1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Very Bad system performance.

Discussion in 'Virus & Other Malware Removal' started by Space767, Jan 20, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. Space767

    Space767 Thread Starter

    Joined:
    Dec 22, 2010
    Messages:
    14
    My system runs very bad after reboot or restart it takes forever to start simple google/chrome or firefox.
    Tried to clean cache or cookies nothing helps.
    I can't see if there is some kinda program that takes all usage off processor and or which program.
    I run virus and mallware protection and they find/found no isseu's
    please help?

    I run this system
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 8.1 Pro, 32 bit
    Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz, x64 Family 6 Model 23 Stepping 10
    Processor Count: 2
    RAM: 2045 Mb
    Graphics Card: NVIDIA GeForce GT 620, 1024 Mb
    Hard Drives: C: Total - 1907726 MB, Free - 1376563 MB;
    Motherboard: Dell Inc., 0T656F
    Antivirus: Windows Defender, Disabled

    oke nice i see that my windows defender is disabled while when i look at the program it states pc protected

    Help what now?
     
  2. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    Hi Space767

    Welcome to Tech Support Guy. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
    • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
    • All of the assistants and staff at Tech Support Guy are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
    • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
    • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
    • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
    • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
    • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

      - Save ALL Tools to your Desktop-
      All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

      Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
      [​IMG]Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.[​IMG] Choose Settings. at the bottom of the screen click the
      "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
      [​IMG]Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. [​IMG] Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
      and the click the "Select Folder" button. Click OK to get out of the Options menu.
      [​IMG]Internet Explorer - Click the Tools menu in the upper right-corner of the browser. [​IMG] Select View downloads. Select the Options link in the lower left of the window. Click Browse and
      select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
      NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
    Let's get started....

    Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.
    • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • If an update is available, the program will inform you and download the update. Allow it do this please.
    • Once the tool shows "The tool is ready to use." message, please press the Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
     
  3. Space767

    Space767 Thread Starter

    Joined:
    Dec 22, 2010
    Messages:
    14
    Hi dbreeze,

    txs in advanced here is the frst.txt and addition.txt in my reply


    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
    Ran by space_000 (administrator) on APP4 on 23-01-2015 21:47:24
    Running from C:\Users\space_000\Downloads
    Loaded Profiles: space_000 (Available profiles: space_000 & space_001 & kaya)
    Platform: Microsoft Windows 8.1 Pro (X86) OS Language: English (United Kingdom)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x86__8wekyb3d8bbwe\livecomm.exe
    (Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [spc1030] => C:\WINDOWS\vspc1030.exe [684032 2008-02-22] (Sonix)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
    HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\Run: [kX Mixer] => C:\Program Files\kX Project\kxmixer.exe [418888 2010-12-18] (Eugene Gavrilov)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
    HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKU\S-1-5-21-1392353723-3194137103-1205734640-1005\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
    HKU\S-1-5-21-1392353723-3194137103-1205734640-1005\...\RunOnce: [Application Restart #0] => C:\Program Files\Google\Chrome\Application\chrome.exe [843592 2015-01-21] (Google Inc.)
    AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll => C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll File Not Found

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1392353723-3194137103-1205734640-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKU\S-1-5-21-1392353723-3194137103-1205734640-1005 -> {09C7CD9E-A87F-49F2-8F55-A3C83B809686} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10853
    SearchScopes: HKU\S-1-5-21-1392353723-3194137103-1205734640-1005 -> {727502AC-766B-4DD7-8B98-5BFB6204DAE4} URL = http://search.findwide.com/serp?guid={9C873C8B-A9E3-42BA-8BE5-510E8B369DCD}&action=default_search&serpv=22&k={searchTerms}
    BHO: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 212.54.40.25 212.54.44.54

    FireFox:
    ========
    FF ProfilePath: C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default
    FF NewTab:
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF user.js: detected! => C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\user.js
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
    FF Extension: Freecorder - C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\Extensions\[email protected] [2014-10-21]
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-10-03]
    FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
    FF Extension: Adobe Contribute Toolbar - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013-01-29]

    Chrome:
    =======
    CHR Profile: C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-13]
    CHR Extension: (Google Drive) - C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-06]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
    CHR Extension: (YouTube) - C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-06]
    CHR Extension: (Firebug Lite for Google Chrome) - C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2013-03-06]
    CHR Extension: (Adblock Plus) - C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-03-06]
    CHR Extension: (Google Search) - C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-06]
    CHR Extension: (Internet Radio Recorder) - C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dakcgnkeibbhgbmjpneeaengmfndgimf [2014-10-21]
    CHR Extension: (WAV Player for GMail™) - C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifjdgcbahemgdkfjihbcoidnmnjjnhoo [2014-08-19]
    CHR Extension: (Drupal for Chrome) - C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\imlijcpfmhmifofiihbofoamohkdbblc [2013-03-06]
    CHR Extension: (Media Player) - C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjhemcahlhoapagccjbikfkbdfnpjgie [2014-08-19]
    CHR Extension: (SoundCloud Mix My Trip) - C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjdndaifgbnhjefbblkjjneeaebocaf [2013-06-11]
    CHR Extension: (Skype Click to Call) - C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-20]
    CHR Extension: (Mixcloud Downloader - Technowise) - C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpegpbkoopngdajnepdppcbnahimaaf [2013-06-11]
    CHR Extension: (Google Wallet) - C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
    CHR Extension: (ScriptSafe) - C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2013-03-06]
    CHR Extension: (Gmail) - C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-06]
    CHR HKLM\...\Chrome\Extension: [gpicboiclhmnllnjdcfcffifpoaebgkm] - C:\Program Files\Freecorder extension\Freecorder.crx [Not Found]
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
    R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
    S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
    S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
    S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
    S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1222144 2014-07-24] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
    S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
    R3 kxwdmdrv; C:\WINDOWS\system32\drivers\kx.sys [445512 2010-12-18] (Eugene Gavrilov)
    R1 MpKsldececaa4; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{95BC30DF-21FB-4745-B392-2BDC5F2C4098}\MpKsldececaa4.sys [39464 2015-01-23] (Microsoft Corporation)
    S3 netr28u; C:\WINDOWS\system32\DRIVERS\netr28u.sys [1696528 2013-06-18] (Ralink Technology Corp.)
    R3 phaudlwr; C:\WINDOWS\system32\DRIVERS\phaudlwr.sys [89648 2009-10-20] (Philips Applied Technologies)
    R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys [472792 2015-01-15] (IBM Corp.)
    R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2014-12-22] (IBM Corp.)
    R0 RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [208856 2014-12-22] (IBM Corp.)
    R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-12-22] (IBM Corp.)
    R3 SPC1030; C:\WINDOWS\system32\DRIVERS\spc1030.sys [3035776 2008-06-11] ()
    R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
    R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
    S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-23 21:47 - 2015-01-23 21:48 - 00016247 _____ () C:\Users\space_000\Downloads\FRST.txt
    2015-01-23 21:46 - 2015-01-23 21:47 - 00000000 ____D () C:\FRST
    2015-01-23 21:46 - 2015-01-23 21:46 - 01118208 _____ (Farbar) C:\Users\space_000\Downloads\FRST.exe
    2015-01-20 08:40 - 2015-01-20 08:40 - 00509440 _____ (Tech Support Guy System) C:\Users\space_000\Downloads\SysInfo.exe
    2015-01-17 13:22 - 2015-01-12 13:10 - 96213031 ____N () C:\Users\space_000\Desktop\KiNK Boiler Room Moscow Live Set.wma
    2015-01-14 12:13 - 2014-12-12 02:34 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
    2015-01-14 12:13 - 2014-12-12 01:46 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
    2015-01-14 12:13 - 2014-12-09 04:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2015-01-14 12:13 - 2014-12-08 20:46 - 00485544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2015-01-14 12:13 - 2014-12-08 20:46 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
    2015-01-14 12:13 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2015-01-14 12:13 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
    2015-01-14 12:13 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
    2015-01-14 12:13 - 2014-12-06 03:36 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
    2015-01-14 12:13 - 2014-12-06 02:28 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
    2015-01-14 12:13 - 2014-12-06 02:23 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2015-01-14 12:13 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2015-01-14 12:13 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2015-01-14 12:13 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2015-01-14 12:13 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2015-01-14 12:13 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2015-01-14 12:13 - 2014-10-29 04:07 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2015-01-14 12:13 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
    2015-01-14 12:13 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
    2015-01-14 12:13 - 2014-10-29 01:49 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2015-01-14 12:12 - 2014-12-19 06:46 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2015-01-13 19:42 - 2015-01-22 19:42 - 03353776 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
    2015-01-07 17:58 - 2015-01-07 18:00 - 656134330 _____ () C:\Users\space_000\Downloads\unbroken Dub.wav
    2015-01-07 15:12 - 2015-01-07 15:12 - 97501528 _____ () C:\Users\space_000\Downloads\KiNK Boiler Room Moscow Live Set.aac
    2015-01-04 20:58 - 2015-01-04 21:04 - 00000000 ____D () C:\Users\space_000\Documents\passwords
    2015-01-04 09:44 - 2015-01-04 09:44 - 00003108 _____ () C:\Users\space_000\Downloads\nebnvnf.htm
    2014-12-26 10:31 - 2014-12-26 10:32 - 109829936 _____ (Apple Inc.) C:\Users\space_000\Downloads\iTunesSetup.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-23 21:42 - 2013-02-04 00:06 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-01-23 21:41 - 2013-08-22 08:23 - 00400463 _____ () C:\WINDOWS\setupact.log
    2015-01-23 21:28 - 2013-10-27 01:41 - 01104825 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-01-23 21:02 - 2013-01-29 18:58 - 00000904 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-23 21:00 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-01-23 06:34 - 2012-07-26 07:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2015-01-23 06:33 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
    2015-01-23 04:04 - 2013-01-29 19:00 - 00002149 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-01-22 07:52 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2015-01-22 07:44 - 2013-10-27 10:24 - 00000000 ___DO () C:\Users\space_000\SkyDrive
    2015-01-22 07:42 - 2013-08-22 08:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-01-22 07:41 - 2013-11-16 08:29 - 00000000 ____D () C:\WINDOWS\Minidump
    2015-01-22 07:41 - 2013-10-27 01:42 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-01-22 07:41 - 2013-01-23 08:27 - 00064000 ____N () C:\WINDOWS\Minidump\012215-27281-01.dmp
    2015-01-21 21:47 - 2013-10-27 01:47 - 00000000 ____D () C:\Users\space_000
    2015-01-20 21:56 - 2013-02-17 21:00 - 02803712 ___SH () C:\Users\space_000\Downloads\Thumbs.db
    2015-01-20 10:28 - 2013-03-01 11:26 - 00000000 ____D () C:\Users\space_000\AppData\Roaming\Skype
    2015-01-20 07:26 - 2014-10-03 19:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-01-20 07:16 - 2013-01-23 08:27 - 00064512 ____N () C:\WINDOWS\Minidump\012015-36968-01.dmp
    2015-01-19 22:32 - 2014-12-12 00:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2015-01-19 22:32 - 2014-12-12 00:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2015-01-18 05:19 - 2013-08-13 20:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-01-18 05:03 - 2013-01-29 22:54 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-01-15 07:28 - 2013-09-15 02:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
    2015-01-14 23:07 - 2013-08-22 07:13 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
    2015-01-07 11:06 - 2014-12-22 19:53 - 00000000 ____D () C:\Users\space_000\Desktop\BRITT
    2015-01-07 10:14 - 2013-12-17 21:09 - 00000000 ____D () C:\Users\space_000\AppData\Roaming\Apple Computer
    2015-01-06 01:03 - 2013-02-12 09:50 - 00000000 ____D () C:\Users\space_000\AppData\Local\PokerStars.EU
    2015-01-03 16:39 - 2013-02-03 22:30 - 00000000 ____D () C:\Program Files\PokerStars.EU
    2014-12-31 12:13 - 2013-01-29 22:56 - 00249488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2014-12-31 08:37 - 2014-08-20 06:16 - 00000000 ____D () C:\Users\space_000\AppData\Local\Adobe

    Some content of TEMP:
    ====================
    C:\Users\space_000\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\space_000\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\space_000\AppData\Local\Temp\nvStInst.exe
    C:\Users\space_000\AppData\Local\Temp\Quarantine.exe
    C:\Users\space_000\AppData\Local\Temp\SkypeSetup.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-22 08:33

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
    Ran by space_000 at 2015-01-23 21:48:36
    Running from C:\Users\space_000\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
    Adobe Creative Suite 5 Master Collection (HKLM\...\{FBB02B04-C034-4382-A3F6-57416E2752C4}) (Version: 5.0 - Adobe Systems Incorporated)
    Adobe Flash Player 10 ActiveX (HKLM\...\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}) (Version: 10.1.52.14 - Adobe Systems, Inc.)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
    Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) - Nederlands (HKLM\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Cartes du Ciel (HKLM\...\Cartes du Ciel) (Version: - )
    Data Lifeguard Diagnostic for Windows 1.27 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
    eMule (HKLM\...\eMule) (Version: - )
    Full Tilt Poker.Eu (HKLM\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 4.55.4.WIN.FullTilt.EU - )
    Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
    iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
    Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
    Microsoft Flight Simulator X Demo (HKLM\...\InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}) (Version: 10.0.60905 - Microsoft Game Studios)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Monkey's Audio (HKLM\...\Monkey's Audio_is1) (Version: - )
    Mozilla Firefox 32.0.2 (x86 nl) (HKLM\...\Mozilla Firefox 32.0.2 (x86 nl)) (Version: 32.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    Nero 12 (HKLM\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
    NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
    NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
    PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
    Philips SPC1030NC Webcam (HKLM\...\{26216D96-B03D-4B8A-9979-D91C71241B70}) (Version: 1.00.000 - Philips)
    PokerStars.eu (HKLM\...\PokerStars.eu) (Version: - PokerStars.eu)
    Prerequisite installer (Version: 12.0.0002 - Nero AG) Hidden
    PxMergeModule (Version: 1.00.0000 - Your Company Name) Hidden
    QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Rapport (Version: 3.5.1404.61 - Trusteer) Hidden
    SketchUp 2014 (HKLM\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
    Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Stellar Phoenix Windows Data Recovery - Home (HKLM\...\Stellar Phoenix Windows Data Recovery - Home_is1) (Version: 6.0.0.1 - Stellar Information Technology Pvt Ltd.)
    Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1404.61 - Trusteer)
    Welcome App (Start-up experience) (Version: 12.0.14000 - Nero AG) Hidden
    Win32DiskImager version 0.9.5 (HKLM\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
    Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
    Windows Driver Package - Philips CL (phaudlwr) MEDIA (06/02/2008 1.0.5.12) (HKLM\...\10F7630C78CC9B1F315B5FA216ECB493C3ACD3E5) (Version: 06/02/2008 1.0.5.12 - Philips CL)
    WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    06-01-2015 04:09:11 Scheduled Checkpoint
    14-01-2015 12:43:42 Windows Update
    18-01-2015 05:00:57 Windows Update
    23-01-2015 06:31:34 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-26 05:17 - 2013-01-29 21:57 - 00000922 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1A2E6441-2600-4B19-93B2-2E4E13C6CD16} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-18] (Microsoft Corporation)
    Task: {262CCF92-24F8-4E66-9E28-DC42A79AD580} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1392353723-3194137103-1205734640-1005
    Task: {483C3109-95DD-41C3-8273-64F41DE9B593} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-29] (Google Inc.)
    Task: {49D56676-8C1E-40EF-AB85-8A898632DF26} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
    Task: {5846F25A-E302-4F47-A521-005F736E9B94} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
    Task: {9CC40F64-FEF3-4B98-B60B-A19628775B2C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
    Task: {A2AC1CA4-450E-439A-889F-3D0F7752C68B} - System32\Tasks\{EEED71EE-9280-4909-808C-3453DF5A4082} => pcalua.exe -a D:\Autorun.exe -d D:\
    Task: {AA2ADF7C-4959-43AE-B8B6-0B0106122466} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
    Task: {B8890498-3346-4804-A4E3-E9AB2D357DCE} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
    Task: {C499D60A-81C7-4B16-A425-55AF0CEB919B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-22] (Adobe Systems Incorporated)
    Task: {CBBAFB2C-0B8C-4894-9388-03765FEA0295} - System32\Tasks\{7F35B292-FE62-406C-8A09-F95F8B561997} => pcalua.exe -a C:\Users\space_000\AppData\Local\TNT2\2.0.0.1868\TNT2User.exe -c /UNINSTALL PARTNER=10853
    Task: {E613D8AD-1BBA-4FDC-A975-4FF51F4D433F} - System32\Tasks\[email protected] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
    Task: {EA44D983-85E0-443C-A45F-F33B568BB511} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
    Task: {EE2E1016-4C70-431C-971A-9A67DE21C1AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-29] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-10-27 01:41 - 2014-03-04 13:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
    2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-01-23 04:03 - 2015-01-21 04:50 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
    2015-01-23 04:03 - 2015-01-21 04:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.91\libegl.dll
    2015-01-23 04:03 - 2015-01-21 04:50 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.91\pdf.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\space_000\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\space_001.APP4.004\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run: => "AdobeCS5ServiceManager"
    HKLM\...\StartupApproved\Run: => "Adobe ARM"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run: => "SwitchBoard"
    HKLM\...\StartupApproved\Run: => "WinampAgent"
    HKLM\...\StartupApproved\Run: => "APSDaemon"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "QuickTime Task"
    HKU\S-1-5-21-1392353723-3194137103-1205734640-1005\...\StartupApproved\Run: => "ApplePhotoStreams"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1392353723-3194137103-1205734640-500 - Administrator - Disabled)
    Guest (S-1-5-21-1392353723-3194137103-1205734640-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1392353723-3194137103-1205734640-1007 - Limited - Enabled)
    kaya (S-1-5-21-1392353723-3194137103-1205734640-1009 - Limited - Enabled) => C:\Users\kaya
    space_000 (S-1-5-21-1392353723-3194137103-1205734640-1005 - Administrator - Enabled) => C:\Users\space_000
    space_001 (S-1-5-21-1392353723-3194137103-1205734640-1008 - Administrator - Enabled) => C:\Users\space_001.APP4.004

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/23/2015 06:39:30 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
    Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/23/2015 06:39:30 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/23/2015 06:39:30 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
    Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/23/2015 06:39:30 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
    Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/23/2015 06:39:30 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
    Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/23/2015 06:39:29 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
    Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/23/2015 06:39:29 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
    Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/23/2015 06:39:29 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/23/2015 06:39:28 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
    Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (01/23/2015 06:39:28 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
    Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
    Please use sxstrace.exe for detailed diagnosis.


    System errors:
    =============
    Error: (01/22/2015 07:56:55 AM) (Source: DCOM) (EventID: 10010) (User: APP4)
    Description: Windows.Store

    Error: (01/22/2015 07:41:10 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
    Description: 32212254735864588865492316

    Error: (01/22/2015 07:41:52 AM) (Source: BugCheck) (EventID: 1001) (User: )
    Description: 0x000000a0 (0x00000107, 0x0000000a, 0x8a3c8ee0, 0x00000000)C:\WINDOWS\Minidump\012215-27281-01.dmp012215-27281-01

    Error: (01/22/2015 07:41:51 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 21:16:46 on &#8206;21/&#8206;01/&#8206;2015 was unexpected.

    Error: (01/21/2015 09:47:53 PM) (Source: DCOM) (EventID: 10010) (User: APP4)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (01/21/2015 09:47:53 PM) (Source: DCOM) (EventID: 10010) (User: APP4)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (01/21/2015 09:47:53 PM) (Source: DCOM) (EventID: 10010) (User: APP4)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (01/21/2015 09:47:53 PM) (Source: DCOM) (EventID: 10010) (User: APP4)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (01/21/2015 09:47:53 PM) (Source: DCOM) (EventID: 10010) (User: APP4)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (01/21/2015 09:47:53 PM) (Source: DCOM) (EventID: 10010) (User: APP4)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


    Microsoft Office Sessions:
    =========================
    Error: (01/23/2015 06:39:30 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files\Adobe\adobe soundbooth cs5\Setup\resources\libraries\ARKEngine.dll

    Error: (01/23/2015 06:39:30 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Adobe\adobe soundbooth cs5\Setup\resources\libraries\Adobe_Helperx64.exe

    Error: (01/23/2015 06:39:30 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files\Adobe\adobe soundbooth cs5\Setup\resources\libraries\ARKCmdDefrag.dll

    Error: (01/23/2015 06:39:30 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files\Adobe\adobe soundbooth cs5\setuproyalty\resources\libraries\ARKCmdFS.dll

    Error: (01/23/2015 06:39:30 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files\Adobe\adobe soundbooth cs5\setuproyalty\resources\libraries\ARKCmdCaps.dll

    Error: (01/23/2015 06:39:29 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files\Adobe\adobe soundbooth cs5\Setup\resources\libraries\ARKCmdFS.dll

    Error: (01/23/2015 06:39:29 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files\Adobe\adobe soundbooth cs5\Setup\resources\libraries\ARKCmdCaps.dll

    Error: (01/23/2015 06:39:29 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Adobe\adobe soundbooth cs5\setuproyalty\resources\libraries\Adobe_Helperx64.exe

    Error: (01/23/2015 06:39:28 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files\Adobe\adobe soundbooth cs5\setuproyalty\resources\libraries\ARKEngine.dll

    Error: (01/23/2015 06:39:28 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"c:\program files\Adobe\adobe soundbooth cs5\setuproyalty\resources\libraries\ARKCmdDefrag.dll


    CodeIntegrity Errors:
    ===================================
    Date: 2015-01-15 13:11:38.254
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-01-15 13:11:38.237
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-16 07:50:27.007
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-16 07:50:26.945
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-16 07:50:26.747
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-16 07:50:26.682
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-16 07:50:26.502
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-16 07:50:26.423
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-16 07:50:26.237
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2014-12-16 07:50:26.164
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
    Percentage of memory in use: 67%
    Total physical RAM: 2045.96 MB
    Available physical RAM: 674.36 MB
    Total Pagefile: 4093.96 MB
    Available Pagefile: 1686.13 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1867.2 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:1863.01 GB) (Free:1341.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 31AA4FA6)
    Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  4. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    Your logs look very clean but there are a few items to take care of .....

    FIRST, a note

    You could use some more memory. 2GB is a little low for Win8.1 (I know that MS says 1GB for x86 and Win8.1 but that is usually for bare processing). Your Page File and Virtual Memory are both at 66~70% used so you could increase those and get somewhat of a better performance.


    SECOND, Fixlist script run


    Download the attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST by right clicking on the FRST.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

    The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.


    THIRD, CKScanner scan

    Download CKScanner from here

    Important : Save it to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • After a very short time, when the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


    Information to Reply with >>>>
    • The Fixlog.txt file
    • THe CKFiles.txt file
    • How is your system running now?
     

    Attached Files:

  5. Space767

    Space767 Thread Starter

    Joined:
    Dec 22, 2010
    Messages:
    14
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-01-2015 01
    Ran by space_000 at 2015-01-24 19:20:22 Run:1
    Running from C:\Users\space_000\Downloads
    Loaded Profiles: space_000 (Available profiles: space_000 & space_001 & kaya)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll => C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll File Not Found
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKU\S-1-5-21-1392353723-3194137103-1205734640-1005 -> {727502AC-766B-4DD7-8B98-5BFB6204DAE4} URL = http://search.findwide.com/serp?guid={9C873C8B-A9E3-42BA-8BE5-510E8B369DCD}&action=default_search&serpv=22&k={searchTerms}
    FF Extension: Freecorder - C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.defaul t\Extensions\[email protected] [2014-10-21]
    Task: {A2AC1CA4-450E-439A-889F-3D0F7752C68B} - System32\Tasks\{EEED71EE-9280-4909-808C-3453DF5A4082} => pcalua.exe -a D:\Autorun.exe -d D:\
    Task: {B8890498-3346-4804-A4E3-E9AB2D357DCE} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
    Task: {CBBAFB2C-0B8C-4894-9388-03765FEA0295} - System32\Tasks\{7F35B292-FE62-406C-8A09-F95F8B561997} => pcalua.exe -a C:\Users\space_000\AppData\Local\TNT2\2.0.0.1868\TNT2User.exe -c /UNINSTALL PARTNER=10853
    C:\Users\space_000\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\space_000\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\space_000\AppData\Local\Temp\nvStInst.exe
    C:\Users\space_000\AppData\Local\Temp\Quarantine.exe
    C:\Users\space_000\AppData\Local\Temp\SkypeSetup.exe
    C:\Program Files\YourFileDownloader
    Hosts:
    EmptyTemp:
    Reboot:
    end

    *****************

    Restore point was successfully created.
    Processes closed successfully.
    "C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll" => Value Data removed successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    "HKU\S-1-5-21-1392353723-3194137103-1205734640-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{727502AC-766B-4DD7-8B98-5BFB6204DAE4}" => Key deleted successfully.
    HKCR\CLSID\{727502AC-766B-4DD7-8B98-5BFB6204DAE4} => Key not found.
    C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.defaul t\Extensions\[email protected] => not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2AC1CA4-450E-439A-889F-3D0F7752C68B}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2AC1CA4-450E-439A-889F-3D0F7752C68B}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{EEED71EE-9280-4909-808C-3453DF5A4082} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EEED71EE-9280-4909-808C-3453DF5A4082}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8890498-3346-4804-A4E3-E9AB2D357DCE}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8890498-3346-4804-A4E3-E9AB2D357DCE}" => Key deleted successfully.
    C:\Windows\System32\Tasks\YourFile DownloaderUpdate => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBBAFB2C-0B8C-4894-9388-03765FEA0295}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBBAFB2C-0B8C-4894-9388-03765FEA0295}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{7F35B292-FE62-406C-8A09-F95F8B561997} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7F35B292-FE62-406C-8A09-F95F8B561997}" => Key deleted successfully.
    C:\Users\space_000\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
    C:\Users\space_000\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
    C:\Users\space_000\AppData\Local\Temp\nvStInst.exe => Moved successfully.
    C:\Users\space_000\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\space_000\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
    "C:\Program Files\YourFileDownloader" => File/Directory not found.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 1.3 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 19:26:59 ====

    CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
    c:\app4\13000.fonts_the.definitive_collection (fontes)\+7500 top design fonts typo (ttf)\crackhou.ttf
    c:\app4\13000.fonts_the.definitive_collection (fontes)\13000 fonts\c\crack.ttf
    c:\app4\13000.fonts_the.definitive_collection (fontes)\13000 fonts\c\crackadd.ttf
    c:\app4\13000.fonts_the.definitive_collection (fontes)\13000 fonts\c\crackfd.ttf
    c:\app4\13000.fonts_the.definitive_collection (fontes)\13000 fonts\c\crackfir.ttf
    c:\app4\13000.fonts_the.definitive_collection (fontes)\13000 fonts\c\crackho.ttf
    c:\app4\13000.fonts_the.definitive_collection (fontes)\13000 fonts\c\cracking.ttf
    c:\app4\13000.fonts_the.definitive_collection (fontes)\13000 fonts\c\cracklin.ttf
    c:\app4\13000.fonts_the.definitive_collection (fontes)\13000 fonts\n\newcrack.ttf
    c:\app4\13000.fonts_the.definitive_collection (fontes)\13000 fonts\w\wisecrack.ttf
    c:\app4\15.000 fonts adobe_monotype_itc_urw_linotype_agfa_emigre_bt_letraset(by vichenso)\35 dec fantasia\crack man (ray larabie) ttf\crackman.ttf
    c:\app4\15.000 fonts adobe_monotype_itc_urw_linotype_agfa_emigre_bt_letraset(by vichenso)\71 tipos sin clasificar\crackhouse (brand&house) ps\crackh60.pfb
    c:\app4\15.000 fonts adobe_monotype_itc_urw_linotype_agfa_emigre_bt_letraset(by vichenso)\71 tipos sin clasificar\crackhouse (brand&house) ps\crackh60.pfm
    c:\app4\15.000 fonts adobe_monotype_itc_urw_linotype_agfa_emigre_bt_letraset(by vichenso)\71 tipos sin clasificar\crackhouse (brand) ps\crackh60.afm
    c:\app4\15.000 fonts adobe_monotype_itc_urw_linotype_agfa_emigre_bt_letraset(by vichenso)\71 tipos sin clasificar\crackhouse (brand) ps\crackh60.pfb
    c:\app4\15.000 fonts adobe_monotype_itc_urw_linotype_agfa_emigre_bt_letraset(by vichenso)\71 tipos sin clasificar\crackhouse (brand) ps\crackh60.pfm
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\+7500 top design fonts typo (ttf)\crackhou.ttf
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\13000 fonts\c\crack.ttf
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\13000 fonts\c\crackadd.ttf
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\13000 fonts\c\crackfd.ttf
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\13000 fonts\c\crackfir.ttf
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\13000 fonts\c\crackho.ttf
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\13000 fonts\c\cracking.ttf
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\13000 fonts\c\cracklin.ttf
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\13000 fonts\n\newcrack.ttf
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\13000 fonts\w\wisecrack.ttf
    c:\program files\adobe\adobe dreamweaver cs5\configuration\taglibraries\html\keygen.vtm
    c:\program files\adobe\adobe flash catalyst cs5\plugins\com.adobe.thermo.core_1.0.0.273393\com\adobe\thermo\undo\thermoundosystem$undoabledocumentchangecracker.class
    c:\program files\common files\adobe\adobe contribute cs5\app\configuration\browsers\mozilla run time libraries\dist\idl\nsikeygenthread.idl
    c:\program files\common files\adobe\adobe contribute cs5\app\configuration\browsers\mozilla run time libraries\dist\include\nsikeygenthread.h
    scanner sequence 3.ZZ.11.JBAPJZ
    ----- EOF -----

    Hi I will get me some extra memory that will take some time cause off work able to go to store. Am not sure yet about performance but it seems not yet better.

    greetings Luke
     
  6. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    I hate to bring this up but it appears that you have cracked / pirated software on your system. While this may not be related to your problem, this is against the Terms of Use here at Tech Support Guy.

    I draw your attention to the following points:

    From your FRST log:
    From the CKScanner log:

    Rules at Tech Support Guy:

    If you wish to continue recieving assistence here, you must remove the crack / keygen files and the pirated software from your system. After that, please post a fresh CKScanner log in a reply post here and we can continue with your problem.

    Thank you for understanding.
     
  7. Space767

    Space767 Thread Starter

    Joined:
    Dec 22, 2010
    Messages:
    14
    OOpps sorry about that Just removed the software dont need it.

    here the fresh CKScanner logfile

    CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
    c:\app4\13000.fonts_the.definitive_collection (fontes)\+7500 top design fonts typo (ttf)\crackhou.ttf
    c:\app4\13000.fonts_the.definitive_collection (fontes)\13000 fonts\c\crack.ttf
    c:\app4\13000.fonts_the.definitive_collection (fontes)\13000 fonts\c\crackadd.ttf
    c:\app4\13000.fonts_the.definitive_collection (fontes)\13000 fonts\c\crackfd.ttf
    c:\app4\13000.fonts_the.definitive_collection (fontes)\13000 fonts\c\crackfir.ttf
    c:\app4\13000.fonts_the.definitive_collection (fontes)\13000 fonts\c\crackho.ttf
    c:\app4\13000.fonts_the.definitive_collection (fontes)\13000 fonts\c\cracking.ttf
    c:\app4\13000.fonts_the.definitive_collection (fontes)\13000 fonts\c\cracklin.ttf
    c:\app4\13000.fonts_the.definitive_collection (fontes)\13000 fonts\n\newcrack.ttf
    c:\app4\13000.fonts_the.definitive_collection (fontes)\13000 fonts\w\wisecrack.ttf
    c:\app4\15.000 fonts adobe_monotype_itc_urw_linotype_agfa_emigre_bt_letraset(by vichenso)\35 dec fantasia\crack man (ray larabie) ttf\crackman.ttf
    c:\app4\15.000 fonts adobe_monotype_itc_urw_linotype_agfa_emigre_bt_letraset(by vichenso)\71 tipos sin clasificar\crackhouse (brand&house) ps\crackh60.pfb
    c:\app4\15.000 fonts adobe_monotype_itc_urw_linotype_agfa_emigre_bt_letraset(by vichenso)\71 tipos sin clasificar\crackhouse (brand&house) ps\crackh60.pfm
    c:\app4\15.000 fonts adobe_monotype_itc_urw_linotype_agfa_emigre_bt_letraset(by vichenso)\71 tipos sin clasificar\crackhouse (brand) ps\crackh60.afm
    c:\app4\15.000 fonts adobe_monotype_itc_urw_linotype_agfa_emigre_bt_letraset(by vichenso)\71 tipos sin clasificar\crackhouse (brand) ps\crackh60.pfb
    c:\app4\15.000 fonts adobe_monotype_itc_urw_linotype_agfa_emigre_bt_letraset(by vichenso)\71 tipos sin clasificar\crackhouse (brand) ps\crackh60.pfm
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\+7500 top design fonts typo (ttf)\crackhou.ttf
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\13000 fonts\c\crack.ttf
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\13000 fonts\c\crackadd.ttf
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\13000 fonts\c\crackfd.ttf
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\13000 fonts\c\crackfir.ttf
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\13000 fonts\c\crackho.ttf
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\13000 fonts\c\cracking.ttf
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\13000 fonts\c\cracklin.ttf
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\13000 fonts\n\newcrack.ttf
    c:\app4\7500 best design classic commercial fonts collections (acme, ds, emigre, ff, itc, lino, lunchbox, t26 etc pc-ttf) listing p0ksselection\13000 fonts\w\wisecrack.ttf
    scanner sequence 3.ZZ.11.LMAAUA
    ----- EOF -----

    ps. My windows8 software is legit hope to upgrade it soon to 10 for free :-D
     
  8. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    Good, let's move on ....

    STEP1 >>>>


    AdwCleaner by Xplode

    Download AdwCleaner from here or from here. Save the file to the desktop.


    NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

    Close all open windows and browsers.
    1. Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
      You will see the following console:

      [​IMG]
    2. Click the Scan button and wait for the scan to finish.
    3. After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
    4. Click the Clean button.
    5. Everything checked will be deleted.
    6. When the program has finished cleaning a report appears.
    7. Once done it will ask to reboot, allow this

      [​IMG]
    8. On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
    Optional:

    NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


    STEP2 >>>>

    Malwarebytes' Anti-Malware
    Please download the latest version of Malwarebytes' Anti-Malware from here .

    Double Click on the mbam-setup.exe file to install the application.

    Do not check on the Trial of Professional version. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    If an update is found, it will download and install the latest version.

    When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
    [​IMG]

    Once the program has loaded and updated, select "Scan Now >>" to start the scan.
    [​IMG]

    The scan may take some time to finish, so please be patient.

    If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.

    It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.

    Save the logfile in txt-format and copy/paste it in your next reply.

    Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).
     
  9. Space767

    Space767 Thread Starter

    Joined:
    Dec 22, 2010
    Messages:
    14
    # AdwCleaner v4.109 - Report created 28/01/2015 at 12:49:15
    # Updated 24/01/2015 by Xplode
    # Database : 2015-01-26.1 [Live]
    # Operating System : Windows 8.1 Pro (32 bits)
    # Username : space_000 - APP4
    # Running from : C:\Users\space_000\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files\TNT2
    Folder Deleted : C:\Users\space_000\AppData\Local\TNT2
    File Deleted : C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\user.js

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gpicboiclhmnllnjdcfcffifpoaebgkm
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\SoftonicToolbar
    Key Deleted : HKCU\Software\torch
    Key Deleted : HKCU\Software\TNT2
    Key Deleted : HKLM\SOFTWARE\Conduit
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v32.0.2 (x86 nl)

    [5hw3tm02.default\prefs.js] - Line Deleted : user_pref("[email protected]", "[{\"name\":\"Freecorder Menu Header\",\"img\":\"hxxp://freecorder.com/fc8/ui/buttons/menu_header.png\",\"width\":225,\"height\":65},{\"name[...]
    [5hw3tm02.default\prefs.js] - Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);

    -\\ Google Chrome v40.0.2214.93

    [C:\Users\kaya\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
    [C:\Users\space_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
    [C:\Users\space_001.APP4.004\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [2360 octets] - [28/01/2015 11:09:50]
    AdwCleaner[S0].txt - [2335 octets] - [28/01/2015 12:49:15]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2395 octets] ##########
     
  10. Space767

    Space767 Thread Starter

    Joined:
    Dec 22, 2010
    Messages:
    14
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 28/01/2015
    Scan Time: 15:19:38
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.28.06
    Rootkit Database: v2015.01.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x86
    File System: NTFS
    User: space_000

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 588580
    Time Elapsed: 11 min, 23 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gpicboiclhmnllnjdcfcffifpoaebgkm, Quarantined, [ab1bd12b5a2f072f02611b8eff045da3],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 9
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected], Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\img, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\js, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\skin, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\plugins, Quarantined, [3096a6567c0d0b2bed770052ba499868],

    Files: 53
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome.manifest, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\install.rdf, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\background.html, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\button.xml, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\config.js, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\framework.js, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\framework.xul, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\jquery-1.6.2.min.js, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\jquery.js, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\options.xul, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup.js, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\settings.json, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\img\fc7_toolbar_icon-128.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\img\fc7_toolbar_icon-16.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\img\fc7_toolbar_icon-18.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\img\fc7_toolbar_icon-24.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\img\fc7_toolbar_icon-256.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\img\fc7_toolbar_icon-32.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\img\fc7_toolbar_icon-48.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\img\fc7_toolbar_icon-64.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\js\bg.js, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\js\content.js, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\arrow-dn.gif, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\jquery-1.7.2.min.js, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\popup.html, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\popup.js, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\style.css, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\clipper.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\convert.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\help.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\lock.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\logo-24.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\logo.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\mp3_editor.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\music.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\play-flv.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\play.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\radio.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\screen.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\search.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\triangle-1-s.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\tv.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\upgrade.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\upgrade2.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\vid-history.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\video-history.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\video.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\video_encryptor.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\vpl.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\youtube-square.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\content\popup\images\youtube.png, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\chrome\skin\framework.css, Quarantined, [3096a6567c0d0b2bed770052ba499868],
    PUP.Optional.Freecorder.A, C:\Users\space_000\AppData\Roaming\Mozilla\Firefox\Profiles\5hw3tm02.default\extensions\[email protected]\plugins\npFreeCoder.dll, Quarantined, [3096a6567c0d0b2bed770052ba499868],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  11. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    This next step may take a while (just to warn you) .....

    ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier.

    You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

    Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

    Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

    -------------------------------------------------------------------------------------------------------------------

    Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

    Link =>> ESET Online Scanner <<

    Click the Run ESET Online Scanner located on the left side of the page (not the free trial).

    [​IMG]

    For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
    Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.

    [​IMG]

    Double click on the icon on your desktop.

    [​IMG]

    Check (accept) the Terms of Use.

    [​IMG]

    Click the START button.
    Accept any security warnings from your browser.

    Now in the Computer scan settings window that appears:-
    Make sure that the option Enable detection of potentially unwanted applications is selected.
    Now click on Advanced Settings and configure the options as follows:

    Remove found threats is Not checked
    Scan archives is checked
    Scan for potentially unsafe applications is checked
    Enable Anti-Stealth Technology is checked


    Now click on: Start
    [​IMG]



    ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [​IMG]


    [​IMG]

    When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats.

    [​IMG]

    At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

    [​IMG]

    Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

    [​IMG]

    Attach the saved log file in your next reply please. Thanks.
     
  12. Space767

    Space767 Thread Starter

    Joined:
    Dec 22, 2010
    Messages:
    14
    Oke its scanning allready found some really am wondering how it got there when finished i post log file

    If its possible i would like to now how and from what it came?
     
  13. Space767

    Space767 Thread Starter

    Joined:
    Dec 22, 2010
    Messages:
    14
    Hi all done logfile attached
    One thing i see is that my kids are not allowed to play with my phone again :-D
     

    Attached Files:

  14. dbreeze

    dbreeze Malware Specialist

    Joined:
    Oct 5, 2014
    Messages:
    431
    First Name:
    David
    Don't be too hard on the kids and the phone; I've seen a lot worse!! :p

    As to the GameConsole / TNT2 malware, this is a what is known as foistware; programs that are installed (without your consent) by being bundled with a legitimate software. I will suggest some tools to help with this when we are done cleaning.

    ------------------------------------------------------------------------------------------------------------------------------------------

    Download the attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST by right clicking on the FRST.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

    The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.
     

    Attached Files:

  15. Space767

    Space767 Thread Starter

    Joined:
    Dec 22, 2010
    Messages:
    14
    Oke done no fixlog generated.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1141535

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice