TechSpot

BlocknSurf/mystartsearch

By aly
Jan 31, 2015
  1. It all started with mystartsearch which installed a browser plugin and redirecting my home page to its website. I uninstalled it via the control panel and removed the browser plugin, after a couple days I found blocknsurf 'ads' and coupon popups and generally a new window would open every once in a while when I'm browsing.

    Currently I'm running Avira Free and CCleaner

    I've followed the 4-step process:
    I'm facing a issue with DDS with the following message "DDS is not meant to run in 'Compatibility Mode'. The program shall now exit."

    here is the log from MBAM:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 31-01-2015
    Scan Time: 10:24:48 PM
    Logfile: MBAM scan 31-Jan-2015.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.31.04
    Rootkit Database: v2015.01.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Alaistair

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 335804
    Time Elapsed: 6 min, 36 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 26
    PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [b838f4098efb82b445e8d42a3fc38c74],
    PUP.Optional.SoftwareUpdater.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SoftwareUpdater, Quarantined, [3ab659a47118ee48b756d8a955aef907],
    PUP.Optional.Webinstr.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\webinstrNHKT, Quarantined, [856b5da0addccd69f33a90f1e122f40c],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [ec049667f49547ef238c7645e81b1ee2],
    PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinPlus-2.7cV26.01, Quarantined, [0be509f43356ba7c97463652a65d0bf5],
    PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinPlus-2.7cV26.01-nv, Quarantined, [0ae67588cebbee489845c6c240c3fb05],
    PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Quarantined, [31bfe4195534023451911a68996ab64a],
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, Quarantined, [6d837786fa8fca6c7a4b7e0ce41f58a8],
    PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [7c74817cec9d47efb23fa8f8af544bb5],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [0ae659a4bacf60d60aa52497f80b7888],
    PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [db15d22b48411d199c221fe10cf909f7],
    PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [866a5ba25d2ce155bf00ab550203fe02],
    PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [5a96e51813767bbb38b4800dd62da060],
    PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-2463482003-2002589441-2981365847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinPlus-2.7cV26.01-nv, Delete-on-Reboot, [c52b926ba7e2a88ea13d04848f7407f9],
    PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-2463482003-2002589441-2981365847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Delete-on-Reboot, [26cae31af89148ee25bc019c5ca7bf41],
    PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-2463482003-2002589441-2981365847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CinPlus-2.7cV26.01, Delete-on-Reboot, [e40c22dbe5a4c4728758e5a34cb7b44c],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-2463482003-2002589441-2981365847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Delete-on-Reboot, [ad436895395096a06476494bf310bc44],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-2463482003-2002589441-2981365847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Cinema Plus2.7hV26.01, Delete-on-Reboot, [07e9728bf99056e0ef6f7712ef142ed2],
    PUP.Optional.BlockAndSurf.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C330D4EC-AFE2-9A69-CAAD-C5E77FABCBCB}, Quarantined, [a54b36c7f990c4724141e7ccb154b749],
    PUP.Optional.BlockAndSurf.A, HKLM\SOFTWARE\CLASSES\CLSID\{C330D4EC-AFE2-9A69-CAAD-C5E77FABCBCB}, Quarantined, [a54b36c7f990c4724141e7ccb154b749],
    PUP.Optional.BlockAndSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{D5A07853-7ABD-108A-8F7C-09E0CCB418A5}, Quarantined, [a54b36c7f990c4724141e7ccb154b749],
    PUP.Optional.BlockAndSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3C14C09A-E6AA-569A-779D-6E3215903171}, Quarantined, [a54b36c7f990c4724141e7ccb154b749],
    PUP.Optional.BlockAndSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3C14C09A-E6AA-569A-779D-6E3215903171}, Quarantined, [a54b36c7f990c4724141e7ccb154b749],
    PUP.Optional.BlockAndSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D5A07853-7ABD-108A-8F7C-09E0CCB418A5}, Quarantined, [a54b36c7f990c4724141e7ccb154b749],
    PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-2463482003-2002589441-2981365847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C330D4EC-AFE2-9A69-CAAD-C5E77FABCBCB}, Delete-on-Reboot, [a54b36c7f990c4724141e7ccb154b749],
    PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-2463482003-2002589441-2981365847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C330D4EC-AFE2-9A69-CAAD-C5E77FABCBCB}, Delete-on-Reboot, [a54b36c7f990c4724141e7ccb154b749],

    Registry Values: 2
    PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [7c74817cec9d47efb23fa8f8af544bb5]
    PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SOFTWAREUPDATER|UninstallString, C:\Users\Alaistair\AppData\Roaming\SoftwareUpdater\Uninstall.exe, Quarantined, [f5fb7885f2972b0b54faff00bb49659b]

    Registry Data: 13
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF599506N, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...),Replaced,[7f711be2aadf90a6e26459480ef73bc5]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?t...840XEVOX120GB_S1D5NSAF599506N&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[9858bd405732db5b147ce9b830d5b44c]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=...uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF599506N, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...),Replaced,[1fd1ae4ff198ca6cace3e2bf2bdaab55]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystartsearch.com/?type=...uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF599506N, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...),Replaced,[bd33f00d5a2fb77f47d1258a5fa6da26]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?t...840XEVOX120GB_S1D5NSAF599506N&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[d9170eefc6c31b1b6928990829dce31d]
    PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[60901de06f1aa29460ff7b323bcade22]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF599506N, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...),Replaced,[9d5369946722290df155950cda2baf51]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?t...840XEVOX120GB_S1D5NSAF599506N&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[cc2453aad0b9cd69068a8b16679ec040]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=...uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF599506N, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...),Replaced,[e60a96675e2b142298f7138e0ff6a55b]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystartsearch.com/?type=...uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF599506N, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...),Replaced,[846c8875cfba4beb37e1f9b656af728e]
    PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?t...840XEVOX120GB_S1D5NSAF599506N&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[3fb112eb8cfd81b5236e911011f45fa1]
    PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[80709865bbce8caa4817cfde0df83fc1]
    PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2463482003-2002589441-2981365847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=...uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF599506N, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...-on-Reboot,[bf31b5486c1dcc6a72209e03eb1a5ea2]

    Folders: 2
    PUP.Optional.SoftwareUpdater.A, C:\Users\Alaistair\AppData\Roaming\SoftwareUpdater, Quarantined, [3ab659a47118ee48b756d8a955aef907],
    PUP.Optional.TheAnswerFinder.A, C:\Users\Alaistair\AppData\Roaming\TheAnswerFinder, Quarantined, [48a8ec1129606bcbb731107717ec7e82],

    Files: 26
    PUP.Optional.Nova.A, C:\Program Files (x86)\24ca4bef-13f4-41f4-9407-1aa1d58eb814\d8d03eda-719d-4cf3-9080-2a2abcf39db2.dll, Quarantined, [519fb647038656e063169570aa58926e],
    PUP.Optional.Nova.A, C:\Program Files (x86)\Apple Software Update\437322b1-3a5f-49b0-b8ea-abbf70e56304.dll, Quarantined, [db15c736d6b32c0a98e18f76c43e1ae6],
    PUP.Optional.Cgminer, C:\Windows\Installer\233679.msi, Quarantined, [955b6499d1b865d1223f1850fc057c84],
    PUP.Optional.Patsearch.A, C:\Windows\patsearch.bin, Quarantined, [be3264994b3e40f653b30a7752b10000],
    PUP.Optional.SoftwareUpdater.A, C:\Users\Alaistair\AppData\Roaming\SoftwareUpdater\Uninstall.exe, Quarantined, [3ab659a47118ee48b756d8a955aef907],
    PUP.Optional.SoftwareUpdater.A, C:\Users\Alaistair\AppData\Roaming\SoftwareUpdater\SoftwareUpdater.exe, Quarantined, [3ab659a47118ee48b756d8a955aef907],
    PUP.Optional.SoftwareUpdater.A, C:\Users\Alaistair\AppData\Roaming\SoftwareUpdater\surunasu.exe, Quarantined, [3ab659a47118ee48b756d8a955aef907],
    PUP.Optional.SoftwareUpdater.A, C:\Users\Alaistair\AppData\Roaming\SoftwareUpdater\SUSetup.exe, Quarantined, [3ab659a47118ee48b756d8a955aef907],
    PUP.Optional.SoftwareUpdater.A, C:\Users\Alaistair\AppData\Roaming\SoftwareUpdater\UpdateNotifier.exe, Quarantined, [3ab659a47118ee48b756d8a955aef907],
    PUP.Optional.Webinstr.A, C:\Windows\System32\drivers\webinstrNHKT.sys, Quarantined, [856b5da0addccd69f33a90f1e122f40c],
    PUP.Optional.WebInstr.A, C:\Windows\System32\drivers\Msft_Kernel_webinstrNHKT_01009.Wdf, Quarantined, [a24ecf2e0c7d6dc980b4bac8877c49b7],
    PUP.Optional.TheAnswerFinder.A, C:\Users\Alaistair\AppData\Roaming\TheAnswerFinder\RootCert.cer, Quarantined, [48a8ec1129606bcbb731107717ec7e82],
    PUP.Optional.TheAnswerFinder.A, C:\Users\Alaistair\AppData\Roaming\TheAnswerFinder\makecert.exe, Quarantined, [48a8ec1129606bcbb731107717ec7e82],
    PUP.Optional.TheAnswerFinder.A, C:\Users\Alaistair\AppData\Roaming\TheAnswerFinder\storage.bin, Quarantined, [48a8ec1129606bcbb731107717ec7e82],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-1, Quarantined, [3bb5609d771230069b51326e63a0669a],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-2, Quarantined, [5a966499553477bf13d9e5bbe91ace32],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-5, Quarantined, [ac44a954cbbe4cea2fbdecb4758e9f61],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-5_user, Quarantined, [f6fa9c61e3a631051ece6b356f9424dc],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-6, Quarantined, [945c53aab6d35cdaec001888d23137c9],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-7, Quarantined, [678909f41c6dbc7a4d9f1e82a16225db],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-1.job, Quarantined, [4da38d7032579c9abe9d1ae47c88b14f],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-2.job, Quarantined, [569a2ad38bfe4beba2b9758933d1ac54],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-5.job, Quarantined, [e80818e5becbce689ebd8b73ce36c53b],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-5_user.job, Quarantined, [965a23da90f995a13f1c708e16eefe02],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-6.job, Quarantined, [b33d96671277c373332848b6e2221de3],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-7.job, Quarantined, [529e54a90980f046f962748a11f337c9],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  3. aly

    aly TS Rookie Topic Starter

    Hi Broni, Thanks for your help!
    Computer seems better after the MBAM scan.

    logs of Roguekiller:

    RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : Alaistair [Administrator]
    Mode : Delete -- Date : 02/01/2015 09:21:17

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 10 ¤¤¤
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2463482003-2002589441-2981365847-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:59434;https=127.0.0.1:59434 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2463482003-2002589441-2981365847-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:59434;https=127.0.0.1:59434 -> Not selected
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Not selected
    [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 2 ¤¤¤
    [Suspicious.Path] DWZFC.job -- C:\Users\Alaistair\AppData\Roaming\DWZFC.exe (/infocmdline=WgwUosehqe0Ir3XyquJkVOmpD1W3TrDxZys9qUFW/nFcB5Nof7kNzqW50jfZypQLYJ8PIzpfyikxzTUEgjQxDbq/bvraMhaY71ReI+ZS5/MBAq6jHsQufaGtPXcMmGgE0V86K20M5A0WQjWZ0TXO7j7Fx7T2+G4+GJqd4g21KkufVb+8Ka+2NXRaoRU8953mS+4xwDhGpdbDgj5OQSOufbx0Qa0eL52qgR/jZ4EBFUBJA3X94J1fgrnsC7efGKO77KIjErL9u8OiLGryglCWE2bOjtSF6H7mSkVA2RQQnEe9KvszdZvo6J0xTxsokJ2NFpDEUfkqpUyzb+C2yzTowRUOb6mkCcK9JlIdZX5i236v23ae5p2REpxvd4wjEVS+uKYFFw+lAUhGPBeCKtRB317aiJGYlhkUWI0boOVpHnskJ1K1PrM7lUG6et2+hEtUT4JJstDlIgc/WE4jnWeuGKDAnymsUDIchZivj1jln3gKYvUft7NGNh03Bz7jUucF) -> Deleted
    [Suspicious.Path] \\DWZFC -- C:\Users\Alaistair\AppData\Roaming\DWZFC.exe (/infocmdline=WgwUosehqe0Ir3XyquJkVOmpD1W3TrDxZys9qUFW/nFcB5Nof7kNzqW50jfZypQLYJ8PIzpfyikxzTUEgjQxDbq/bvraMhaY71ReI+ZS5/MBAq6jHsQufaGtPXcMmGgE0V86K20M5A0WQjWZ0TXO7j7Fx7T2+G4+GJqd4g21KkufVb+8Ka+2NXRaoRU8953mS+4xwDhGpdbDgj5OQSOufbx0Qa0eL52qgR/jZ4EBFUBJA3X94J1fgrnsC7efGKO77KIjErL9u8OiLGryglCWE2bOjtSF6H7mSkVA2RQQnEe9KvszdZvo6J0xTxsokJ2NFpDEUfkqpUyzb+C2yzTowRUOb6mkCcK9JlIdZX5i236v23ae5p2REpxvd4wjEVS+uKYFFw+lAUhGPBeCKtRB317aiJGYlhkUWI0boOVpHnskJ1K1PrM7lUG6et2+hEtUT4JJstDlIgc/WE4jnWeuGKDAnymsUDIchZivj1jln3gKYvUft7NGNh03Bz7jUucF) -> Deleted

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Samsung SSD 840 EVO 120GB +++++
    --- User ---
    [MBR] 0f2f76e44c86f98d9490ed3b97a63103
    [BSP] b7dd38aeaccd7cee4d8f93cb6779fd08 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 114121 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WDC WD2003FZEX-00Z4SA0 +++++
    --- User ---
    [MBR] fe0d30f210b42c96ddff6adbcf2c39a8
    [BSP] fdf0e816e5d9258551be4020c5447cc4 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1000000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048002048 | Size: 500000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): -1222965248 | Size: 407726 MB [Error reading VBR! ([83] An attempt was made to move the file pointer before the beginning of the file. )]
    User != LL1 ... KO!
    --- LL1 ---
    [MBR] fe0d30f210b42c96ddff6adbcf2c39a8
    [BSP] fdf0e816e5d9258551be4020c5447cc4 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1000000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048002048 | Size: 500000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): -1222965248 | Size: 407726 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] fe0d30f210b42c96ddff6adbcf2c39a8
    [BSP] fdf0e816e5d9258551be4020c5447cc4 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1000000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048002048 | Size: 500000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): -1222965248 | Size: 407726 MB[Invalid]


    ============================================
    RKreport_SCN_02012015_092051.log


    Restore point created.

    MBAR log file:

    Malwarebytes Anti-Rootkit BETA 1.08.3.1004
    www.malwarebytes.org

    Database version:
    main: v2015.01.31.06
    rootkit: v2015.01.14.01

    Windows 8.1 x64 NTFS
    Internet Explorer 11.0.9600.16384
    Alaistair :: ALY [administrator]

    01-02-2015 09:31:03 AM
    mbar-log-2015-02-01 (09-31-03).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
    Objects scanned: 335248
    Time elapsed: 7 minute(s), 5 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    System-log file:

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.3.1004

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.3.9200 Windows 8.1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.16384

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 3.498000 GHz
    Memory total: 8530251776, free: 5176135680

    Downloaded database version: v2015.01.31.06
    Downloaded database version: v2015.01.14.01
    Downloaded database version: v2014.12.06.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    02/01/2015 09:30:38
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kd.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\System32\drivers\werkernel.sys
    \SystemRoot\System32\drivers\CLFS.SYS
    \SystemRoot\System32\drivers\tm.sys
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\acpiex.sys
    \SystemRoot\System32\Drivers\WppRecorder.sys
    \SystemRoot\System32\drivers\ACPI.sys
    \SystemRoot\System32\drivers\WMILIB.SYS
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\mgbkfk.sys
    \SystemRoot\System32\Drivers\sptd.sys
    \SystemRoot\System32\drivers\msisadrv.sys
    \SystemRoot\System32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\pci.sys
    \SystemRoot\system32\drivers\pdc.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\System32\drivers\spaceport.sys
    \SystemRoot\System32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\System32\drivers\iaStorA.sys
    \SystemRoot\System32\drivers\storport.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\System32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wfplwfs.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\System32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\intelpep.sys
    \SystemRoot\System32\drivers\disk.sys
    \SystemRoot\System32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\BasicRender.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\System32\drivers\BasicDisplay.sys
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\anodlwfx.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\avkmgr.sys
    \SystemRoot\system32\DRIVERS\avipbb.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\drivers\npsvctrig.sys
    \SystemRoot\System32\drivers\mssmbios.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\SysWow64\drivers\AsIO.sys
    \SystemRoot\system32\DRIVERS\ahcache.sys
    \SystemRoot\System32\Drivers\rimvndis6_AMD64.sys
    \SystemRoot\System32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\kdnic.sys
    \SystemRoot\System32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\HDAudBus.sys
    \SystemRoot\System32\drivers\USBXHCI.SYS
    \SystemRoot\System32\drivers\ucx01000.sys
    \SystemRoot\system32\DRIVERS\TeeDriverx64.sys
    \SystemRoot\system32\DRIVERS\e1d64x64.sys
    \SystemRoot\System32\drivers\usbehci.sys
    \SystemRoot\System32\drivers\USBPORT.SYS
    \SystemRoot\System32\Drivers\dtscsidrv.SYS
    \SystemRoot\System32\Drivers\SCSIPORT.SYS
    \SystemRoot\System32\drivers\wmiacpi.sys
    \SystemRoot\System32\drivers\intelppm.sys
    \SystemRoot\System32\drivers\acpipagr.sys
    \SystemRoot\system32\drivers\nvvad64v.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\System32\drivers\NdisVirtualBus.sys
    \SystemRoot\System32\Drivers\RootMdm.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\System32\drivers\swenum.sys
    \SystemRoot\system32\drivers\LGBusEnum.sys
    \SystemRoot\system32\drivers\WmBEnum.sys
    \SystemRoot\system32\drivers\WmXlCore.sys
    \SystemRoot\System32\drivers\rdpbus.sys
    \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
    \SystemRoot\System32\drivers\usbhub.sys
    \SystemRoot\System32\drivers\USBD.SYS
    \SystemRoot\system32\drivers\nvhda64v.sys
    \SystemRoot\System32\drivers\UsbHub3.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\System32\drivers\cdrom.sys
    \SystemRoot\System32\drivers\usbccgp.sys
    \SystemRoot\System32\drivers\hidusb.sys
    \SystemRoot\System32\drivers\HIDCLASS.SYS
    \SystemRoot\System32\drivers\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
    \SystemRoot\System32\drivers\mouhid.sys
    \SystemRoot\System32\drivers\mouclass.sys
    \SystemRoot\System32\drivers\kbdhid.sys
    \SystemRoot\System32\drivers\kbdclass.sys
    \SystemRoot\System32\drivers\xusb22.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_iaStorA.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\monitor.sys
    \SystemRoot\system32\drivers\nvvadarm.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\avgntflt.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\drivers\Ndu.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\condrv.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\mslldp.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
    \SystemRoot\system32\drivers\WmVirHid.sys
    \SystemRoot\system32\drivers\LGVirHid.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    ----------- End -----------
    Done!
    IRP handler 0 of \Driver\iaStorA points to an unknown module
    Unhooking enabled.

    Scan started
    Database versions:
    main: v2015.01.31.06
    rootkit: v2015.01.14.01

    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffe00002fca060
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\0000003a\
    Lower Device Object: 0xffffe000018b0340
    Lower Device Driver Name: \Driver\iaStorA\
    Driver name found: iaStorA
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffe00002fcb060
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000039\
    Lower Device Object: 0xffffe000018b1320
    Lower Device Driver Name: \Driver\iaStorA\
    Driver name found: iaStorA
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffe00002fcb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffe00002fcbb20, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffe00002fcb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xffffe000003abb90, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffe000002db880, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffe000018b1320, DeviceName: \Device\00000039\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    Upper DeviceData: 0xffffc0000be49600, 0xffffe00002fcb060, 0xffffe00007cf7770
    Lower DeviceData: 0xffffc00003d4f1f0, 0xffffe000018b1320, 0xffffe00001618c10
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\rndismp6.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\rndismp6.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usb80236.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usb80236.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: DBFB7076

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 716800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 718848 Numsec = 233719808

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 120034123776 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffe00002fca060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffe00002fcab20, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffe00002fca060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    DevicePointer: 0xffffe000003ab9a0, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffe000003abe50, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffe000018b0340, DeviceName: \Device\0000003a\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    Upper DeviceData: 0xffffc0001268e1a0, 0xffffe00002fca060, 0xffffe00005ece770
    Lower DeviceData: 0xffffc0000cec2ac0, 0xffffe000018b0340, 0xffffe000046c2090
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 58DC14DA

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 2048000000

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048002048 Numsec = 1024000000

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3072002048 Numsec = 835022848

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 2000398934016 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  5. aly

    aly TS Rookie Topic Starter

    Logs from AdwCleaner

    # AdwCleaner v4.109 - Report created 01/02/2015 at 10:40:16
    # Updated 24/01/2015 by Xplode
    # Database : 2015-01-26.1 [Live]
    # Operating System : Windows 8.1 Pro (64 bits)
    # Username : Alaistair - ALY
    # Running from : C:\Users\Alaistair\Desktop\adwcleaner_4.109.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\Users\Alaistair\AppData\Local\globalUpdate
    File Deleted : C:\Users\Alaistair\AppData\Roaming\Mozilla\Firefox\Profiles\Cq3pK5XT.default\user.js

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{491C5DB0-06FD-A9EC-D0EA-5BA6B97B7E56}]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905565}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906665}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905565}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906665}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
    Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;<local>
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:59434;hxxps=127.0.0.1:59434

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16384


    -\\ Mozilla Firefox v


    -\\ Google Chrome v40.0.2214.93


    *************************

    AdwCleaner[R0].txt - [4576 octets] - [01/02/2015 10:39:14]
    AdwCleaner[S0].txt - [4118 octets] - [01/02/2015 10:40:16]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4178 octets] ##########


    Logs from Junkware Removal Tool - JRT.txt

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 8.1 Pro x64
    Ran by Alaistair on 01-02-2015 at 10:44:03.71
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440644904465}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644904465}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440644904465}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644904465}



    ~~~ Files

    Successfully deleted: [File] C:\Windows\prefetch\ZTOOLBAR.EXE-C7CF1455.pf
    Successfully deleted: [File] C:\Windows\prefetch\SPEEDUP.EXE-ABAC2381.pf
    Successfully deleted: [File] "C:\Windows\wininit.ini"



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 01-02-2015 at 10:44:56.31
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Logs from Farbar Recovery Scan Tool

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
    Ran by Alaistair (administrator) on ALY on 01-02-2015 10:46:18
    Running from C:\Users\Alaistair\Desktop
    Loaded Profiles: Alaistair (Available profiles: Alaistair)
    Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
    () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (OptimizerMonitor Inc.) C:\Program Files (x86)\IGS\OptimizerMonitor.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
    (Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Beepa P/L) E:\fraps\fraps.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation) C:\Users\Alaistair\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Beepa P/L) E:\fraps\fraps64.dat
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
    (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    (Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
    (Akamai Technologies, Inc.) C:\Users\Alaistair\AppData\Local\Akamai\netsession_win.exe
    (Akamai Technologies, Inc.) C:\Users\Alaistair\AppData\Local\Akamai\netsession_win.exe
    (Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
    () C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
    () C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
    (Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe
    (Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe
    (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
    (Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (CyberLink) C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-06-13] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-15] (Logitech Inc.)
    HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
    HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
    HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4857592 2014-11-28] (BlackBerry Limited)
    HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\Run: [GoogleChromeAutoLaunch_382B58309B65E5013E04110C4AB659DE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
    HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Alaistair\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3128408 2014-03-13] (Disc Soft Ltd)
    HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-22] (Piriform Ltd)
    HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\Run: [BlackBerryLink.exe] => C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe [1475320 2014-11-19] (Research In Motion)
    HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\MountPoints2: {7da04aef-8aa2-11e4-827d-382c4abc47ac} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL G:\start.exe
    HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\MountPoints2: {da8e3c5c-822a-11e4-8274-382c4abc47ac} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL G:\start.exe
    HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\MountPoints2: {e6db5554-884d-11e4-827b-382c4abc47ac} - "G:\LG_PC_Programs.exe"
    HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\MountPoints2: {f45e9d33-7a2c-11e4-8251-806e6f6e6963} - "H:\setup.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Startup GPU Miner.lnk
    ShortcutTarget: Startup GPU Miner.lnk -> F:\simple gpu miner\ProcessG.exe (No File)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-in/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> F:\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\..\Interfaces\{549E08BA-758D-49B5-B371-1CA73E424555}: [NameServer] 208.67.222.222,208.67.220.220
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Alaistair\AppData\Roaming\Mozilla\Firefox\Profiles\Cq3pK5XT.default
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Extension: Avira Browser Safety - C:\Users\Alaistair\AppData\Roaming\Mozilla\Firefox\Profiles\Cq3pK5XT.default\Extensions\abs@avira.com [2014-12-02]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-02]
    CHR Extension: (From Dust) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2014-12-02]
    CHR Extension: (Google Docs) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-02]
    CHR Extension: (Google Drive) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-02]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-02]
    CHR Extension: (YouTube) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-02]
    CHR Extension: (Facebook) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-12-02]
    CHR Extension: (Google Search) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-02]
    CHR Extension: (Google Sheets) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-02]
    CHR Extension: (Chrome Remote Desktop) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-01-02]
    CHR Extension: (AdBlock) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-02]
    CHR Extension: (redditery) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\imooeldfapggncchoebfnidcgeiimojb [2014-12-02]
    CHR Extension: (StumbleUpon) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2014-12-02]
    CHR Extension: (Any.do Extension) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-12-02]
    CHR Extension: (Digg) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkaodmpkbaenhnnfinhmlonngcnffmaf [2014-12-02]
    CHR Extension: (Movi Kanti Revo) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdkcgeghhfjiglphfppinecpcpnnbne [2014-12-02]
    CHR Extension: (ruddl - reddit browser) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\llpknfhbmlngapjlboenfmmeminfdpil [2014-12-02]
    CHR Extension: (Google Wallet) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-02]
    CHR Extension: (Gmail) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-02]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] ()
    R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
    R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
    R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe [56648 2014-12-15] (Google Inc.)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
    R2 OptimizerMonitor; C:\Program Files (x86)\IGS\OptimizerMonitor.exe [1820240 2015-01-29] (OptimizerMonitor Inc.) [File not signed]
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-12-12] ()
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-04-01] (CyberLink)
    R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2014-11-28] (Apple Inc.)
    R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1348344 2014-11-28] (BlackBerry Limited)
    S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2014-03-28] (Google Inc)
    S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2014-03-28] (LG Electronics Inc.)
    S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2014-03-28] (LG Electronics Inc.)
    R1 anodlwf; C:\Windows\system32\DRIVERS\anodlwfx.sys [15872 2014-12-02] ()
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-22] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-22] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-22] (Avira Operations GmbH & Co. KG)
    S3 blackberryncm; C:\Windows\system32\DRIVERS\blackberryncm6_AMD64.sys [25088 2014-09-08] (BlackBerry)
    U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2014-12-02] (Disc Soft Ltd)
    R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
    R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
    R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2014-12-13] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)
    R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
    R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
    S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1578128 2012-12-05] (Realtek Semiconductor Corporation )
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-12-02] (Duplex Secure Ltd.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-01] ()
    S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
    R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
    S0 WinDivert1.1; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-01 10:46 - 2015-02-01 10:46 - 00022799 _____ () C:\Users\Alaistair\Desktop\FRST.txt
    2015-02-01 10:46 - 2015-02-01 10:46 - 00000000 ____D () C:\FRST
    2015-02-01 10:46 - 2015-02-01 10:45 - 02131456 _____ (Farbar) C:\Users\Alaistair\Desktop\FRST64.exe
    2015-02-01 10:44 - 2015-02-01 10:44 - 00001302 _____ () C:\Users\Alaistair\Desktop\JRT.txt
    2015-02-01 10:44 - 2015-02-01 10:44 - 00000000 ____D () C:\Windows\ERUNT
    2015-02-01 10:39 - 2015-02-01 10:40 - 00000000 ____D () C:\AdwCleaner
    2015-02-01 10:38 - 2015-02-01 10:38 - 02194432 _____ () C:\Users\Alaistair\Desktop\adwcleaner_4.109.exe
    2015-02-01 10:12 - 2015-02-01 10:12 - 00000000 ____D () C:\Users\Alaistair\AppData\Local\Risen3
    2015-02-01 09:30 - 2015-02-01 09:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-02-01 09:29 - 2015-02-01 09:37 - 00000000 ____D () C:\Users\Alaistair\Desktop\mbar
    2015-02-01 09:17 - 2015-02-01 09:17 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-02-01 09:17 - 2015-02-01 09:17 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-02-01 09:16 - 2015-02-01 09:15 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Alaistair\Desktop\mbar-1.08.3.1004.exe
    2015-02-01 09:16 - 2015-02-01 09:13 - 15431256 _____ () C:\Users\Alaistair\Desktop\RogueKiller.exe
    2015-02-01 09:08 - 2015-02-01 09:08 - 00017589 _____ () C:\Windows\DirectX.log
    2015-02-01 09:08 - 2015-02-01 09:08 - 00000909 _____ () C:\Users\Public\Desktop\Risen 3 - Titan Lords.lnk
    2015-02-01 09:08 - 2015-02-01 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Risen 3 - Titan Lords
    2015-01-31 23:31 - 2015-01-31 23:31 - 00000796 _____ () C:\Windows\setupact.log
    2015-01-31 23:31 - 2015-01-31 23:31 - 00000000 _____ () C:\Windows\setuperr.log
    2015-01-31 22:36 - 2015-01-31 22:36 - 00015148 _____ () C:\Users\Alaistair\Desktop\MBAM scan 31-Jan-2015.txt
    2015-01-31 22:33 - 2015-02-01 10:41 - 00013088 _____ () C:\Windows\PFRO.log
    2015-01-31 22:21 - 2015-02-01 09:30 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-31 22:21 - 2015-02-01 09:29 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-31 22:21 - 2015-01-31 22:21 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-01-31 22:21 - 2015-01-31 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-31 22:21 - 2015-01-31 22:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-01-31 22:21 - 2015-01-31 22:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-01-31 22:21 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-01-31 22:21 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-01-31 12:03 - 2013-08-22 18:55 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150131-120333.backup
    2015-01-31 12:02 - 2013-08-22 18:55 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150131-120256.backup
    2015-01-31 11:10 - 2015-01-31 22:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-01-31 11:10 - 2015-01-31 22:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2015-01-31 11:10 - 2015-01-31 11:10 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
    2015-01-30 18:14 - 2015-01-30 18:15 - 00004784 _____ () C:\Windows\SysWOW64\OptimizerMonitor.ini
    2015-01-30 18:14 - 2015-01-30 18:15 - 00002568 _____ () C:\Windows\SysWOW64\OptimizerMonitorOff.ini
    2015-01-30 18:14 - 2015-01-30 18:15 - 00002568 _____ () C:\Windows\system32\OptimizerMonitorOff.ini
    2015-01-30 18:13 - 2015-01-30 18:13 - 00000000 ____D () C:\Program Files (x86)\IGS
    2015-01-30 18:13 - 2015-01-29 18:52 - 00301152 _____ (OptimizerMonitor Inc.) C:\Windows\SysWOW64\OptimizerMonitor.dll
    2015-01-30 18:11 - 2015-01-31 08:55 - 00000000 ____D () C:\Users\Alaistair\AppData\Local\igs
    2015-01-28 10:25 - 2015-01-28 10:25 - 00000000 ____D () C:\Program Files\Logitech
    2015-01-28 10:25 - 2015-01-28 10:25 - 00000000 ____D () C:\Program Files\Common Files\Logitech
    2015-01-27 13:57 - 2015-01-27 13:57 - 04533505 _____ () C:\Users\Alaistair\Desktop\BlackBerry_Blend_2015_01_27_13_57_55.zip
    2015-01-27 07:22 - 2015-01-27 07:22 - 00003158 _____ () C:\Windows\System32\Tasks\{9B52B64F-F911-45DF-85E4-30B2EA819EB5}
    2015-01-27 06:58 - 2015-01-31 22:32 - 00000000 ____D () C:\Program Files (x86)\24ca4bef-13f4-41f4-9407-1aa1d58eb814
    2015-01-27 06:57 - 2015-01-27 06:57 - 00000000 ____D () C:\Users\Alaistair\Documents\MGR
    2015-01-27 06:54 - 2015-01-27 06:54 - 00000643 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\METAL GEAR RISING REVENGEANCE.lnk
    2015-01-25 21:42 - 2015-01-25 21:42 - 00001248 _____ () C:\Users\Alaistair\AppData\Roaming\DWZFC
    2015-01-24 14:05 - 2015-01-24 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Walking Dead 2
    2015-01-24 13:57 - 2015-01-24 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Walking Dead 1
    2015-01-23 10:31 - 2015-01-23 10:31 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\Promotion Software GmbH
    2015-01-23 10:19 - 2015-01-23 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emergency 5
    2015-01-23 02:21 - 2015-01-24 20:29 - 00000000 ____D () C:\Users\Alaistair\Documents\Telltale Games
    2015-01-23 02:21 - 2015-01-23 02:21 - 00000000 ____D () C:\ProgramData\REVOLT
    2015-01-23 01:42 - 2015-01-23 01:42 - 00000000 ____D () C:\Users\Alaistair\Documents\NBGI
    2015-01-23 01:42 - 2015-01-23 01:42 - 00000000 ____D () C:\Users\Alaistair\AppData\Local\NBGI
    2015-01-23 01:41 - 2015-01-23 01:41 - 00001558 _____ () C:\Users\Public\Desktop\Dark Souls Prepare to Die Edition.lnk
    2015-01-23 01:40 - 2015-01-23 01:40 - 00000000 ____D () C:\Windows\SysWOW64\xlive
    2015-01-23 01:40 - 2015-01-23 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
    2015-01-23 01:40 - 2015-01-23 01:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2015-01-21 02:48 - 2015-01-21 02:50 - 00000000 ____D () C:\Users\Alaistair\Zomboid
    2015-01-21 02:47 - 2015-01-21 02:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Zomboid
    2015-01-20 00:28 - 2015-01-20 01:47 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\.minecraft
    2015-01-20 00:28 - 2015-01-20 00:28 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\java
    2015-01-20 00:21 - 2015-01-20 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
    2015-01-19 15:31 - 2015-01-20 15:21 - 00018254 _____ () C:\Users\Alaistair\Desktop\Interview Questions.odt
    2015-01-19 04:27 - 2015-01-19 04:27 - 00000000 ____D () C:\Users\Alaistair\AppData\Local\SCE
    2015-01-18 19:50 - 2015-01-18 19:50 - 00000000 ____D () C:\Program Files (x86)\USB Game Controller
    2015-01-17 12:54 - 2015-01-17 12:54 - 00000202 _____ () C:\Users\Alaistair\Desktop\DARK SOULS II.url
    2015-01-17 10:25 - 2015-01-17 10:26 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\DarkSoulsII
    2015-01-16 23:00 - 2015-01-16 23:00 - 00000802 _____ () C:\Users\Alaistair\Desktop\Cat-A-Cat GAMES.lnk
    2015-01-16 23:00 - 2015-01-16 23:00 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlagueInc 1.0
    2015-01-16 10:55 - 2015-01-17 11:05 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2015-01-15 18:09 - 2015-01-19 04:59 - 00000000 ____D () C:\Users\Alaistair\Documents\Euro Truck Simulator 2
    2015-01-15 18:09 - 2015-01-15 18:09 - 00000000 ___SH () C:\Users\Alaistair\AppData\Local\LumaEmu
    2015-01-15 18:09 - 2015-01-15 18:09 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 v1.14.0.4s (18 DLC)
    2015-01-15 18:09 - 2015-01-15 18:09 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
    2015-01-15 18:07 - 2015-01-15 18:07 - 00000000 ____D () C:\2-click run
    2015-01-15 13:39 - 2015-01-15 13:39 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\11bitstudios
    2015-01-15 13:17 - 2015-01-15 13:17 - 00000000 ____D () C:\Users\Alaistair\Documents\ALY
    2015-01-15 13:10 - 2015-01-15 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extreme Roads USA
    2015-01-14 15:04 - 2015-01-14 15:04 - 00000000 _____ () C:\Users\Alaistair\Desktop\New Text Document.txt
    2015-01-13 20:44 - 2015-01-13 20:44 - 00000808 _____ () C:\Users\Public\Desktop\Lifeless Planet.lnk
    2015-01-13 20:44 - 2015-01-13 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KISS ltd
    2015-01-13 10:49 - 2015-01-13 10:49 - 00000000 ____D () C:\Users\Alaistair\Documents\Larian Studios
    2015-01-13 03:06 - 2015-01-13 03:06 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\Divinity - Original Sin
    2015-01-13 03:06 - 2015-01-13 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
    2015-01-12 12:25 - 2015-01-12 12:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_blackberryncm6_AMD64_01007.Wdf
    2015-01-12 12:23 - 2015-01-27 13:57 - 00000000 ____D () C:\Users\Alaistair\AppData\Local\BlackBerry
    2015-01-12 12:21 - 2015-01-12 12:21 - 00001115 _____ () C:\Users\Public\Desktop\BlackBerry Link.lnk
    2015-01-12 12:21 - 2015-01-12 12:21 - 00001031 _____ () C:\Users\Public\Desktop\BlackBerry Blend.lnk
    2015-01-12 12:21 - 2015-01-12 12:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
    2015-01-12 12:21 - 2015-01-12 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry Link
    2015-01-12 12:21 - 2015-01-12 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry Blend
    2015-01-12 12:21 - 2015-01-12 12:21 - 00000000 ____D () C:\Program Files (x86)\BlackBerry
    2015-01-12 12:21 - 2012-12-10 15:48 - 00044544 _____ (Research in Motion Ltd) C:\Windows\system32\Drivers\RimSerial_AMD64.sys
    2015-01-12 12:07 - 2015-01-12 12:07 - 00000668 _____ () C:\Users\Public\Desktop\Free MP3 Ringtone Maker.lnk
    2015-01-12 12:07 - 2015-01-12 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseTips
    2015-01-12 01:35 - 2015-01-12 01:35 - 00000000 ____D () C:\Users\Alaistair\sachesi2
    2015-01-11 09:09 - 2015-01-11 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ryse Son of Rome
    2015-01-09 18:17 - 2015-01-09 18:17 - 00000061 _____ () C:\Users\Alaistair\Desktop\dads appointment.txt
    2015-01-05 15:33 - 2015-01-05 15:33 - 00000000 ____D () C:\Users\Alaistair\Documents\WB Games
    2015-01-05 15:19 - 2015-01-05 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
    2015-01-05 02:28 - 2015-01-05 02:28 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\Apple Computer
    2015-01-02 18:51 - 2015-01-02 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alien. Isolation
    2015-01-02 01:24 - 2015-01-02 01:24 - 00000000 ____D () C:\ProgramData\Google

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-01 10:43 - 2014-12-02 19:42 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log
    2015-02-01 10:41 - 2014-12-09 19:31 - 00003136 _____ () C:\Windows\System32\Tasks\FRAPS
    2015-02-01 10:41 - 2014-12-02 19:53 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-02-01 10:41 - 2014-12-02 17:44 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-01 10:41 - 2013-08-22 20:15 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-01 10:30 - 2013-08-22 21:06 - 00000000 ____D () C:\Windows\system32\sru
    2015-02-01 09:57 - 2014-12-02 17:13 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2463482003-2002589441-2981365847-1001
    2015-02-01 09:49 - 2014-12-02 17:44 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-01 09:08 - 2014-12-04 16:16 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\uTorrent
    2015-02-01 09:00 - 2014-12-02 19:39 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\DAEMON Tools Pro
    2015-02-01 02:16 - 2014-12-02 17:37 - 01500480 _____ () C:\Windows\WindowsUpdate.log
    2015-02-01 00:39 - 2014-12-02 17:12 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-31 22:33 - 2013-08-22 21:06 - 00000000 __RSD () C:\Windows\Media
    2015-01-31 22:32 - 2014-12-30 13:11 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2015-01-31 12:55 - 2014-12-24 16:32 - 00000000 ____D () C:\Users\Alaistair\Documents\Assassin's Creed Unity
    2015-01-31 11:03 - 2013-08-22 21:06 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-30 19:32 - 2014-12-04 07:16 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\vlc
    2015-01-28 10:28 - 2014-12-02 20:37 - 00000000 ____D () C:\Users\Alaistair\AppData\Local\Logitech
    2015-01-28 10:25 - 2014-12-02 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2015-01-27 09:29 - 2014-12-04 19:29 - 00000000 ____D () C:\Users\Alaistair\Desktop\Games
    2015-01-27 07:51 - 2014-12-02 17:49 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-01-27 07:23 - 2014-12-02 17:08 - 00001446 _____ () C:\Users\Alaistair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-01-27 07:19 - 2014-12-21 01:30 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\Free Download Manager
    2015-01-27 07:14 - 2014-12-14 18:13 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
    2015-01-27 07:14 - 2013-08-22 18:55 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2015-01-27 07:02 - 2014-12-04 07:16 - 00001086 _____ () C:\Users\Public\Desktop\VLC media player.lnk
    2015-01-24 14:03 - 2014-12-03 00:37 - 00000000 ____D () C:\ProgramData\Steam
    2015-01-21 02:48 - 2014-12-02 17:08 - 00000000 ____D () C:\Users\Alaistair
    2015-01-19 23:51 - 2014-12-04 02:44 - 00000000 ____D () C:\Users\Alaistair\Documents\Settlers7
    2015-01-18 19:50 - 2014-12-02 19:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-01-13 23:46 - 2014-12-30 13:12 - 00000000 ____D () C:\Users\Public\CyberLink
    2015-01-13 23:46 - 2014-12-30 13:12 - 00000000 ____D () C:\Users\Alaistair\Documents\CyberLink
    2015-01-13 20:45 - 2014-12-07 10:24 - 00000000 ____D () C:\Users\Alaistair\AppData\Local\SKIDROW
    2015-01-12 12:21 - 2014-12-02 18:42 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-01-06 22:28 - 2013-08-22 21:06 - 00000000 ____D () C:\Windows\AppReadiness
    2015-01-05 02:27 - 2013-08-22 20:14 - 00374608 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-01-02 18:51 - 2014-12-05 09:02 - 00000000 ____D () C:\Windows\SysWOW64\directx
    2015-01-02 09:25 - 2014-12-02 17:44 - 00000000 ____D () C:\Program Files (x86)\Google

    ==================== Files in the root of some directories =======

    2015-01-25 21:42 - 2015-01-25 21:42 - 0001248 _____ () C:\Users\Alaistair\AppData\Roaming\DWZFC
    2014-12-02 20:17 - 2014-12-02 20:17 - 0585728 _____ () C:\Users\Alaistair\AppData\Local\file__0.localstorage
    2015-01-15 18:09 - 2015-01-15 18:09 - 0000000 ___SH () C:\Users\Alaistair\AppData\Local\LumaEmu
    2014-12-25 10:54 - 2014-12-25 10:54 - 0306176 _____ (Valve Corporation) C:\Users\Alaistair\AppData\Local\steam_api64.dll

    Some content of TEMP:
    ====================
    C:\Users\Alaistair\AppData\Local\Temp\362270A4-3E15-7424-D959-B84C15887660.exe
    C:\Users\Alaistair\AppData\Local\Temp\4BCD0FE7-18E4-2031-5542-49664A1ECCCD.dll
    C:\Users\Alaistair\AppData\Local\Temp\4BCD0FE7-18E4-2031-5542-49664A1ECCCD.exe
    C:\Users\Alaistair\AppData\Local\Temp\avgnt.exe
    C:\Users\Alaistair\AppData\Local\Temp\bdacabfccced.exe
    C:\Users\Alaistair\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Alaistair\AppData\Local\Temp\Quarantine.exe
    C:\Users\Alaistair\AppData\Local\Temp\SpOrder.dll
    C:\Users\Alaistair\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-25 04:06

    ==================== End Of Log ============================
     
  6. aly

    aly TS Rookie Topic Starter

    FARBAR Recovery Tool logs for ADDITION.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
    Ran by Alaistair at 2015-02-01 10:46:40
    Running from C:\Users\Alaistair\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    «Middle-earth™ Shadow of Mordor™» 1.0.1636.21 (HKLM-x32\...\«Middle-earth™ Shadow of Mordor™»_is1) (Version: 1.0.1636.21 - WB Games)
    µTorrent (HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
    Akamai NetSession Interface (HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
    Alien. Isolation (HKLM-x32\...\Alien. Isolation_is1) (Version: 1.0 - )
    Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Assassins Creed Unity (HKLM-x32\...\ACU_is1) (Version: - VEBMAX)
    ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
    Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
    Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
    Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
    BlackBerry 10 Desktop Software (HKLM-x32\...\{ddaa6aab-c1ec-45ea-a8f2-a95d10f57295}) (Version: 1.1.0.21 - BlackBerry)
    BlackBerry Blend (x32 Version: 1.1.0.17 - BlackBerry Ltd.) Hidden
    BlackBerry Communication Drivers (x32 Version: 8.0.0.118 - BlackBerry Ltd.) Hidden
    BlackBerry Device Drivers (x32 Version: 8.0.0.118 - BlackBerry Ltd.) Hidden
    BlackBerry Link (x32 Version: 1.2.4.27 - BlackBerry) Hidden
    BlackBerry Link Remover (x32 Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
    Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
    Chrome Remote Desktop Host (HKLM-x32\...\{6FC79C95-F54F-4515-8012-01F33D894492}) (Version: 40.0.2214.44 - Google Inc.)
    CPUID ROG CPU-Z 1.69 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.69 - CPUID, Inc.)
    Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.1.0.0 - Electronic Arts)
    CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2104.0 - CyberLink Corp.)
    DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0387 - Disc Soft Ltd)
    Dark Souls Prepare to Die Edition (HKLM-x32\...\GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}) (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.)
    Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
    DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version: - FromSoftware, Inc)
    Darkcoin (HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\Darkcoin) (Version: 0.10.16.16 - Darkcoin Project)
    Divinity - Original Sin (HKLM-x32\...\Divinity - Original Sin_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm)
    Emergency 5 (HKLM-x32\...\Emergency 5_is1) (Version: - )
    Escape Dead Island ver. 1.0.0.0 (HKLM-x32\...\{50041179-92AZ-28DE-83U8-36FK6M446AC}_is1) (Version: 1.0.0.0 - Deep Silver)
    Euro Truck Simulator 2 v1.14.0.4s (18 DLC) (HKLM-x32\...\Euro Truck Simulator 2 v1.14.0.4s (18 DLC)1.14.0.4s) (Version: 1.14.0.4s - Friends in War)
    Extreme Roads USA (HKLM-x32\...\Extreme Roads USA_is1) (Version: - )
    Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)
    FireStorm version V1.0.44.000 (HKLM-x32\...\FireStorm_is1) (Version: V1.0.44.000 - )
    Fraps (HKLM-x32\...\Fraps) (Version: - )
    Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
    Free MP3 Ringtone Maker 2.3 (HKLM-x32\...\Free MP3 Ringtone Maker_is1) (Version: - musetips.com)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Heaven DX11 Benchmark version 3.0 (HKLM\...\Unigine Heaven DX11 Benchmark (Basic Edition)_is1) (Version: 3.0 - Unigine Corp.)
    IGS (HKLM-x32\...\IGS) (Version: - )
    igsc (HKLM-x32\...\igsc) (Version: 1.0.0.0 - igs)
    Intel(R) Chipset Device Software (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
    Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
    KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
    LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.11.3.0 - LG Electronics)
    Lifeless Planet (HKLM-x32\...\Lifeless Planet_is1) (Version: - )
    Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
    Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\TUVUQUxHRUFSUklTSU5HUkVWRU5HRUFOQ0U=_is1) (Version: 1 - )
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{0BFFC345-DBD4-411C-97E4-86EC7C0F4B72}) (Version: 1.0.2.0 - Mojang)
    My Game Long Name (HKLM\...\UDK-95867b76-8fea-48e3-917c-bb076e227dae) (Version: - Epic Games, Inc.)
    NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
    NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
    NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
    NVIDIA Miracast Virtual Audio 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.09 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    PlagueInc 1.0 (HKLM-x32\...\PlagueInc 1.0) (Version: 1.0 - Cat-A-Cat)
    PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
    PlanetSide 2 (HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\SOE-PlanetSide 2) (Version: - Sony Online Entertainment)
    Project Zomboid (HKLM-x32\...\Project Zomboid_is1) (Version: - )
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
    QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
    Risen 3 - Titan Lords (HKLM-x32\...\Risen 3 - Titan Lords_is1) (Version: - Deep Silver)
    Ryse Son of Rome (HKLM-x32\...\Ryse Son of Rome_is1) (Version: - )
    Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
    SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
    Sid Meier`s Civilization® Beyond Earth™ / RePack by Baracuda (HKLM-x32\...\Sid Meier`s Civilization® Beyond Earth™_is1) (Version: 1.0.0.574 - )
    Simple GPU Miner (HKLM-x32\...\{7CDFCC48-3AA5-4D86-88F7-3799B4158A9B}) (Version: 1.6 - Miner)
    Sonic Radar II (HKLM\...\{203BCA8D-BC00-4DD5-85DF-2F84DB803B57}) (Version: 2.1.001 - ASUSTeKcomputer.Inc)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    System Requirements Lab Detection (HKLM-x32\...\{F109C8D7-7417-460B-836F-717AE17619C4}) (Version: 2.2.3.0 - Husdawg, LLC)
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
    The Bureau: XCOM Declassified (HKLM-x32\...\VGhlQnVyZWF1WENPTURlY2xhc3NpZmllZA==_is1) (Version: 1 - )
    The Old City Leviathan v1.0 / RePack by Azaq (HKLM-x32\...\The Old City Leviathan_is1) (Version: - )
    The Settlers 7 - Paths to a Kingdom (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.02.1221 - Ubisoft)
    This War of Mine (HKLM-x32\...\This War of Mine_is1) (Version: - )
    Tom Clancy's Ghost Recon Future Soldier (HKLM-x32\...\{6D87CAD9-9B94-4421-A439-B25F8DE14575}) (Version: 1.00 - Ubisoft)
    Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
    Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
    Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
    USB Game Controller (HKLM-x32\...\{95CC887F-91B2-45E9-AE29-0D51995192CB}) (Version: 2005.05.26 - )
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    Walking Dead (HKLM-x32\...\Walking Dead_is1) (Version: - Audioslave)
    Walking Dead 2 (HKLM-x32\...\Walking Dead 2_is1) (Version: - Audioslave)
    Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
    WinRAR 4.00 beta 6 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.6 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    01-02-2015 05:12:31 Scheduled Checkpoint
    01-02-2015 09:28:00 MBAR scan

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 18:55 - 2015-01-31 12:03 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0391EE69-CC47-4DA7-8A20-F30FD4426A7B} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
    Task: {2EEE8F6A-D891-4155-9DE2-1A0A38EB1961} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-02] (Google Inc.)
    Task: {42490B46-19D7-4205-BF94-B698ABC51EC8} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
    Task: {603268C8-F4BF-4D13-981A-0B6C21831744} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-22] (Piriform Ltd)
    Task: {67701E52-8579-4752-A6B0-7062C1187B97} - System32\Tasks\FRAPS => E:\fraps\fraps.exe [2013-02-26] (Beepa P/L)
    Task: {A9479303-48E3-4D5F-ADEC-0E96FE7A9859} - System32\Tasks\{9B52B64F-F911-45DF-85E4-30B2EA819EB5} => pcalua.exe -a C:\Users\Alaistair\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
    Task: {CF9C9422-1BED-4B2D-B30A-DCCD5E9372D0} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
    Task: {F7C1EEB6-9DC0-43FC-8F07-A2711657CBA4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-02] (Google Inc.)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-12-02 19:53 - 2014-12-13 13:33 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-12-02 19:33 - 2014-01-28 08:46 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
    2014-12-02 19:33 - 2014-04-24 11:59 - 01360016 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
    2014-12-02 22:26 - 2014-12-12 14:27 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2014-12-02 19:34 - 2014-05-22 13:54 - 00096568 _____ () C:\Windows\SYSTEM32\audioLibVc.dll
    2014-09-18 12:53 - 2014-09-18 12:53 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
    2014-10-15 00:21 - 2014-10-15 00:21 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
    2014-09-18 12:53 - 2014-09-18 12:53 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
    2014-10-15 00:21 - 2014-10-15 00:21 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
    2014-12-02 19:53 - 2014-12-13 05:43 - 00708240 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
    2014-12-02 19:53 - 2014-12-13 05:43 - 00854160 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
    2014-11-28 11:48 - 2014-11-28 11:48 - 00688888 _____ () C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
    2014-12-02 19:33 - 2015-02-01 10:41 - 00036864 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
    2014-12-02 19:33 - 2014-01-28 08:46 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
    2014-11-28 11:18 - 2014-11-28 11:18 - 00094208 _____ () C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll
    2014-12-02 20:05 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
    2014-03-20 11:43 - 2014-03-20 11:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-01-27 07:50 - 2015-01-25 11:38 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
    2015-01-27 07:50 - 2015-01-25 11:38 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
    2015-01-27 07:50 - 2015-01-25 11:38 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
    2015-01-27 07:50 - 2015-01-25 11:38 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\OptimizerMonitor => ""="service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2463482003-2002589441-2981365847-500 - Administrator - Disabled)
    Alaistair (S-1-5-21-2463482003-2002589441-2981365847-1001 - Administrator - Enabled) => C:\Users\Alaistair
    Guest (S-1-5-21-2463482003-2002589441-2981365847-501 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (02/01/2015 10:46:24 AM) (Source: DCOM) (EventID: 10010) (User: Aly)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz
    Percentage of memory in use: 25%
    Total physical RAM: 8135.08 MB
    Available physical RAM: 6042.24 MB
    Total Pagefile: 9415.08 MB
    Available Pagefile: 6933.59 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.78 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:111.45 GB) (Free:84.32 GB) NTFS
    Drive d: (Games) (Fixed) (Total:976.56 GB) (Free:533.57 GB) NTFS
    Drive e: (Stuff) (Fixed) (Total:488.28 GB) (Free:199.6 GB) NTFS
    Drive f: (Win8-Ext) (Fixed) (Total:398.17 GB) (Free:393.64 GB) NTFS
    Drive h: (Risen 3 - Titan Lords) (CDROM) (Total:6.75 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: DBFB7076)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 58DC14DA)
    Partition 1: (Not Active) - (Size=976.6 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=398.2 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  8. aly

    aly TS Rookie Topic Starter

    Fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
    Ran by Alaistair at 2015-02-02 06:27:04 Run:1
    Running from C:\Users\Alaistair\Desktop
    Loaded Profiles: Alaistair (Available profiles: Alaistair)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\MountPoints2: {7da04aef-8aa2-11e4-827d-382c4abc47ac} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL G:\start.exe
    HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\MountPoints2: {da8e3c5c-822a-11e4-8274-382c4abc47ac} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL G:\start.exe
    HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\MountPoints2: {e6db5554-884d-11e4-827b-382c4abc47ac} - "G:\LG_PC_Programs.exe"
    HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\MountPoints2: {f45e9d33-7a2c-11e4-8251-806e6f6e6963} - "H:\setup.exe"
    ShortcutTarget: Startup GPU Miner.lnk -> F:\simple gpu miner\ProcessG.exe (No File)
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
    S0 WinDivert1.1; No ImagePath
    2015-01-25 21:42 - 2015-01-25 21:42 - 0001248 _____ () C:\Users\Alaistair\AppData\Roaming\DWZFC
    2014-12-02 20:17 - 2014-12-02 20:17 - 0585728 _____ () C:\Users\Alaistair\AppData\Local\file__0.localstorage
    2015-01-15 18:09 - 2015-01-15 18:09 - 0000000 ___SH () C:\Users\Alaistair\AppData\Local\LumaEmu
    2014-12-25 10:54 - 2014-12-25 10:54 - 0306176 _____ (Valve Corporation) C:\Users\Alaistair\AppData\Local\steam_api64.dll
    C:\Users\Alaistair\AppData\Local\Temp\362270A4-3E15-7424-D959-B84C15887660.exe
    C:\Users\Alaistair\AppData\Local\Temp\4BCD0FE7-18E4-2031-5542-49664A1ECCCD.dll
    C:\Users\Alaistair\AppData\Local\Temp\4BCD0FE7-18E4-2031-5542-49664A1ECCCD.exe
    C:\Users\Alaistair\AppData\Local\Temp\avgnt.exe
    C:\Users\Alaistair\AppData\Local\Temp\bdacabfccced.exe
    C:\Users\Alaistair\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Alaistair\AppData\Local\Temp\Quarantine.exe
    C:\Users\Alaistair\AppData\Local\Temp\SpOrder.dll
    C:\Users\Alaistair\AppData\Local\Temp\sqlite3.dll

    *****************

    "HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7da04aef-8aa2-11e4-827d-382c4abc47ac}" => Key deleted successfully.
    HKCR\CLSID\{7da04aef-8aa2-11e4-827d-382c4abc47ac} => Key not found.
    "HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da8e3c5c-822a-11e4-8274-382c4abc47ac}" => Key deleted successfully.
    HKCR\CLSID\{da8e3c5c-822a-11e4-8274-382c4abc47ac} => Key not found.
    "HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6db5554-884d-11e4-827b-382c4abc47ac}" => Key deleted successfully.
    HKCR\CLSID\{e6db5554-884d-11e4-827b-382c4abc47ac} => Key not found.
    "HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f45e9d33-7a2c-11e4-8251-806e6f6e6963}" => Key deleted successfully.
    HKCR\CLSID\{f45e9d33-7a2c-11e4-8251-806e6f6e6963} => Key not found.
    F:\simple gpu miner\ProcessG.exe not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
    WinDivert1.1 => Error deleting Service
    C:\Users\Alaistair\AppData\Roaming\DWZFC => Moved successfully.
    C:\Users\Alaistair\AppData\Local\file__0.localstorage => Moved successfully.
    C:\Users\Alaistair\AppData\Local\LumaEmu => Moved successfully.
    C:\Users\Alaistair\AppData\Local\steam_api64.dll => Moved successfully.
    C:\Users\Alaistair\AppData\Local\Temp\362270A4-3E15-7424-D959-B84C15887660.exe => Moved successfully.
    C:\Users\Alaistair\AppData\Local\Temp\4BCD0FE7-18E4-2031-5542-49664A1ECCCD.dll => Moved successfully.
    C:\Users\Alaistair\AppData\Local\Temp\4BCD0FE7-18E4-2031-5542-49664A1ECCCD.exe => Moved successfully.
    C:\Users\Alaistair\AppData\Local\Temp\avgnt.exe => Moved successfully.
    C:\Users\Alaistair\AppData\Local\Temp\bdacabfccced.exe => Moved successfully.
    C:\Users\Alaistair\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
    C:\Users\Alaistair\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Alaistair\AppData\Local\Temp\SpOrder.dll => Moved successfully.
    C:\Users\Alaistair\AppData\Local\Temp\sqlite3.dll => Moved successfully.

    ==== End of Fixlog 06:27:05 ====
     
  9. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    I missed one entry so we have to run one more fix...


    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  10. aly

    aly TS Rookie Topic Starter

    Fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
    Ran by Alaistair at 2015-02-02 16:22:25 Run:2
    Running from C:\Users\Alaistair\Desktop
    Loaded Profiles: Alaistair (Available profiles: Alaistair)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Task: {A9479303-48E3-4D5F-ADEC-0E96FE7A9859} - System32\Tasks\{9B52B64F-F911-45DF-85E4-30B2EA819EB5} => pcalua.exe -a C:\Users\Alaistair\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
    C:\Users\Alaistair\AppData\Roaming\mystartsearch
    *****************

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9479303-48E3-4D5F-ADEC-0E96FE7A9859}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9479303-48E3-4D5F-ADEC-0E96FE7A9859}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{9B52B64F-F911-45DF-85E4-30B2EA819EB5} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9B52B64F-F911-45DF-85E4-30B2EA819EB5}" => Key deleted successfully.
    "C:\Users\Alaistair\AppData\Roaming\mystartsearch" => File/Directory not found.

    ==== End of Fixlog 16:22:25 ====
     
  11. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Good :)

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  12. aly

    aly TS Rookie Topic Starter

    Checkup.txt

    Results of screen317's Security Check version 0.99.96
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Avira Desktop
    Windows Defender
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Java 64-bit 8 Update 31
    Google Chrome (40.0.2214.91)
    Google Chrome (40.0.2214.93)
    ````````Process Check: objlist.exe by Laurent````````
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    FSS.txt

    Farbar Service Scanner Version: 17-01-2015
    Ran by Alaistair (administrator) on 03-02-2015 at 04:05:48
    Running from "F:\Chrome Downloads"
    Microsoft Windows 8.1 Pro (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****

    Sophos found 4 threats :

    2015-02-02 22:40:58.269 Sophos Virus Removal Tool version 2.5.4
    2015-02-02 22:40:58.269 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-02-02 22:40:58.269 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-02-02 22:40:58.269 Windows version 6.2 SP 0.0 build 9200 SM=0x100 PT=0x1 WOW64
    2015-02-02 22:40:58.269 Checking for updates...
    2015-02-02 22:40:58.273 Update progress: proxy server not available
    2015-02-02 22:41:02.941 Option all = no
    2015-02-02 22:41:02.942 Option recurse = yes
    2015-02-02 22:41:02.942 Option archive = no
    2015-02-02 22:41:02.942 Option service = yes
    2015-02-02 22:41:02.942 Option confirm = yes
    2015-02-02 22:41:02.942 Option sxl = yes
    2015-02-02 22:41:02.942 Option max-data-age = 35
    2015-02-02 22:41:02.942 Option EnableSafeClean = yes
    2015-02-02 22:41:04.233 Option vdl-logging = yes
    2015-02-02 22:41:04.234 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-02-02 22:41:04.234 Machine ID: 1c8fd706d74a405c830a514a5aae6b4b
    2015-02-02 22:41:04.234 Component SVRTcli.exe version 2.5.4
    2015-02-02 22:41:04.235 Component control.dll version 2.5.4
    2015-02-02 22:41:04.235 Component SVRTservice.exe version 2.5.4
    2015-02-02 22:41:04.235 Component engine\osdp.dll version 1.44.1.2183
    2015-02-02 22:41:04.235 Component engine\veex.dll version 3.58.3.2183
    2015-02-02 22:41:04.235 Component engine\savi.dll version 8.1.5.2183
    2015-02-02 22:41:04.235 Component rkdisk.dll version 1.5.30.0
    2015-02-02 22:41:04.235 Version info: Product version 2.5.4
    2015-02-02 22:41:04.235 Version info: Detection engine 3.58.3
    2015-02-02 22:41:04.235 Version info: Detection data 5.10
    2015-02-02 22:41:04.235 Version info: Build date 06-01-2015
    2015-02-02 22:41:04.235 Version info: Data files added 330
    2015-02-02 22:41:04.235 Version info: Last successful update (not yet updated)
    2015-02-02 22:41:55.084 Downloading updates...
    2015-02-02 22:41:55.084 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-02-02 22:41:55.084 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-02-02 22:41:55.084 Update progress: [I49502] Found supplement IDE509 LATEST
    2015-02-02 22:41:55.084 Update progress: [I49502] Found supplement IDE510 LATEST
    2015-02-02 22:41:55.084 Update progress: [I49502] Found supplement IDE511 LATEST
    2015-02-02 22:41:55.084 Update progress: [I49502] Found supplement IDE512 LATEST
    2015-02-02 22:41:55.084 Update progress: [I49502] Found supplement IDE513 LATEST
    2015-02-02 22:41:55.084 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-02-02 22:41:55.084 Update progress: [I19463] Syncing product SAVIW32 48
    2015-02-02 22:42:15.229 Update progress: [I19463] Syncing product IDE509 177
    2015-02-02 22:43:54.374 Update progress: [I19463] Syncing product IDE510 179
    2015-02-02 22:45:23.183 Installing updates...
    2015-02-02 22:45:23.785 Error level 1
    2015-02-02 22:45:23.794 Update progress: [I19463] Syncing product IDE511 170
    2015-02-02 22:45:23.794 Update progress: [I19463] Syncing product IDE512 162
    2015-02-02 22:45:23.794 Update progress: [I19463] Syncing product IDE513 1
    2015-02-02 22:45:26.070 Update successful
    2015-02-02 22:45:31.237 Option all = no
    2015-02-02 22:45:31.237 Option recurse = yes
    2015-02-02 22:45:31.237 Option archive = no
    2015-02-02 22:45:31.237 Option service = yes
    2015-02-02 22:45:31.237 Option confirm = yes
    2015-02-02 22:45:31.237 Option sxl = yes
    2015-02-02 22:45:31.238 Option max-data-age = 35
    2015-02-02 22:45:31.238 Option EnableSafeClean = yes
    2015-02-02 22:45:31.333 Option vdl-logging = yes
    2015-02-02 22:45:31.335 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-02-02 22:45:31.335 Machine ID: 1c8fd706d74a405c830a514a5aae6b4b
    2015-02-02 22:45:31.335 Component SVRTcli.exe version 2.5.4
    2015-02-02 22:45:31.335 Component control.dll version 2.5.4
    2015-02-02 22:45:31.335 Component SVRTservice.exe version 2.5.4
    2015-02-02 22:45:31.335 Component engine\osdp.dll version 1.44.1.2183
    2015-02-02 22:45:31.335 Component engine\veex.dll version 3.58.3.2183
    2015-02-02 22:45:31.335 Component engine\savi.dll version 8.1.5.2183
    2015-02-02 22:45:31.335 Component rkdisk.dll version 1.5.30.0
    2015-02-02 22:45:31.335 Version info: Product version 2.5.4
    2015-02-02 22:45:31.336 Version info: Detection engine 3.58.3
    2015-02-02 22:45:31.336 Version info: Detection data 5.08G
    2015-02-02 22:45:31.336 Version info: Build date 11-11-2014
    2015-02-02 22:45:31.336 Version info: Data files added 683
    2015-02-02 22:45:31.336 Version info: Last successful update 03-02-2015 04:15:26

    2015-02-02 22:52:34.918 Could not open C:\hiberfil.sys
    2015-02-02 22:53:23.579 Could not open C:\Program Files (x86)\24ca4bef-13f4-41f4-9407-1aa1d58eb814\a48e2c26-4fd3-4ee0-aec9-95962273e3e5.dll
    2015-02-02 22:53:23.588 Could not open C:\Program Files (x86)\Apple Software Update\24ca4bef-13f4-41f4-9407-1aa1d58eb814.dll
    2015-02-02 22:55:02.572 Could not open C:\swapfile.sys
    2015-02-02 22:55:02.586 Could not open C:\System Volume Information\{157b3f0c-a96b-11e4-8294-382c4abc47ac}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-02 22:55:02.586 Could not open C:\System Volume Information\{157b417a-a96b-11e4-8294-382c4abc47ac}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-02 22:55:02.586 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-02 22:55:02.587 Could not open C:\System Volume Information\{4af367d8-aadc-11e4-829a-382c4abc47ac}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-02 22:55:05.394 Could not open C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Current Session
    2015-02-02 22:55:05.398 Could not check C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
    2015-02-02 22:55:05.401 Could not check C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
    2015-02-02 22:55:06.443 Could not check C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK (virus scan failed)
    2015-02-02 22:55:06.461 Could not check C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\LOCK (virus scan failed)
    2015-02-02 22:55:06.527 Could not check C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kcahibnffhnnjcedflmchmokndkjnhpg\LOCK (virus scan failed)
    2015-02-02 22:55:06.530 Could not check C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
    2015-02-02 22:55:06.590 Could not check C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
    2015-02-02 22:56:47.045 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-02-02 22:56:47.045 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-02-02 22:56:48.084 Could not open C:\Windows\System32\config\BBI
    2015-02-02 22:56:48.100 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-02-02 22:56:48.101 Could not open C:\Windows\System32\config\RegBack\SAM
    2015-02-02 22:56:48.101 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-02-02 22:56:48.101 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-02-02 22:56:48.102 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-02-02 23:03:19.502 >>> Virus 'Mal/VMProtBad-A' found in file D:\Games\Alien. Isolation\STEAM_API.dll
    2015-02-02 23:03:27.833 >>> Virus 'Mal/Generic-S' found in file D:\Games\Crysis 3\Bin32\crys3.dll
    2015-02-02 23:03:27.834 >>> Virus 'Mal/Generic-S' found in file D:\Games\Crysis 3\Bin32\crys3.dll
    2015-02-02 23:03:27.834 >>> Virus 'Mal/Generic-S' found in file D:\Games\Crysis 3\Bin32\crys3.dll
    2015-02-02 23:03:32.858 >>> Virus 'Mal/Generic-S' found in file D:\Games\Crysis 3\Bin32\rldea.dll
    2015-02-02 23:03:32.858 >>> Virus 'Mal/Generic-S' found in file D:\Games\Crysis 3\Bin32\rldea.dll
    2015-02-02 23:03:32.858 >>> Virus 'Mal/Generic-S' found in file D:\Games\Crysis 3\Bin32\rldea.dll
    2015-02-02 23:03:40.824 >>> Virus 'Mal/VMProtBad-A' found in file D:\Games\Dead State\steam_api.dll
    2015-02-02 23:03:45.854 >>> Virus 'Mal/VMProtBad-A' found in file D:\Games\Divinity - Original Sin\Shipping\steam_api.dll
    2015-02-02 23:03:54.005 >>> Virus 'Mal/Generic-S' found in file D:\Games\Dragon Age Inquisition\Dragon Age Inquisition\3dmgame.dll
    2015-02-02 23:03:54.005 >>> Virus 'Mal/Generic-S' found in file D:\Games\Dragon Age Inquisition\Dragon Age Inquisition\3dmgame.dll
    2015-02-02 23:04:38.338 >>> Virus 'Mal/VMProtBad-A' found in file D:\Games\plague\PlagueInc\steam_api.dll
    2015-02-02 23:05:14.868 >>> Virus 'Troj/Agent-ABWY' found in file D:\Games\The Walking Dead\steam_api.dll
    2015-02-02 23:05:25.155 >>> Virus 'Mal/VMProtBad-A' found in file D:\setllers7\Data\Base\_Dbg\Bin\Release\1911.dll
    2015-02-02 23:05:28.547 >>> Virus 'Mal/VMProtBad-A' found in file D:\setllers7\Razor1911\Crack\Data\Base\_Dbg\Bin\Release\1911.dll
    2015-02-02 23:08:27.643 >>> Virus 'Mal/Generic-E' found in file E:\torrent downloads\Metal Gear Solid 5 - GroundZeros Portable Multi-8\GroundZeroes.exe
    2015-02-02 23:10:14.263 Could not open F:\darkCoin-cpuminer-1.3-avx-aes-windows-binaries\minerd-aes-sse2-sss3.exe
    2015-02-02 23:10:14.306 Could not open F:\darkCoin-cpuminer-1.3-avx-aes-windows-binaries\minerd-avx-aes-sse2-sss3.exe
    2015-02-02 23:10:14.336 Could not open F:\darkCoin-cpuminer-1.3-avx-aes-windows-binaries\minerd-bdver1.exe
    2015-02-02 23:10:14.366 Could not open F:\darkCoin-cpuminer-1.3-avx-aes-windows-binaries\minerd-core-avx-I.exe
    2015-02-02 23:10:14.401 Could not open F:\darkCoin-cpuminer-1.3-avx-aes-windows-binaries\minerd-corei7-avx.exe
    2015-02-02 23:10:22.166 The following items will be cleaned up:
    2015-02-02 23:10:22.166 Mal/VMProtBad-A
    2015-02-02 23:10:22.166 Mal/Generic-S
    2015-02-02 23:10:22.166 Troj/Agent-ABWY
    2015-02-02 23:10:22.166 Mal/Generic-E
     
  13. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
    aly likes this.
  14. aly

    aly TS Rookie Topic Starter

    Your patience and help in this matter is very much appreciated, Thank You!
     
  15. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...