Jump to content

ogma

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Oh, fabulous! Thank you ever so much for doublechecking for us. We don't have a whole lot of cash to spare but I'm going to check and see with my partner if we can at least donate you a couple of dollars for saving us the worry of not knowing if we got it all. I know you must go through a lot of these things for people in your spare time and that's very kind. Bless you.
  2. Ah, thank you. Here is the FRST file copy-pasted as requested. The other (Addition) has been attached, also as requested. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-01-2014Ran by Zarnite (administrator) on RATCHET on 23-01-2014 09:14:18Running from C:\Users\Zarnite\Desktop\FRST64Windows 8.1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()HKLM\...\Run: [iAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-16] (AVAST Software)HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\2b4f1b02-5033-4130-9fcf-56afd2c4cc33.exe [180184 2013-11-23] (AVAST Software)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.comHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.comHKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.comHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.comHKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.comSearchScopes: HKLM - DefaultScope {995CE584-B6CD-4322-B8C0-27A79F8A4ECA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJSSearchScopes: HKLM - {995CE584-B6CD-4322-B8C0-27A79F8A4ECA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJSSearchScopes: HKLM-x32 - DefaultScope {995CE584-B6CD-4322-B8C0-27A79F8A4ECA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJSSearchScopes: HKLM-x32 - {995CE584-B6CD-4322-B8C0-27A79F8A4ECA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJSSearchScopes: HKCU - DefaultScope {995CE584-B6CD-4322-B8C0-27A79F8A4ECA} URL = SearchScopes: HKCU - {995CE584-B6CD-4322-B8C0-27A79F8A4ECA} URL = BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF ProfilePath: C:\Users\Zarnite\AppData\Roaming\Mozilla\Firefox\Profiles\b92zrofy.default-1384995078951FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No FileFF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No FileFF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)FF Extension: Xmarks - C:\Users\Zarnite\AppData\Roaming\Mozilla\Firefox\Profiles\b92zrofy.default-1384995078951\Extensions\foxmarks@kei.com [2013-11-20]FF Extension: Better Gmail 2 - C:\Users\Zarnite\AppData\Roaming\Mozilla\Firefox\Profiles\b92zrofy.default-1384995078951\Extensions\bettergmail2@ginatrapani.org.xpi [2013-11-20]FF Extension: XKit - C:\Users\Zarnite\AppData\Roaming\Mozilla\Firefox\Profiles\b92zrofy.default-1384995078951\Extensions\xkit@studioxenix.com.xpi [2014-01-19]FF Extension: Stylish - C:\Users\Zarnite\AppData\Roaming\Mozilla\Firefox\Profiles\b92zrofy.default-1384995078951\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-11-20]FF Extension: Adblock Plus - C:\Users\Zarnite\AppData\Roaming\Mozilla\Firefox\Profiles\b92zrofy.default-1384995078951\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-20]FF Extension: Tab Mix Plus - C:\Users\Zarnite\AppData\Roaming\Mozilla\Firefox\Profiles\b92zrofy.default-1384995078951\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-11-20]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-31] ==================== Services (Whitelisted) ================= U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-16] (AVAST Software)U2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)U2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)U2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)U2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)U2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [x]U3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [x]U2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [x] ==================== Drivers (Whitelisted) ==================== U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)U2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [38984 2013-11-16] (AVAST Software)U2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [84328 2013-11-16] (AVAST Software)U1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [92544 2013-10-31] (AVAST Software)U0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-31] ()U1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1032416 2013-11-16] (AVAST Software)U1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [409832 2013-11-08] (AVAST Software)U3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2013-10-31] (The OpenVPN Project)U0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-31] ()U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)U3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)U0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)U3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-23 09:14 - 2014-01-23 09:14 - 00000000 ____D C:\FRST2014-01-23 09:11 - 2014-01-23 09:14 - 00000000 ____D C:\Users\Zarnite\Desktop\FRST642014-01-23 08:00 - 2014-01-23 08:00 - 00001518 _____ C:\Users\Zarnite\Desktop\RKreport[0]_S_01232014_080043.txt2014-01-23 07:58 - 2014-01-23 08:01 - 00000000 ____D C:\Users\Zarnite\Desktop\RK_Quarantine2014-01-23 07:52 - 2014-01-23 07:52 - 04406784 _____ C:\Users\Zarnite\Desktop\RogueKillerX64.exe2014-01-23 00:43 - 2014-01-23 00:48 - 05020016 _____ C:\Users\Zarnite\Desktop\Rkill.txt2014-01-23 00:43 - 2014-01-23 00:43 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Zarnite\Downloads\rkill.exe2014-01-22 21:36 - 2014-01-22 21:36 - 00001058 _____ C:\WINDOWS\PFRO.log2014-01-22 00:28 - 2014-01-23 09:10 - 00222916 _____ C:\WINDOWS\WindowsUpdate.log2014-01-20 00:12 - 2014-01-20 00:12 - 03912191 _____ C:\Users\Zarnite\Downloads\james-kass_code2000.zip2014-01-19 20:11 - 2014-01-22 01:28 - 00000000 ____D C:\Users\Zarnite\Documents\Tumblr2014-01-14 11:09 - 2014-01-14 11:09 - 00000000 ____D C:\Users\Zarnite\Documents\Registration Entries2014-01-01 22:52 - 2014-01-01 22:52 - 00002072 _____ C:\Users\Zarnite\Desktop\The Lord of the Rings Online™.lnk2014-01-01 19:36 - 2014-01-01 19:36 - 00000000 ____D C:\Users\Zarnite\AppData\Local\Chromium2014-01-01 19:33 - 2014-01-01 19:33 - 00000000 ____D C:\Users\Zarnite\AppData\Local\The Lord of the Rings Online2014-01-01 19:31 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll2014-01-01 19:31 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll2014-01-01 19:31 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll2014-01-01 19:31 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll2014-01-01 19:29 - 2014-01-01 19:38 - 00000000 ____D C:\Users\Zarnite\Documents\The Lord of the Rings Online2014-01-01 19:28 - 2014-01-23 00:33 - 00001993 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk2013-12-27 23:54 - 2013-12-27 23:56 - 00000000 ____D C:\Users\Zarnite\AppData\Local\Turbine2013-12-27 23:40 - 2014-01-01 19:14 - 00000000 ____D C:\Users\Zarnite\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbine2013-12-27 23:40 - 2013-12-27 23:40 - 00000000 ____D C:\ProgramData\Turbine2013-12-27 23:36 - 2014-01-01 19:14 - 00000000 ____D C:\Users\Zarnite\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud2013-12-27 23:31 - 2014-01-01 19:33 - 00000000 ____D C:\ProgramData\HappyCloud ==================== One Month Modified Files and Folders ======= 2014-01-23 09:14 - 2014-01-23 09:14 - 00000000 ____D C:\FRST2014-01-23 09:14 - 2014-01-23 09:11 - 00000000 ____D C:\Users\Zarnite\Desktop\FRST642014-01-23 09:10 - 2014-01-22 00:28 - 00222916 _____ C:\WINDOWS\WindowsUpdate.log2014-01-23 09:10 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\sru2014-01-23 08:18 - 2013-11-30 01:08 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-01-23 08:01 - 2014-01-23 07:58 - 00000000 ____D C:\Users\Zarnite\Desktop\RK_Quarantine2014-01-23 08:00 - 2014-01-23 08:00 - 00001518 _____ C:\Users\Zarnite\Desktop\RKreport[0]_S_01232014_080043.txt2014-01-23 07:52 - 2014-01-23 07:52 - 04406784 _____ C:\Users\Zarnite\Desktop\RogueKillerX64.exe2014-01-23 00:54 - 2013-07-19 16:38 - 00000000 ____D C:\WINDOWS\system32\MRT2014-01-23 00:53 - 2013-02-28 15:46 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-01-23 00:53 - 2013-02-26 15:01 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3341353730-563891076-2434624381-10012014-01-23 00:48 - 2014-01-23 00:43 - 05020016 _____ C:\Users\Zarnite\Desktop\Rkill.txt2014-01-23 00:43 - 2014-01-23 00:43 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Zarnite\Downloads\rkill.exe2014-01-23 00:35 - 2013-10-24 23:27 - 00000000 __RDO C:\Users\Zarnite\SkyDrive2014-01-23 00:33 - 2014-01-01 19:28 - 00001993 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-01-23 00:33 - 2013-03-28 16:51 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update2014-01-23 00:32 - 2013-11-30 01:08 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-01-23 00:32 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2014-01-22 22:09 - 2013-10-24 23:01 - 00000000 ____D C:\Users\Zarnite2014-01-22 22:05 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI2014-01-22 22:01 - 2013-12-20 01:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2014-01-22 22:01 - 2013-11-15 14:24 - 00000000 ____D C:\Program Files\Mozilla Firefox2014-01-22 22:01 - 2013-02-26 15:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service2014-01-22 21:54 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\registration2014-01-22 21:54 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep2014-01-22 21:54 - 2013-02-26 15:54 - 00000000 ____D C:\Users\Zarnite\AppData\Roaming\Skype2014-01-22 21:36 - 2014-01-22 21:36 - 00001058 _____ C:\WINDOWS\PFRO.log2014-01-22 01:30 - 2013-02-26 15:57 - 00000000 ____D C:\Users\Zarnite\AppData\Local\Paint.NET2014-01-22 01:28 - 2014-01-19 20:11 - 00000000 ____D C:\Users\Zarnite\Documents\Tumblr2014-01-20 00:12 - 2014-01-20 00:12 - 03912191 _____ C:\Users\Zarnite\Downloads\james-kass_code2000.zip2014-01-14 11:09 - 2014-01-14 11:09 - 00000000 ____D C:\Users\Zarnite\Documents\Registration Entries2014-01-06 16:31 - 2013-08-22 09:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2014-01-06 16:31 - 2013-08-22 09:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-01-01 22:52 - 2014-01-01 22:52 - 00002072 _____ C:\Users\Zarnite\Desktop\The Lord of the Rings Online™.lnk2014-01-01 19:38 - 2014-01-01 19:29 - 00000000 ____D C:\Users\Zarnite\Documents\The Lord of the Rings Online2014-01-01 19:36 - 2014-01-01 19:36 - 00000000 ____D C:\Users\Zarnite\AppData\Local\Chromium2014-01-01 19:33 - 2014-01-01 19:33 - 00000000 ____D C:\Users\Zarnite\AppData\Local\The Lord of the Rings Online2014-01-01 19:33 - 2013-12-27 23:31 - 00000000 ____D C:\ProgramData\HappyCloud2014-01-01 19:16 - 2013-08-22 08:44 - 00409920 _____ C:\WINDOWS\system32\FNTCACHE.DAT2014-01-01 19:14 - 2013-12-27 23:40 - 00000000 ____D C:\Users\Zarnite\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turbine2014-01-01 19:14 - 2013-12-27 23:36 - 00000000 ____D C:\Users\Zarnite\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud2014-01-01 19:14 - 2013-02-26 15:53 - 00000000 ___RD C:\Program Files\Skype2014-01-01 19:05 - 2013-02-26 15:53 - 00000000 ____D C:\ProgramData\Skype2013-12-27 23:56 - 2013-12-27 23:54 - 00000000 ____D C:\Users\Zarnite\AppData\Local\Turbine2013-12-27 23:40 - 2013-12-27 23:40 - 00000000 ____D C:\ProgramData\Turbine Files to move or delete:====================C:\Users\Zarnite\jagex_cl_speccollect_LIVE.datC:\Users\Zarnite\random.dat Some content of TEMP:====================C:\Users\Zarnite\AppData\Local\Temp\ntdll_dump.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-23 00:53 ==================== End Of Log ============================Addition.txt
  3. Hi there. I am going to be doing most of the leg work for my partner based on what you say; thank you for your help. I don't think there's cracked software or anything piracy related on his system? Also, he is running Windows 8, so I take it to mean that by your stating DDS won't run on it that I won't be able to give you those first two logs? If that is a wrong interpretation and I have missed that step please let me know and I will do them. In any case, here is the RogueKiller information. I will go make a system restore point now. RogueKiller V8.8.2 _x64_ [Jan 17 2014] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9200 ) 64 bits version Started in : Normal mode User : Zarnite [Admin rights] Mode : Scan -- Date : 01/23/2014 08:00:43 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABD064 +++++ --- User --- [MBR] a84dd93b5b19931ceaddbccc47850486 [bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_01232014_080043.txt >>
  4. Hello. Earlier this evening I opened a blog on Tumblr and it turned into a fake FBI warning thing saying I had to pay money via Moneypak because it was 'locking my internet' and I wouldn't be able to get on the internet anymore. It wouldn't let me use the browser X button to close so I used the Task Manager to shut off my Chrome browser. I ran a Malwarebytes full scan and it found nothing. I followed advice on the internet regarding getting into safe mode and doing a system restore, as well as checking various folders (like AppData) for suspicious files and even spent time looking for suspicious things in regedit from a list I found. Didn't see anything strange. Ran another scan while in safe mode and nothing. Cleared out everything (history, passwords, cache, the whole 9 yards) from Chrome, booted to normal mode. Ran Rkill and I'm mostly sure it didn't find anything either since it didn't say it did. Incidentally, I am using Chrome to type this and it isn't locked down. Is it safe to assume that I'm okay since nothing ever came up?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.