:\Users\Ghostryan\AppData\Local\dhogkwbb.exe
2014-06-09 17:45:48 72208 ----a-w- C:\Users\Ghostryan\AppData\Local\mdvcatau.exe
2014-06-09 13:38:29 72208 ----a-w- C:\Users\Ghostryan\AppData\Local\qmhcalad.exe
2014-06-09 12:07:23 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\ddevairl.exe
2014-06-09 10:10:15 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\fidxapho.exe
2014-06-09 09:44:12 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\xbifiwlh.exe
2014-06-09 08:13:06 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\vtqqjeva.exe
2014-06-09 06:15:57 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\purakhel.exe
2014-06-09 05:49:54 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\svbwvpgi.exe
2014-06-08 17:40:51 72720 ----a-w- C:\Users\Ghostryan\AppData\Local\ktbwvgnt.exe
2014-06-08 16:09:44 77832 ----a-w- C:\Users\Ghostryan\AppData\Local\mirvlgjv.exe
2014-06-07 18:11:53 109072 ----a-w- C:\Users\Ghostryan\AppData\Local\hxiqiwgl.exe
2014-06-07 17:45:50 109072 ----a-w- C:\Users\Ghostryan\AppData\Local\fksbttaa.exe
2014-06-07 16:14:41 109072 ----a-w- C:\Users\Ghostryan\AppData\Local\gdxbnfbo.exe
2014-06-07 10:09:59 109072 ----a-w- C:\Users\Ghostryan\AppData\Local\bpxbxwms.exe
2014-06-07 09:43:57 109072 ----a-w- C:\Users\Ghostryan\AppData\Local\hoaqmrio.exe
2014-06-07 08:12:51 109072 ----a-w- C:\Users\Ghostryan\AppData\Local\tlxargdc.exe
2014-06-07 02:08:01 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\omauxako.exe
2014-06-07 01:41:58 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\cuoniwfl.exe
2014-06-07 00:09:18 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\faxpbqiw.exe
2014-06-06 09:37:17 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\lsomioom.exe
2014-06-06 08:19:10 135176 ----a-w- C:\Users\Ghostryan\AppData\Local\dxwetloj.exe
2014-06-06 05:42:56 72720 ----a-w- C:\Users\Ghostryan\AppData\Local\gmlntdxt.exe
2014-06-05 21:41:17 109072 ----a-w- C:\Users\Ghostryan\AppData\Local\rnpibitc.exe
2014-06-05 20:09:22 109072 ----a-w- C:\Users\Ghostryan\AppData\Local\fgjdituh.exe
2014-06-05 06:19:42 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\fbwrtvhh.exe
2014-06-05 05:40:37 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\kkautumo.exe
2014-06-05 04:09:28 113168 ----a-w- C:\Users\Ghostryan\AppData\Local\ujeliqis.exe
2014-06-05 02:12:19 106504 ----a-w- C:\Users\Ghostryan\AppData\Local\afxboehl.exe
2014-06-05 01:46:17 106504 ----a-w- C:\Users\Ghostryan\AppData\Local\rxttgbpn.exe
2014-06-05 00:15:09 106504 ----a-w- C:\Users\Ghostryan\AppData\Local\fodkkttp.exe
2014-06-04 09:40:37 72720 ----a-w- C:\Users\Ghostryan\AppData\Local\glmvkwvo.exe
2014-06-03 08:11:23 106504 ----a-w- C:\Users\Ghostryan\AppData\Local\vngwimex.exe
2014-06-03 06:13:21 106504 ----a-w- C:\Users\Ghostryan\AppData\Local\fnimalwb.exe
2014-06-03 05:47:01 106504 ----a-w- C:\Users\Ghostryan\AppData\Local\btclrrav.exe
2014-06-03 04:14:57 106504 ----a-w- C:\Users\Ghostryan\AppData\Local\khcqlcgg.exe
2014-06-03 02:15:45 106504 ----a-w- C:\Users\Ghostryan\AppData\Local\ftufhhkm.exe
2014-06-03 01:49:36 106504 ----a-w- C:\Users\Ghostryan\AppData\Local\bfxbuvat.exe
2014-06-03 00:16:57 106504 ----a-w- C:\Users\Ghostryan\AppData\Local\lshvuvvc.exe
2014-06-02 18:23:05 109072 ----a-w- C:\Users\Ghostryan\AppData\Local\cvdxfeal.exe
2014-06-02 18:19:57 109072 ----a-w- C:\Users\Ghostryan\AppData\Local\lujrkojj.exe
2014-06-02 18:16:40 109072 ----a-w- C:\Users\Ghostryan\AppData\Local\olitmnum.exe
2014-06-01 05:52:41 -------- d-----w- C:\Users\Ghostryan\AppData\Local\Yummy Interactive Inc
.
==================== Find3M ====================
.
2014-06-14 16:12:49 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2014-06-13 00:46:15 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-13 00:46:15 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-15 09:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-15 03:14:16 880040 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2014-04-15 03:14:11 802728 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2014-04-15 03:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-09 16:34:05 353864 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-04-09 16:34:04 505416 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-04-01 06:25:46 9889352 ----a-w- C:\Windows\SysWow64\RsCRIcon.dll
2014-04-01 06:25:46 271064 ----a-w- C:\Windows\System32\drivers\RtsUStor.sys
2014-04-01 06:18:20 888536 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2014-04-01 06:18:20 73800 ----a-w- C:\Windows\System32\RtNicProp64.dll
2014-04-01 06:18:20 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2014-03-31 16:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-01-21 07:27:59 50053120 ----a-w- C:\Program Files (x86)\GUT8045.tmp
.
============= FINISH: 18:06:51.22 ===============

ken545
2014-06-26, 17:47
:snwelcome:

Those files you have so many of may be related to the Vundo Trojan, have not seen that in awhile.


Your aswMBR log is not complete, please run it again and post the log .


http://i.imgur.com/1QYkxTZ.jpg Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

Double click the aswMBR icon to run it.
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

I just want to see the report....Please Do Not Fix Anything











http://i.imgur.com/GUZVCQN.jpg Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

http://i24.photobucket.com/albums/c30/ken545/MBAM_zps65e8300e.jpg (http://s24.photobucket.com/user/ken545/media/MBAM_zps65e8300e.jpg.html)


Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click Update Now
After the update completes, click the Scan Now Button.


http://i24.photobucket.com/albums/c30/ken545/MBAM2_zpsabeea657.jpg (http://s24.photobucket.com/user/ken545/media/MBAM2_zpsabeea657.jpg.html)


A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Ghostryan
2014-06-26, 22:50
Well i try to run several times , deleted and downloaded a few times, task manager says no responce ,so i end task,only shows exit and save highlighted . I downloaded from public avast also but did not work. Was not sure but want to send ya the Search results from Spy bot - Search & Destroy i hope this might help. I compressed i hope that was the proper thing to do. thanks hope to here from ya soon.

ken545
2014-06-26, 23:04
OK, lets forget aswMBR for now, go ahead and download, install and run Malwarebytes. Your Spybot log is showing lots of bogus toolbars and such

Ghostryan
2014-06-27, 00:47
i wanted to say that when i try to run the ERUNT that this error says . error saving file c/users\ghostryan\Desktop\Ghost\6-26-20014\software!} and i press yes 5 times and at the end of comands on 2nd says default! 3rd security! 4th sam! I dont know just thought i would mention it. ok i will run Malwarebytes Anti-Malware then send report.

ken545
2014-06-27, 02:28
Lets wait until I see what Malwarebytes removes and then I will link you to a better reg backup program

Ghostryan
2014-06-27, 06:13
Ok this is what came up after scan , wow to much sickness :mad: I will fallow what ever you say to do, You did say not to fix anything so i didn't check any of them to fix or delete. However i still have it open at this point and time, 6:26 pm 6\26\14 :red:

ken545
2014-06-27, 13:45
Good Morning,

All I can say is wow, all that stuff needs to go




Threat Scan < --- Select this type of scan
Custom Scan
Hyper Scan



Next click the Scan Now button.
When the scan is complete, if no malicious items are found you can close the program.
If malicious items are found be sure that everything is checked, and click Quarantine .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Ghostryan
2014-06-28, 09:21
Thanks Ken i did make sure that all those boxes were checked, then quarantined .{The Log that i just sent you is what i quarantined} Asked me to reboot so i did, and.{ Error Saving File c:\windows\ERNDT\AutoBackup\6-27\BCD! }Continue with next file? [RegcreateKeyEx:5Access Denied] I clicked yes i think it was 6 times then box cleared. Now you didn't say wether to scan again with malwarebytes or spy bot . couldn't find a threat scan for malwarebytes but i am sure that is the program that you want me to run. Anyway i will do that and send log file in the morning, i work late so might be late when i am able to see your reply . Thanks again Ken have a good day.

ken545
2014-06-28, 14:19
Good Morning,

Open Malwarebytes and check for updates, then run a new Threat Scan , if the log is clean let me know, if not post the log please.



THEN

Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Ghostryan
2014-06-28, 21:05
Ok ken scan came up with 19 files, i quarantined all,, ask to reboot and did so. But before i rebooted i ran Farbar tool . After reboot still came up error saveing the ERDNT thing ? Anyway here are the logs. Thanks again for the help, check ya later tonight.

ken545
2014-06-28, 22:01
Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Please Run this program only once
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply








-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.





http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Ghostryan
2014-06-29, 18:24
A very cool thing when we can kill some evil in this world, i think we did good.

ken545
2014-06-29, 18:56
Can you explain to me how you acquired the listed software

ashampoo burning studio 14

genius v12

eset.smart.security.5.&.eset.nod32.antivirus.5

malwarebytes anti-malware v1.60.0.1800

glary utilities pro 2.48.0.1568

nero 10.0

xilisoft.video.converter.ultimate

acdsee video converter pro

sony acid pro 7

Ghostryan
2014-06-30, 07:17
All of those i am sure were from torrent's . I don't have any use for them . pretty sure my son in law did those when suggested that he could get a good anti virus for me. I will uninstall all if that helps .

ken545
2014-06-30, 13:05
Read this please. Reply # 4
http://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-(Please-read-this-Procedure-Before-Requesting-Assistance)

You have illegal software on your system, this is how you infected your computer, besides it being illegal, cracked/keygens are one of the fastest ways of infecting your system, 100% of Cracked/KeyGen software contains some form of malicious code. This forum as well as most of the other malware removal forums do not support the use of illegal software, if I was to continue helping you it could be construed in the eyes of the law as aiding and abetting a crime. In using the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product concerned. The distribution and use of cracked software is illegal in almost every developed country. They are also one of the biggest causes of infection. This applies to Cracks, Keygens and Warez

In the future I strongly suggest you stay away from using cracks and/or Keygens. If you you want to continue, what I need you to do is to look through the CKScanner log and uninstall all the illegal software that you have downloaded and installed . After you uninstall them all, run CKScanner again and post a new log. If I dont hear back from you in 24 hours this thread will be closed and no more help will be offered.

Ghostryan
2014-07-01, 08:45
Ken i do understand and have read the rules, I am going to take your advice and uninstall , delete or what ever it takes to have my pc run better, just 24hrs is not enough time, not sure after looking at installed programs because not all that is on list is there, So i guess i copy from CKscanner log and paste ,, then search my pc and delete. After 24hrs Can i post a new topic when i am sure all is deleted ?Thanks again ken hope to here from you.

ken545
2014-07-01, 14:29
Good Morning,

The 24 hour reply was just for your acknowledgement, take the time you need to uninstall those programs. You may want to ask your son in law for help as you stated he installed them all. Besides our service helping a person clean up there system we also like to give advice to keep you safe online. If you were sitting in my chair doing what I do and where aware of the threats going around it would make you think twice about using the torrents or any of those other file sharing programs. Do the math, why would someone take an expensive program, crack it, host it on a server somewhere for someone else to come along and download and install it for free ? There are threats going around that can steal all your passwords and log on information for any banking your may do online or sites you use a credit card for purchases, there are even threats that hold your computer hostage until you pay a ransom. There are two that are uncleanable because the infection is so great that it leaves you no other option but to format and reinstall windows. Helped a fellow last year that had one of these uncleanable threats, this threat was named Virut, it infects every .exe file on your system, even in the back up folder so replacing a file is out of the question. This poor guy formatted and reinstalled windows three times and was still infected, he was pulling his hair out and finally came here for help. What he had done was make a backup of his system using Norton Ghost and was using it to reinstall windows....but Norton Ghost was infected as well so it was a vicious circle until he finally got the windows cd to do in reinstall. Virut infects so much that if you made a backup to a cd or thumb drive of your important documents and sometimes photos, did a clean install of windows and then copy those files back to your computer you would be infected all over again so those docs and such would be lost. I am not saying all of this to frighten you, its not my intent, my intent is just to make you aware of whats going on around you and the dangers of downloading cracked software or via the torrents. Using any form of P2P (File sharing) is like playing Russian Roulette malwarewise, you will never know what you will get along with that free program.

You can try this program to uninstall those bad programs and when your done I will link you to free legit antivirus programs unless you plan on purchasing one on your own. You can get by with the free version of Revo, its just a trail , may be good for 30 days, not sure

http://www.revouninstaller.com/revo_uninstaller_free_download.html

Ghostryan
2014-07-02, 08:45
Thanks ken i will download that and run, My son in law dose not live with me anymore, he more than likely is infecting some one's pc,:sick:...And some of those are not installed so i guess i will run the Revo and see what i can do. yes i will need a good free antivirus and other security that you might suggest. OK i will post soon and send log. thanks

ken545
2014-07-02, 13:51
If you go to Programs and Features in the Control Panel, I see these listed, its a good start

µTorrent
Ashampoo Burning Studio 14 v.14.0.1
ACID Pro 7.0
ESET NOD32 Antivirus
Malwarebytes Anti-Malware version 1.60.0.1800
Nero Burning ROM 10
Xilisoft Video Converter Ultimate
DVD Flick 1.3.0.7


This brings adds and really is not needed
IncrediMail

Ghostryan
2014-07-03, 22:25
Keeping in touch so not to lose thread,, I have a couple of them uninstalled ,, The 4th is very busy for me, please bare with me, :) I will get this done. Its a cyber battle between good and evil . As old as time it's self , :police: i will be intouch thanks

ken545
2014-07-03, 22:51
As long as I know your working on it I will keep this thread open for you. Have a nice 4th

Ghostryan
2014-07-05, 20:15
Good morning ken , hope ya had a good 4th, I think this is a good start. I am running with no protection, please suggest free/trial, sucurity ... thanks hope to here from ya soon:rockon:


µTorrent {DELETED}

Ashampoo Burning Studio 14 v.14.0.1 {DELETED}

ACID Pro 7.0 {DELETED}

eset.nod32.antivirus.5 {DELETED}

Malwarebytes Anti-Malware version 1.60.0.1800 {Deleted}

Nero Burning ROM 10 {DELETED}

Xilisoft Video Converter Ultimate {DELETED}

DVD Flick 1.3.0.7 {DELETED},,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

I DID SEARCH FOR THESE AND ONLY FOUND THEM ON LOG'S
eset.smart.security.5.
glary utilities pro 2.48.0.1568
acdsee video converter pro
genius v12
..................................................................................................
IncrediMail, My wife likes but i will talk to her and explain things.

Ghostryan
2014-07-05, 20:33
This is still on pc ? ESET NOD32 Antivirus and is not in uninstall programs window.:police:

ken545
2014-07-05, 21:36
The log is still showing some of those still installed.

Incredimail, not recommended but if your wife likes it you can keep it

You can try this free Antivirus from Microsoft
http://www.microsoft.com/en-us/download/details.aspx?id=5201


Run this program and see if it will find and remove ESET

Run AppRemover

Vista , Win 7 users, right click on the icon and select "run as administrator"

Please download AppRemover (http://www.appremover.com/) and save it to your desktop.
Double click on AppRemover.exe to run it.
Uncheck "Enable anonymous usage statistics. No personal data will be recorded."
Click on the Next button.
Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do.
Click on the Next button.
A scan begins, please wait. Once done, click on the Next button.
Now you should have a list of your installed security programs, choose the one you want to uninstall and click on the Next button.
Follow the last step and reboot if asked to do so.




Either way, when your done with the above run a new scan with FRST , make sure when you open it to check the addtion so I can see a new FRST and Addition logs

Ghostryan
2014-07-06, 10:04
OK ran as addmin , never was a box to uncheck Enable anonymous usage statistics.. Found the new AVG 2014 trial that i just got, and found eset "All 5" times said encounter a problem and wanted me to send a report..{ Did Not send}I did stop protection from avg while running Appremover. I also try Revo and there it was in the list, but wile doing the safe scan windows asked for valid key, so i click ok.. ask to restart so to rid rest of files { And Did So }..ESET Still came up and wanted to update . Crappy ..I have a bad feeling about this . Anyway i trust ya that we can do this , i am sure you encounter harder tasks:red: I try to be as detailed as i can . It's late and need to rest catch ya tomorrow. PS: should i do anything with avg such as to scan/ clean etc ? I do nothing unless you say.

ken545
2014-07-06, 15:16
You can run a scan with AVG and see what it comes up with, post the results here for me to see


Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Ghostryan
2014-07-09, 08:53
"Whole Computer Scan"
"High severity";"5";"5";"0"
"Medium severity";"4";"4";"0"
"Scanned folders:";"Scan Whole Computer"
"Started:";"7/7/2014, 2:07:31 AM"
"Finished:";"7/7/2014, 3:58:17 AM"
"Scanned items:";"203997"
"Launched by:";"Ghostryan"

"Name";"Description";"Status";"Status";"Priority"
"C:\Users\Ghostryan\AppData\LocalLow\MarchOfWar\game_Data\Managed\Assembly-CSharp.dll";"Corrupted executable file";"Secured";"Healed";"Medium"
"C:\Users\Ghostryan\Desktop\Ghost\Downloadder\EXE\Software\Driver Genius v12 0 0 1211 Incl. Crack [ThumperDC]\Driver Genius v12 0 0 1211 Incl. Crack [ThumperDC].exe";"Virus found Fat-Obfuscated";"Secured";"Healed";"High"
"C:\Users\Ghostryan\AppData\Local\Google\Chrome\User Data\Profile 2\File System\001\t\00\00000000";"Found MalSign.Generic.F7D";"Secured";"Healed";"Medium"
"C:\Users\Ghostryan\AppData\Local\cjouaclt.exe";"Trojan horse Downloader.Generic13.CGYE";"Secured";"Healed";"High"
"C:\Users\Ghostryan\AppData\Local\qnlomufc.exe";"Trojan horse Inject2.ALWL";"Secured";"Healed";"High"
"C:\Users\Ghostryan\Desktop\Ghost\Downloadder\EXE\ACDSee Video Converter Pro 4.1.0.166 Incl. KeyMaker-CORE\CORE\keygen.exe";"Potentially harmful program RemoteAdmin.COZ";"Secured";"Healed";"Medium"
"C:\Users\Ghostryan\Desktop\Ghost\Downloadder\EXE\Software\WinRAR.v4.11.x64.Incl.KEYGEN-FFF\Keygen\WinRAR.v4.11.KEYGEN-FFF.exe";"Trojan horse Generic36.QCP";"Secured";"Healed";"High"
"C:\Users\Ghostryan\Desktop\Ghost\Downloadder\EXE\Software\Nero 10.0 + Serials en Keygen - DivXNL-Team\Nero Multimedia Suite 10 - Keygen.exe";"Potentially harmful program Crack.AQF";"Secured";"Healed";"Medium"
"C:\Users\Ghostryan\AppData\Local\qbuubrra.exe";"Trojan horse Downloader.Generic13.CGYQ";"Secured";"Healed";"High"
:rolleyes:

ken545
2014-07-09, 12:45
Good Morning,

This system is a mess, a good option would be to format the hard drive and do a nice fresh reinstall of windows then you can be reassured that everything would be fine. Even after cleaning this system its going to leave it compromised, that means its never to be trusted to do any online banking or purchases with a credit card. Do you have the windows CD for this computer ? Another thing I would do is if your son in law ever comes over for a visit I would take this computer and hide it in a closet and not let him anywhere near it, I cant believe all the damage he has caused you.

IObit <-- This is from a company in China that has stolen all the databases and what not from Malwarebytes, you need to uninstall this one also
http://blogs.computerworld.com/15026/iobit_accused_of_stealing_from_malwarebytes


I looked at your FRST logs briefly, I will be offline the rest of the day until this evening and will give them a more thorough look when I return.

In the meantime lets run Combofix and see how much of this garbage it may remove, I am sure the manufacturer has installed the Recovery Console so you may not have to install it



Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Ghostryan
2014-07-09, 14:39
:red::spider:

ken545
2014-07-09, 14:49
When you asked about antivirus software I suggested Microsoft Security Essentials, you installed AVG along with the AVG safesearch toolbar, AVG is fine but the toolbar is not secure.

You never said if you want to reinstall windows.

Be back later this evening

ken545
2014-07-10, 01:35
You have this program installed, it may be preventing the other programs from being uninstalled. Go to Programs and Features in the Control Panel and uninstall it.
(WinAbility® Software Corporation) C:\Program Files\Folder Guard\FGKey64.exe


Then uninstall these programs

acdsee video converter pro 4.1.0.166
ashampoo burning studio 14 build 14.0.1.12
daemon tools pro advanced
glary utilities pro
malwarebytes anti-malware v1.60
sony acid pro 7.
xilisoft.video.converter

After your done run a new scan with CKScanner and post the log

Ghostryan
2014-07-11, 09:48
I am sorry but when i looked at page 1 ya ask me to get Malwarebytes Anti-Malware .And send log info, For some reason i didn't do that. So i am doing that now...... And i will try to find avg tool bar that i don't need. Furthermore i did delete all of these programs .acdsee video converter pro 4.1.0.166
ashampoo burning studio 14 build 14.0.1.12
daemon tools pro advanced
glary utilities pro
malwarebytes anti-malware v1.60
sony acid pro 7.
xilisoft.video.converter.. Then searched in start menue and found nothing. So the ESET NOD is still wanting to run but i disable it so it wont clash with AVG. And it's not in the uninstall programs list.

ken545
2014-07-11, 12:41
Run a new scan with CKScanner and post the log

Ghostryan
2014-07-12, 20:13
CKScanner not responding, try to run as administrator also. Did threat scan with Malwarebytes Anti-Malware. I really don't want to do a fresh install, but leaning towards doing so. If it is going to leave it compromised then what good is doing the fresh install? Please forgive my lack of knowledge ,,, I do trust what you are saying and guidance. Just wondering.:thanks: Is there another scanner that i can use that is like CKSanner ?

ken545
2014-07-12, 21:32
Hi,

When you do a install of windows, if you do a repair install it just copies windows over the current copy and fixes anything that may be missing...BUT...everything on your system remains the same, your computer will still be infected and those illegal infected programs will still be there. What I am talking about is backing up any data you don't want to lose, like word docs, spreadsheets, pictures and the like to a CD or thumb drive, then formatting the drive, this basically takes it back down to bare metal with nothing at all on it, then the drive is formatted and windows is installed nice and clean, then you can copy your docs back to the new system. Since you don't have your windows CD, although you can purchase it through the manufacturer, if you did i could link you to a good site that can guide you through the process.

My thoughts, since this has been one heavily infected computer is to bite the bullet and take it to a local computer shop and have them do it for you. Tell them that its very infected and that you want to do a complete format of the hard drive and a clean install of windows, then you would be 100% guaranteed that your system will be malware free and run like new.

Since you cant get CKScanner to run and I have no idea whats left on your system i'm afraid I cant proceed any further. Thanks for understanding my position

Good Luck

Ken

Ghostryan
2014-07-13, 08:02
:bigthumb: yea have a good one.