Jump to content

Error 383 and Ineffective Malware Removal


Recommended Posts

My system has been infected with crazy amounts of malware and adware for a while now. I get new pages opening full of garbage almost any time I click a link, as well as distracting audio and visual advertisements on almost every website. I had Malwarebytes Anti-Malware installed on my system, but was completely ineffective in removing the virus that is causing all of this. I downloaded Spy-Bot as well as Ad-Aware. I uninstalled Malwarebytes, as there was some interference with it and the other programs. When those programs failed to work, and I realized I still wanted Malwarebytes, I did a system restore on my windows 7 to get it back. Now, when I run the program I get the message: Run time error '383' 'Text' property is read only. I have tried looking up the solutions to this, but I am not very good with computers so the solutions sounded like nonsense to me. 

 

I basically have two questions:

1. How do I fix the 383 error? (in words that a computer dummy can understand)

2. How do I get this malware off my machine!!?

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

You would like me to post the results of the FRST in this thread? I think that's what you mean, so here:

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by Izzy (administrator) on IZZY-PC on 14-02-2014 07:20:00
Running from C:\Users\Izzy\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [X]
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Run: [OfficeScanNT Monitor] - c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1103376 2011-02-27] (Trend Micro Inc.)
HKLM\...\Run: [DBRMTray] - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-54219569-583743552-1691902292-1000\...\Run: [uTorrent] - C:\Program Files\uTorrent\uTorrent.exe [895376 2012-07-11] (BitTorrent, Inc.)
HKU\S-1-5-21-54219569-583743552-1691902292-1000\...\Run: [AIM for Windows] - "C:\Users\Izzy\AppData\Local\AOL\AIM\aim.exe"
HKU\S-1-5-21-54219569-583743552-1691902292-1000\...\Run: [OutfoxTV] - C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-54219569-583743552-1691902292-1000\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
AppInit_DLLs: c:\progra~2\bprote~1\22463~1.83\protec~1.dll => File Not Found
Lsa: [Authentication Packages] msv1_0 wvauth
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
URLSearchHook: HKLM - appbario2 Toolbar - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files\appbario2\prxtbappb.dll (Conduit Ltd.)
URLSearchHook: HKCU - appbario2 Toolbar - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files\appbario2\prxtbappb.dll (Conduit Ltd.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {F6B5879A-9FAA-4B33-BC95-599E81BDFFCF} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {C980AF10-42FF-4595-B50A-10F47877091D} URL = 
SearchScopes: HKCU - {F6B5879A-9FAA-4B33-BC95-599E81BDFFCF} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: appbario2 Toolbar - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files\appbario2\prxtbappb.dll (Conduit Ltd.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - appbario2 Toolbar - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files\appbario2\prxtbappb.dll (Conduit Ltd.)
Toolbar: HKCU - appbario2 Toolbar - {CDF97EE2-DED0-4369-835E-99DD08225FA5} - C:\Program Files\appbario2\prxtbappb.dll (Conduit Ltd.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Izzy\AppData\Roaming\Mozilla\Firefox\Profiles\8dgz2ip3.default
FF user.js: detected! => C:\Users\Izzy\AppData\Roaming\Mozilla\Firefox\Profiles\8dgz2ip3.default\user.js
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 - C:\Program Files\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\adawaretb.xml
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2012-05-08]
FF HKLM\...\Firefox\Extensions: [ext@VideoPlayerV3beta922.net] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta922\ff
FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (RuneScape) - C:\Users\Izzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajjblpfpopipimofkhbglcoeknpnfijj [2014-02-11]
CHR Extension: (Angry Birds) - C:\Users\Izzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-02-11]
CHR Extension: (Google Docs) - C:\Users\Izzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-04]
CHR Extension: (Google Drive) - C:\Users\Izzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-04]
CHR Extension: (YouTube) - C:\Users\Izzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-16]
CHR Extension: (Google Search) - C:\Users\Izzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-16]
CHR Extension: (Cut the Rope) - C:\Users\Izzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2014-02-11]
CHR Extension: (SearchGBY) - C:\Users\Izzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep [2012-07-16]
CHR Extension: (Media Player) - C:\Users\Izzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipppgclkpggcpfhkbcibakfkojghibjj [2014-02-04]
CHR Extension: (Fruity Annie) - C:\Users\Izzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbacnfobpliffdmiickfhceamljbcnjf [2014-02-11]
CHR Extension: (The Fancy Pants Adventure: World 2) - C:\Users\Izzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk [2014-02-11]
CHR Extension: (Plants vs Zombies) - C:\Users\Izzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2014-02-11]
CHR Extension: (Google Wallet) - C:\Users\Izzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR Extension: (Gmail) - C:\Users\Izzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-16]
CHR Extension: (Canvas Rider) - C:\Users\Izzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2014-02-11]
CHR HKLM\...\Chrome\Extension: [icmijdhkcgeclpfjmibnginbbkfcbpep] - C:\Program Files\SearchGBY\Extensions\Chrome\searchgby.chrome.v0.9.55.crx [2012-07-10]
CHR HKLM\...\Chrome\Extension: [lbkfjlnghfiieehhopcakfghomogakab] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha319\ch\WebexpEnhancedV1alpha319.crx [2012-07-10]
CHR HKLM\...\Chrome\Extension: [lmpfhbjdcnifodplgpfampodfikbmnjf] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta922\ch\VideoPlayerV3beta922.crx [2012-07-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
S4 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-03-13] (Intel Corporation)
S4 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [179592 2012-01-17] ()
S4 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
S4 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212984 2012-05-21] (Intel Corporation)
S4 ntrtscan; c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1324104 2011-02-18] (Trend Micro Inc.)
S4 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions)
S4 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1517448 2011-11-11] (Wave Systems Corp.)
S4 svcGenericHost; c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50704 2011-04-07] (Trend Micro Inc.)
S4 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] ()
S4 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2864496 2011-12-08] (Wave Systems Corp.)
S4 tmlisten; c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1366592 2011-02-18] (Trend Micro Inc.)
S4 TmPfw; c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497080 2010-07-21] (Trend Micro Inc.)
S4 TmProxy; c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689488 2010-07-21] (Trend Micro Inc.)
S4 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S4 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1189376 2012-01-05] (Wave Systems Corp.)
S4 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [145408 2012-01-16] (Wave Systems Corp.)
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-13] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41216 2011-09-21] (Intel Corporation)
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2012-07-25] (Dell Inc)
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [163920 2010-08-03] (Trend Micro Inc.)
R2 TmFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [249616 2011-03-24] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146000 2010-11-08] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36624 2011-03-24] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90448 2010-11-08] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [282704 2010-11-08] (Trend Micro Inc.)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-03-29] (Texas Instruments)
R2 VSApiNt; c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1331576 2011-03-24] (Trend Micro Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-14 07:20 - 2014-02-14 07:20 - 00017208 _____ () C:\Users\Izzy\Downloads\FRST.txt
2014-02-14 07:19 - 2014-02-14 07:20 - 00000000 ____D () C:\FRST
2014-02-14 07:19 - 2014-02-14 07:19 - 01141248 _____ (Farbar) C:\Users\Izzy\Downloads\FRST.exe
2014-02-14 03:09 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 03:09 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 03:09 - 2014-02-06 04:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 03:09 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 03:09 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 03:09 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 03:09 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 03:09 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 03:09 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 03:09 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 03:09 - 2014-02-06 03:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 03:09 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 03:09 - 2014-02-06 03:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 03:09 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 03:09 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 03:09 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 03:09 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 03:09 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 03:09 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 03:09 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 03:09 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 03:01 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 18:47 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 18:47 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 18:47 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 18:46 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 18:46 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 18:46 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 18:46 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 18:46 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 18:46 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 18:46 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 18:46 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 18:46 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 18:46 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 18:46 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 18:41 - 2014-02-13 18:58 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-13 17:36 - 2014-02-13 17:37 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-02-13 17:30 - 2014-02-13 17:30 - 02604032 _____ () C:\Users\Izzy\Downloads\2C-Remote_Sensing_Ices_on_Mars_Slides.ppt
2014-02-11 20:40 - 2014-02-11 20:40 - 00000000 ____D () C:\Users\Izzy\AppData\Roaming\LavasoftStatistics
2014-02-11 20:40 - 2014-02-11 20:40 - 00000000 ____D () C:\Users\Izzy\AppData\Roaming\Lavasoft
2014-02-11 19:43 - 2014-02-13 18:37 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-02-11 19:43 - 2014-02-13 18:37 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-02-11 19:43 - 2014-02-11 19:43 - 00000000 ____D () C:\Users\Izzy\AppData\Local\adawarebp
2014-02-11 19:43 - 2014-02-11 19:43 - 00000000 ____D () C:\ProgramData\blekko toolbars
2014-02-11 19:42 - 2014-02-11 19:44 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-11 19:39 - 2014-02-11 19:39 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-02-11 19:35 - 2014-02-11 19:35 - 01727624 _____ () C:\Users\Izzy\Downloads\Adaware_Installer.exe
2014-02-11 19:35 - 2014-02-11 19:35 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-11 19:26 - 2014-02-13 18:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-11 19:26 - 2014-02-13 18:37 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-02-11 19:22 - 2014-02-11 19:26 - 16409960 _____ (Safer Networking Limited ) C:\Users\Izzy\Downloads\spybotsd162 (1).exe
2014-02-11 19:20 - 2014-02-11 19:21 - 16409960 _____ (Safer Networking Limited ) C:\Users\Izzy\Downloads\spybotsd162.exe
2014-02-04 15:58 - 2014-02-04 15:58 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 15:56 - 2014-02-14 07:16 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 15:56 - 2014-02-14 07:08 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-04 15:56 - 2014-02-04 15:57 - 00000000 ____D () C:\Program Files\Google
2014-01-29 22:51 - 2014-02-08 11:34 - 00000000 ____D () C:\Program Files\MediaPlayerV1
2014-01-29 22:51 - 2014-01-29 22:51 - 00000606 __RSH () C:\ProgramData\ntuser.pol
2014-01-27 15:57 - 2014-01-27 15:57 - 00000000 ____D () C:\Users\Izzy\Downloads\Twenty One Pilots - Vessel (2013)
2014-01-26 18:37 - 2014-01-26 18:38 - 00000000 ____D () C:\Users\Izzy\Downloads\The Neighbourhood - I Love You (iTunes Rip) - zeMedia
2014-01-26 18:33 - 2014-01-26 18:33 - 00000000 ____D () C:\Users\Izzy\Downloads\Young The Giant - It's About Time (Single) 2013
2014-01-26 18:32 - 2014-01-26 18:35 - 00000000 ____D () C:\Users\Izzy\Downloads\Young The Giant - Young The Giant (2010)
2014-01-15 06:30 - 2013-11-26 19:19 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 06:30 - 2013-11-26 19:18 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 06:30 - 2013-11-26 19:18 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 06:30 - 2013-11-26 19:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 06:30 - 2013-11-26 19:18 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 06:30 - 2013-11-26 19:18 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 06:30 - 2013-11-26 19:18 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 06:30 - 2013-11-26 05:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 06:30 - 2013-11-26 04:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
2014-02-14 07:20 - 2014-02-14 07:20 - 00017208 _____ () C:\Users\Izzy\Downloads\FRST.txt
2014-02-14 07:20 - 2014-02-14 07:19 - 00000000 ____D () C:\FRST
2014-02-14 07:20 - 2012-07-10 19:19 - 00000000 ____D () C:\iTunes
2014-02-14 07:19 - 2014-02-14 07:19 - 01141248 _____ (Farbar) C:\Users\Izzy\Downloads\FRST.exe
2014-02-14 07:19 - 2012-07-11 10:13 - 00000000 ____D () C:\Users\Izzy\AppData\Roaming\uTorrent
2014-02-14 07:17 - 2012-05-08 14:38 - 01808581 _____ () C:\Windows\WindowsUpdate.log
2014-02-14 07:16 - 2014-02-04 15:56 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-14 07:08 - 2014-02-04 15:56 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-14 06:32 - 2012-05-08 14:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-14 03:35 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-14 03:33 - 2009-07-13 22:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-14 03:33 - 2009-07-13 22:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-14 03:32 - 2010-11-20 15:01 - 00794608 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-14 03:28 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-14 03:27 - 2009-07-13 22:53 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-14 03:27 - 2009-07-13 22:39 - 00048020 _____ () C:\Windows\setupact.log
2014-02-14 03:06 - 2013-07-14 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 03:05 - 2012-07-20 14:43 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-13 18:58 - 2014-02-13 18:41 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-13 18:41 - 2014-02-11 19:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-13 18:41 - 2012-07-10 19:19 - 00074856 _____ () C:\Users\Izzy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-13 18:39 - 2012-07-10 18:09 - 00000000 ____D () C:\Users\Izzy
2014-02-13 18:39 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-02-13 18:38 - 2012-05-08 15:03 - 00000000 ____D () C:\Windows\PCHEALTH
2014-02-13 18:38 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-02-13 18:37 - 2014-02-11 19:43 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-02-13 18:37 - 2014-02-11 19:43 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-02-13 18:37 - 2014-02-11 19:26 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-02-13 18:37 - 2013-12-12 08:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-13 18:37 - 2013-11-24 16:15 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-02-13 18:37 - 2013-10-21 10:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-13 18:37 - 2012-07-10 19:35 - 00000000 ____D () C:\Users\Izzy\AppData\Local\Conduit
2014-02-13 18:37 - 2012-07-10 19:26 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-13 18:37 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\AppCompat
2014-02-13 18:36 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\registration
2014-02-13 18:33 - 2013-10-21 10:35 - 00000000 ____D () C:\Users\Izzy\AppData\Local\Mozilla
2014-02-13 18:33 - 2013-10-21 09:57 - 00000000 ____D () C:\Users\Izzy\AppData\Roaming\Mozilla
2014-02-13 17:37 - 2014-02-13 17:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-02-13 17:30 - 2014-02-13 17:30 - 02604032 _____ () C:\Users\Izzy\Downloads\2C-Remote_Sensing_Ices_on_Mars_Slides.ppt
2014-02-11 20:40 - 2014-02-11 20:40 - 00000000 ____D () C:\Users\Izzy\AppData\Roaming\LavasoftStatistics
2014-02-11 20:40 - 2014-02-11 20:40 - 00000000 ____D () C:\Users\Izzy\AppData\Roaming\Lavasoft
2014-02-11 19:44 - 2014-02-11 19:42 - 00000000 ____D () C:\Program Files\Lavasoft
2014-02-11 19:43 - 2014-02-11 19:43 - 00000000 ____D () C:\Users\Izzy\AppData\Local\adawarebp
2014-02-11 19:43 - 2014-02-11 19:43 - 00000000 ____D () C:\ProgramData\blekko toolbars
2014-02-11 19:39 - 2014-02-11 19:39 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-02-11 19:35 - 2014-02-11 19:35 - 01727624 _____ () C:\Users\Izzy\Downloads\Adaware_Installer.exe
2014-02-11 19:35 - 2014-02-11 19:35 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-11 19:26 - 2014-02-11 19:22 - 16409960 _____ (Safer Networking Limited ) C:\Users\Izzy\Downloads\spybotsd162 (1).exe
2014-02-11 19:21 - 2014-02-11 19:20 - 16409960 _____ (Safer Networking Limited ) C:\Users\Izzy\Downloads\spybotsd162.exe
2014-02-11 16:28 - 2012-07-22 15:04 - 00000000 ____D () C:\Users\Izzy\AppData\Local\AOL
2014-02-08 16:17 - 2010-11-20 15:48 - 00101526 _____ () C:\Windows\PFRO.log
2014-02-08 16:17 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\security
2014-02-08 11:34 - 2014-01-29 22:51 - 00000000 ____D () C:\Program Files\MediaPlayerV1
2014-02-06 04:38 - 2014-02-14 03:09 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 04:20 - 2014-02-14 03:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 04:19 - 2014-02-14 03:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 04:01 - 2014-02-14 03:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 04:00 - 2014-02-14 03:09 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-14 03:09 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 03:52 - 2014-02-14 03:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 03:52 - 2014-02-14 03:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 03:49 - 2014-02-14 03:09 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 03:47 - 2014-02-14 03:09 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 03:47 - 2014-02-14 03:09 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 03:46 - 2014-02-14 03:09 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 03:34 - 2014-02-14 03:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 03:25 - 2014-02-14 03:09 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 03:25 - 2014-02-14 03:09 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 03:13 - 2014-02-14 03:09 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 03:09 - 2014-02-14 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 03:03 - 2014-02-14 03:09 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 02:41 - 2014-02-14 03:09 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 02:36 - 2014-02-14 03:09 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 02:34 - 2014-02-14 03:09 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-05 11:17 - 2013-11-24 16:16 - 00000000 ____D () C:\Users\Izzy\AppData\Local\SwvUpdater
2014-02-04 15:58 - 2014-02-04 15:58 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 15:57 - 2014-02-04 15:56 - 00000000 ____D () C:\Program Files\Google
2014-02-04 15:56 - 2012-07-16 13:43 - 00000000 ____D () C:\Users\Izzy\AppData\Local\Deployment
2014-01-29 22:51 - 2014-01-29 22:51 - 00000606 __RSH () C:\ProgramData\ntuser.pol
2014-01-29 22:51 - 2009-07-13 20:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-01-27 15:57 - 2014-01-27 15:57 - 00000000 ____D () C:\Users\Izzy\Downloads\Twenty One Pilots - Vessel (2013)
2014-01-26 18:38 - 2014-01-26 18:37 - 00000000 ____D () C:\Users\Izzy\Downloads\The Neighbourhood - I Love You (iTunes Rip) - zeMedia
2014-01-26 18:35 - 2014-01-26 18:32 - 00000000 ____D () C:\Users\Izzy\Downloads\Young The Giant - Young The Giant (2010)
2014-01-26 18:33 - 2014-01-26 18:33 - 00000000 ____D () C:\Users\Izzy\Downloads\Young The Giant - It's About Time (Single) 2013
2014-01-25 02:16 - 2012-05-08 14:50 - 00000000 ____D () C:\Program Files\Realtek
2014-01-24 09:18 - 2012-11-25 13:15 - 00000000 ____D () C:\Windows\{69093D49-3DD1-4FB5-A378-0D4DB4CF86EA}
2014-01-23 00:17 - 2013-12-19 00:16 - 00000107 _____ () C:\Users\Izzy\AppData\Roaming\WB.CFG
2014-01-22 15:08 - 2014-01-10 12:51 - 00000000 ____D () C:\Program Files\VideoPlayerV3
2014-01-21 19:11 - 2012-07-10 19:26 - 00001065 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-16 03:20 - 2009-07-13 22:33 - 00321832 _____ () C:\Windows\system32\FNTCACHE.DAT
 
Files to move or delete:
====================
C:\Users\Izzy\jagex_cl_runescape_LIVE.dat
C:\Users\Izzy\jagex_cl_runescape_LIVE1.dat
C:\Users\Izzy\random.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-08 00:13
 
==================== End Of Log ============================
 
 
Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01
Ran by Izzy at 2014-02-14 07:20:38
Running from C:\Users\Izzy\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Trend Micro Client/Server Security Agent Antivirus (Disabled - Up to date) {7193B549-236F-55EE-9AEC-F65279E59A92}
AS: Trend Micro Client/Server Security Agent Anti-spyware (Disabled - Up to date) {CAF254AD-0555-5A60-A05C-CD200262D02F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall (Disabled) {50C2E989-60CF-0845-AFD3-290B7D301E79}
 
==================== Installed Programs ======================
 
µTorrent (HKCU Version: 3.3.1.30017 - BitTorrent Inc.)
µTorrent (Version: 3.2.0 - )
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122 - Adobe Systems, Inc.)
appbario2 Toolbar (Version: 6.8.10.0 - appbario2)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (Version: 8.50.4.0 - Conexant)
Coupon Printer for Windows (Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (Version: 9.5.1.4822 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (Version: 9.5.1.4822 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (Version: 1.3.1 - Dell Inc.)
Dell Client System Update (Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Access (Version: 2.2.00003.008 - Dell Inc.)
Dell Data Protection | Access | Middleware (Version: 1.00.008 - Dell Inc.)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
DellAccess (Version: 01.00.00.149 - Wave Systems Corp.) Hidden
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
EMBASSY Client Core (Version: 01.00.00.055 - Wave Systems Corp.) Hidden
Gemalto (Version: 01.01.01.0000 - Wave Systems Corp) Hidden
Google Chrome (Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (Version: 1.3.23.0 - SaveSense) Hidden <==== ATTENTION
HP Photo Creations (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (Version: 5.002.006.003 - Hewlett-Packard)
Intel® Control Center (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.2.27.0 (Version: 1.2.27.0 - Intel Corporation)
Intel® Management Engine Components (Version: 7.1.50.1172 - Intel Corporation)
Intel® Processor Graphics (Version: 9.17.10.3040 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149 - Intel Corporation)
iTunes (Version: 11.1.1.11 - Apple Inc.)
Java 2 Runtime Environment, SE v1.4.0_01 (Version:  - )
Java Auto Updater (Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java 7 Update 5 (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
Optimizer Pro v3.2 (Version:  - PC Utilities Software Limited) <==== ATTENTION
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PhotoShowExpress (Version: 2.0.063 - Sonic Solutions) Hidden
Preboot Manager (Version: 03.02.00.119 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.00.00.059 - Wave Systems Corp.) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (Version: 1.12.0019 - Realtek)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (Version: 1.3.3 - Roxio) Hidden
Roxio Burn (Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6901 - UPEK Inc.) Hidden
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trend Micro Client/Server Security Agent (Version: 3.5.1163 - Trend Micro)
Trusted Drive Manager (Version: 4.5.0.136 - Wave Systems Corp.) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.)
Viewpoint Media Player (Remove Only) (Version:  - )
Wave Infrastructure Installer (Version: 07.03.60.0020 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.12.00.068 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
13-02-2014 09:00:11 Windows Update
14-02-2014 00:29:09 Restore Operation
14-02-2014 09:00:15 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0EA5C5F7-2F24-4153-B051-473DCAC71FF9} - \BackgroundContainer Startup Task No Task File
Task: {3AB820C4-E4F2-4FD9-A480-928E941432BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-04] (Google Inc.)
Task: {3B077DFB-9073-49A1-AB1A-220E12CAD00F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-04] (Google Inc.)
Task: {3E0C5565-E907-4616-8A33-86467040EEC1} - System32\Tasks\Dell\Client System Update => C:\Program Files\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe [2012-10-11] (Dell Inc.)
Task: {5AD90E5D-712B-4046-BF3F-411DB4CB39C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-21] (Adobe Systems Incorporated)
Task: {6983412E-2238-4553-B3F4-B51C5D6786EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9C207CB0-2D07-423F-B766-E3A11B17C68A} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HpWebReg.exe
Task: {FBDAAAE3-CEA3-441A-98FA-A32C83612054} - System32\Tasks\SaveSense => C:\Users\Izzy\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\Izzy\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-04 15:58 - 2014-02-01 17:41 - 00715592 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 15:58 - 2014-02-01 17:41 - 00100168 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 15:58 - 2014-02-01 17:42 - 04055368 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 15:58 - 2014-02-01 17:42 - 00399688 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 15:58 - 2014-02-01 17:41 - 01634632 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-02-04 15:58 - 2014-02-01 17:42 - 13616456 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: EmbassyService => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: ntrtscan => 2
MSCONFIG\Services: RoxMediaDB12OEM => 3
MSCONFIG\Services: RoxWatch12 => 2
MSCONFIG\Services: SecureStorageService => 3
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: svcGenericHost => 2
MSCONFIG\Services: tcsd_win32.exe => 2
MSCONFIG\Services: TdmService => 2
MSCONFIG\Services: tmlisten => 2
MSCONFIG\Services: TmPfw => 3
MSCONFIG\Services: TmProxy => 3
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: Wave Authentication Manager Service => 2
MSCONFIG\Services: WvPCR => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DBRMTray => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: OfficeScanNT Monitor => "c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TdmNotify => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
MSCONFIG\startupreg: uTorrent => "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/14/2014 07:08:00 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.22.5\SaveSenseLiveHelper.msi
 
Error: (02/14/2014 06:08:00 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.22.5\SaveSenseLiveHelper.msi
 
Error: (02/14/2014 05:08:00 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.22.5\SaveSenseLiveHelper.msi
 
Error: (02/14/2014 04:08:01 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.22.5\SaveSenseLiveHelper.msi
 
Error: (02/14/2014 03:29:06 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/14/2014 03:27:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_LanmanServer, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: SSCORE.DLL, version: 6.1.7601.17514, time stamp: 0x4ce795a6
Exception code: 0xc0000005
Fault offset: 0x00001513
Faulting process id: 0x3f0
Faulting application start time: 0xsvchost.exe_LanmanServer0
Faulting application path: svchost.exe_LanmanServer1
Faulting module path: svchost.exe_LanmanServer2
Report Id: svchost.exe_LanmanServer3
 
Error: (02/14/2014 03:27:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/14/2014 02:08:01 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.22.5\SaveSenseLiveHelper.msi
 
Error: (02/14/2014 01:08:02 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.22.5\SaveSenseLiveHelper.msi
 
Error: (02/14/2014 00:32:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
 
System errors:
=============
Error: (02/14/2014 03:29:53 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: 
%%1056
 
Error: (02/14/2014 03:27:53 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (02/14/2014 03:27:53 AM) (Source: Service Control Manager) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (02/14/2014 03:27:53 AM) (Source: Service Control Manager) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (02/14/2014 03:27:53 AM) (Source: Service Control Manager) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (02/14/2014 03:27:53 AM) (Source: Service Control Manager) (User: )
Description: The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (02/14/2014 03:27:53 AM) (Source: Service Control Manager) (User: )
Description: The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (02/14/2014 03:27:53 AM) (Source: Service Control Manager) (User: )
Description: The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (02/14/2014 03:27:53 AM) (Source: Service Control Manager) (User: )
Description: The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (02/14/2014 03:27:53 AM) (Source: Service Control Manager) (User: )
Description: The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (02/14/2014 07:08:00 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.22.5\SaveSenseLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/14/2014 06:08:00 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.22.5\SaveSenseLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/14/2014 05:08:00 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.22.5\SaveSenseLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/14/2014 04:08:01 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.22.5\SaveSenseLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/14/2014 03:29:06 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/14/2014 03:27:49 AM) (Source: Application Error)(User: )
Description: svchost.exe_LanmanServer6.1.7600.163854a5bc100SSCORE.DLL6.1.7601.175144ce795a6c0000005000015133f001cf2966f7ec4141C:\Windows\system32\svchost.exeC:\Windows\system32\SSCORE.DLL44abdfb3-955a-11e3-ae3e-d4bed9ea00e0
 
Error: (02/14/2014 03:27:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/14/2014 02:08:01 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.22.5\SaveSenseLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/14/2014 01:08:02 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.22.5\SaveSenseLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/14/2014 00:32:37 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files\spybot - search & destroy\DelZip179.dllc:\program files\spybot - search & destroy\DelZip179.dll8
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 75%
Total physical RAM: 1953.06 MB
Available physical RAM: 475.92 MB
Total Pagefile: 3906.12 MB
Available Pagefile: 2204.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.98 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:219.69 GB) (Free:30.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 105BE14C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

the aswMBR crashed after i had successfully downloaded the Avast, and when I opened it again it did not prompt me to download it again, so I'm not sure if the Avast was correctly downloaded. But here is the text after I ran the program:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-14 19:40:31
-----------------------------
19:40:31.157    OS Version: Windows 6.1.7601 Service Pack 1
19:40:31.157    Number of processors: 4 586 0x2A07
19:40:31.158    ComputerName: IZZY-PC  UserName: Izzy
19:40:32.431    Initialize success
19:40:50.489    AVAST engine defs: 14021401
19:41:01.871    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:41:01.884    Disk 0 Vendor: WDC_WD2500AAKX-753CA1 19.01H19 Size: 238475MB BusType: 3
19:41:02.126    Disk 0 MBR read successfully
19:41:02.129    Disk 0 MBR scan
19:41:02.135    Disk 0 Windows VISTA default MBR code
19:41:02.141    Disk 0 Partition 1 00     DE Dell Utility DELL 4.1       39 MB offset 63
19:41:02.204    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        13468 MB offset 81920
19:41:02.221    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       224964 MB offset 27664384
19:41:02.228    Disk 0 scanning sectors +488390656
19:41:02.341    Disk 0 scanning C:\Windows\system32\drivers
19:41:18.203    Service scanning
19:41:50.251    Modules scanning
19:41:59.626    Disk 0 trace - called modules:
19:41:59.974    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys 
19:41:59.981    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a45770]
19:41:59.987    3 CLASSPNP.SYS[88bb759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84c0e908]
19:42:01.334    AVAST engine scan C:\Windows
19:42:03.507    AVAST engine scan C:\Windows\system32
19:44:34.656    AVAST engine scan C:\Windows\system32\drivers
19:44:46.957    AVAST engine scan C:\Users\Izzy
19:45:18.529    Disk 0 MBR has been saved successfully to "C:\Users\Izzy\Desktop\MBR.dat"
19:45:18.531    The log file has been saved successfully to "C:\Users\Izzy\Desktop\aswMBR.txt"
Link to post
Share on other sites

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

appbario2 Toolbar
µTorrent
µTorrent
Coupon Printer for Windows
Google Update Helper
Optimizer Pro v3.2


Close the window.

 

 

 

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    AppInit_DLLs: c:\progra~2\bprote~1\22463~1.83\protec~1.dll => File Not FoundGroupPolicy: Group Policy on Chrome detected <======= ATTENTIONURLSearchHook: HKLM - appbario2 Toolbar - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files\appbario2\prxtbappb.dll (Conduit Ltd.)URLSearchHook: HKCU - appbario2 Toolbar - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files\appbario2\prxtbappb.dll (Conduit Ltd.)SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKCU - DefaultScope {F6B5879A-9FAA-4B33-BC95-599E81BDFFCF} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =SearchScopes: HKCU - {C980AF10-42FF-4595-B50A-10F47877091D} URL =SearchScopes: HKCU - {F6B5879A-9FAA-4B33-BC95-599E81BDFFCF} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ URL =BHO: appbario2 Toolbar - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files\appbario2\prxtbappb.dll (Conduit Ltd.)Toolbar: HKLM - appbario2 Toolbar - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files\appbario2\prxtbappb.dll (Conduit Ltd.)Toolbar: HKCU - appbario2 Toolbar - {CDF97EE2-DED0-4369-835E-99DD08225FA5} - C:\Program Files\appbario2\prxtbappb.dll (Conduit Ltd.)FF HKLM\...\Firefox\Extensions: [ext@VideoPlayerV3beta922.net] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta922\ffFF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtensionCHR HKLM\...\Chrome\Extension: [icmijdhkcgeclpfjmibnginbbkfcbpep] - C:\Program Files\SearchGBY\Extensions\Chrome\searchgby.chrome.v0.9.55.crx [2012-07-10]CHR HKLM\...\Chrome\Extension: [lbkfjlnghfiieehhopcakfghomogakab] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha319\ch\WebexpEnhancedV1alpha319.crx [2012-07-10]CHR HKLM\...\Chrome\Extension: [lmpfhbjdcnifodplgpfampodfikbmnjf] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta922\ch\VideoPlayerV3beta922.crx [2012-07-10]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONS2 OutfoxTvServiceC:\Program Files\appbario2C:\ProgramData\bProtectorForWindowsC:\Program Files\SearchGBYC:\Program Files\WebexpEnhancedV1C:\Program Files\VideoPlayerV3C:\Program Files\OutfoxTVC:\ProgramData\blekko toolbarsC:\ProgramData\ntuser.polC:\Users\Izzy\jagex_cl_runescape_LIVE.datC:\Users\Izzy\jagex_cl_runescape_LIVE1.datC:\Users\Izzy\random.datC:\Users\Izzy\AppData\Roaming\SAVESE~1C:\Windows\Tasks\SaveSense.jobAlternateDataStreams: C:\ProgramData\Temp:373E1720
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

Link to post
Share on other sites

When I try to uninstall the appbario toolbar, nothing happens. No message pops up or uninstall wizard appears. I cannot uninstall it.

 

When I search for the Google Update Helper, no program is found. 

 

When I try to uninstall Optimizer Pro, I get this message: 

Message file "C:\ Program Files\ Optimizer Pro\unins000.msg" is missing. Please correct the problem or obtain a new copy of the program.

 

uTorrent and Coupon Printer have been uninstalled.

 

Thank you for your help, by the way!

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-02-2014 01

Ran by Izzy at 2014-02-22 14:55:01 Run:1

Running from C:\Users\Izzy\Desktop

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

AppInit_DLLs: c:\progra~2\bprote~1\22463~1.83\protec~1.dll => File Not Found

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

URLSearchHook: HKLM - appbario2 Toolbar - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files\appbario2\prxtbappb.dll (Conduit Ltd.)

URLSearchHook: HKCU - appbario2 Toolbar - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files\appbario2\prxtbappb.dll (Conduit Ltd.)

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - DefaultScope {F6B5879A-9FAA-4B33-BC95-599E81BDFFCF} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975

SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =

SearchScopes: HKCU - {C980AF10-42FF-4595-B50A-10F47877091D} URL =

SearchScopes: HKCU - {F6B5879A-9FAA-4B33-BC95-599E81BDFFCF} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227975

SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ URL =

BHO: appbario2 Toolbar - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files\appbario2\prxtbappb.dll (Conduit Ltd.)

Toolbar: HKLM - appbario2 Toolbar - {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files\appbario2\prxtbappb.dll (Conduit Ltd.)

Toolbar: HKCU - appbario2 Toolbar - {CDF97EE2-DED0-4369-835E-99DD08225FA5} - C:\Program Files\appbario2\prxtbappb.dll (Conduit Ltd.)

FF HKLM\...\Firefox\Extensions: [ext@VideoPlayerV3beta922.net] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta922\ff

FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension

CHR HKLM\...\Chrome\Extension: [icmijdhkcgeclpfjmibnginbbkfcbpep] - C:\Program Files\SearchGBY\Extensions\Chrome\searchgby.chrome.v0.9.55.crx [2012-07-10]

CHR HKLM\...\Chrome\Extension: [lbkfjlnghfiieehhopcakfghomogakab] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha319\ch\WebexpEnhancedV1alpha319.crx [2012-07-10]

CHR HKLM\...\Chrome\Extension: [lmpfhbjdcnifodplgpfampodfikbmnjf] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta922\ch\VideoPlayerV3beta922.crx [2012-07-10]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

S2 OutfoxTvService

 

C:\Program Files\appbario2

C:\ProgramData\bProtectorForWindows

C:\Program Files\SearchGBY

C:\Program Files\WebexpEnhancedV1

C:\Program Files\VideoPlayerV3

C:\Program Files\OutfoxTV

C:\ProgramData\blekko toolbars

C:\ProgramData\ntuser.pol

C:\Users\Izzy\jagex_cl_runescape_LIVE.dat

C:\Users\Izzy\jagex_cl_runescape_LIVE1.dat

C:\Users\Izzy\random.dat

C:\Users\Izzy\AppData\Roaming\SAVESE~1

C:\Windows\Tasks\SaveSense.job

 

AlternateDataStreams: C:\ProgramData\Temp:373E1720

*****************

 

"c:\\progra~2\\bprote~1\\22463~1.83\\protec~1.dll" => Value Data removed successfully.

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cdf97ee2-ded0-4369-835e-99dd08225fa5} => Value deleted successfully.

HKCR\CLSID\{cdf97ee2-ded0-4369-835e-99dd08225fa5} => Key deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cdf97ee2-ded0-4369-835e-99dd08225fa5} => Value deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C980AF10-42FF-4595-B50A-10F47877091D} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{C980AF10-42FF-4595-B50A-10F47877091D} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F6B5879A-9FAA-4B33-BC95-599E81BDFFCF} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{F6B5879A-9FAA-4B33-BC95-599E81BDFFCF} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ => Key not found.

HKCR\Wow6432Node\CLSID\ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdf97ee2-ded0-4369-835e-99dd08225fa5} => Key deleted successfully.

HKCR\CLSID\{cdf97ee2-ded0-4369-835e-99dd08225fa5} => Key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{cdf97ee2-ded0-4369-835e-99dd08225fa5} => Value deleted successfully.

HKCR\CLSID\{cdf97ee2-ded0-4369-835e-99dd08225fa5} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CDF97EE2-DED0-4369-835E-99DD08225FA5} => Value deleted successfully.

HKCR\CLSID\{CDF97EE2-DED0-4369-835E-99DD08225FA5} => Key not found.

HKLM\Software\Mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta922.net => Value deleted successfully.

HKCU\Software\Mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df} => Value deleted successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep => Key deleted successfully.

C:\Program Files\SearchGBY\Extensions\Chrome\searchgby.chrome.v0.9.55.crx => Moved successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\lbkfjlnghfiieehhopcakfghomogakab => Key deleted successfully.

"C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha319\ch\WebexpEnhancedV1alpha319.crx" => File/Directory not found.

HKLM\SOFTWARE\Google\Chrome\Extensions\lmpfhbjdcnifodplgpfampodfikbmnjf => Key deleted successfully.

"C:\Program Files\VideoPlayerV3\VideoPlayerV3beta922\ch\VideoPlayerV3beta922.crx" => File/Directory not found.

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

C:\Program Files\appbario2 => Moved successfully.

"C:\ProgramData\bProtectorForWindows" => File/Directory not found.

C:\Program Files\SearchGBY => Moved successfully.

"C:\Program Files\WebexpEnhancedV1" => File/Directory not found.

C:\Program Files\VideoPlayerV3 => Moved successfully.

"C:\Program Files\OutfoxTV" => File/Directory not found.

C:\ProgramData\blekko toolbars => Moved successfully.

C:\ProgramData\ntuser.pol => Moved successfully.

C:\Users\Izzy\jagex_cl_runescape_LIVE.dat => Moved successfully.

C:\Users\Izzy\jagex_cl_runescape_LIVE1.dat => Moved successfully.

C:\Users\Izzy\random.dat => Moved successfully.

"C:\Users\Izzy\AppData\Roaming\SAVESE~1" => File/Directory not found.

C:\Windows\Tasks\SaveSense.job => Moved successfully.

C:\ProgramData\Temp => ":373E1720" ADS removed successfully.

 

 

The system needs a manual reboot. 

 

==== End of Fixlog ====

Link to post
Share on other sites

Please reboot into windows.

 

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Link to post
Share on other sites

no. I did a system restore before I originally posted in this thread. I was asking for help on how to get malwarebytes back as well as how to get rid of the malware infecting my system. I restored my system on the 13th, the day I first posted this topic. However, I have noticed that all of the popups and advertising are gone due to running the FRST fix. From what I can see, my problem has been solved

Link to post
Share on other sites

no. I did a system restore before I originally posted in this thread. I was asking for help on how to get malwarebytes back as well as how to get rid of the malware infecting my system. I restored my system on the 13th, the day I first posted this topic. However, I have noticed that all of the popups and advertising are gone due to running the FRST fix. From what I can see, my problem has been solved

Link to post
Share on other sites

Uninstall Malwarebytes antimalware and reinstall it using the tutorial below:

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.03.03.01

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 11.0.9600.16518

Izzy :: IZZY-PC [administrator]

 

3/2/2014 7:54:20 PM

mbam-log-2014-03-02 (19-54-20).txt

 

Scan type: Full scan (C:\|D:\|E:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 402669

Time elapsed: 1 hour(s), 2 minute(s), 31 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKCU\Software\AppDataLow\Software\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.