Solved BlocknSurf/mystartsearch

A

aly

Posts: 9   +0
It all started with mystartsearch which installed a browser plugin and redirecting my home page to its website. I uninstalled it via the control panel and removed the browser plugin, after a couple days I found blocknsurf 'ads' and coupon popups and generally a new window would open every once in a while when I'm browsing.

Currently I'm running Avira Free and CCleaner

I've followed the 4-step process:
I'm facing a issue with DDS with the following message "DDS is not meant to run in 'Compatibility Mode'. The program shall now exit."

here is the log from MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 31-01-2015
Scan Time: 10:24:48 PM
Logfile: MBAM scan 31-Jan-2015.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.31.04
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Alaistair

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335804
Time Elapsed: 6 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 26
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [b838f4098efb82b445e8d42a3fc38c74],
PUP.Optional.SoftwareUpdater.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SoftwareUpdater, Quarantined, [3ab659a47118ee48b756d8a955aef907],
PUP.Optional.Webinstr.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\webinstrNHKT, Quarantined, [856b5da0addccd69f33a90f1e122f40c],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [ec049667f49547ef238c7645e81b1ee2],
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinPlus-2.7cV26.01, Quarantined, [0be509f43356ba7c97463652a65d0bf5],
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinPlus-2.7cV26.01-nv, Quarantined, [0ae67588cebbee489845c6c240c3fb05],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Quarantined, [31bfe4195534023451911a68996ab64a],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, Quarantined, [6d837786fa8fca6c7a4b7e0ce41f58a8],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [7c74817cec9d47efb23fa8f8af544bb5],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [0ae659a4bacf60d60aa52497f80b7888],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [db15d22b48411d199c221fe10cf909f7],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [866a5ba25d2ce155bf00ab550203fe02],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [5a96e51813767bbb38b4800dd62da060],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-2463482003-2002589441-2981365847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinPlus-2.7cV26.01-nv, Delete-on-Reboot, [c52b926ba7e2a88ea13d04848f7407f9],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-2463482003-2002589441-2981365847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Delete-on-Reboot, [26cae31af89148ee25bc019c5ca7bf41],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-2463482003-2002589441-2981365847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CinPlus-2.7cV26.01, Delete-on-Reboot, [e40c22dbe5a4c4728758e5a34cb7b44c],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2463482003-2002589441-2981365847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Delete-on-Reboot, [ad436895395096a06476494bf310bc44],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2463482003-2002589441-2981365847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Cinema Plus2.7hV26.01, Delete-on-Reboot, [07e9728bf99056e0ef6f7712ef142ed2],
PUP.Optional.BlockAndSurf.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C330D4EC-AFE2-9A69-CAAD-C5E77FABCBCB}, Quarantined, [a54b36c7f990c4724141e7ccb154b749],
PUP.Optional.BlockAndSurf.A, HKLM\SOFTWARE\CLASSES\CLSID\{C330D4EC-AFE2-9A69-CAAD-C5E77FABCBCB}, Quarantined, [a54b36c7f990c4724141e7ccb154b749],
PUP.Optional.BlockAndSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{D5A07853-7ABD-108A-8F7C-09E0CCB418A5}, Quarantined, [a54b36c7f990c4724141e7ccb154b749],
PUP.Optional.BlockAndSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3C14C09A-E6AA-569A-779D-6E3215903171}, Quarantined, [a54b36c7f990c4724141e7ccb154b749],
PUP.Optional.BlockAndSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3C14C09A-E6AA-569A-779D-6E3215903171}, Quarantined, [a54b36c7f990c4724141e7ccb154b749],
PUP.Optional.BlockAndSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D5A07853-7ABD-108A-8F7C-09E0CCB418A5}, Quarantined, [a54b36c7f990c4724141e7ccb154b749],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-2463482003-2002589441-2981365847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C330D4EC-AFE2-9A69-CAAD-C5E77FABCBCB}, Delete-on-Reboot, [a54b36c7f990c4724141e7ccb154b749],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-2463482003-2002589441-2981365847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C330D4EC-AFE2-9A69-CAAD-C5E77FABCBCB}, Delete-on-Reboot, [a54b36c7f990c4724141e7ccb154b749],

Registry Values: 2
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [7c74817cec9d47efb23fa8f8af544bb5]
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SOFTWAREUPDATER|UninstallString, C:\Users\Alaistair\AppData\Roaming\SoftwareUpdater\Uninstall.exe, Quarantined, [f5fb7885f2972b0b54faff00bb49659b]

Registry Data: 13
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF599506N, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...),Replaced,[7f711be2aadf90a6e26459480ef73bc5]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?t...840XEVOX120GB_S1D5NSAF599506N&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[9858bd405732db5b147ce9b830d5b44c]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=...uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF599506N, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...),Replaced,[1fd1ae4ff198ca6cace3e2bf2bdaab55]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystartsearch.com/?type=...uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF599506N, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...),Replaced,[bd33f00d5a2fb77f47d1258a5fa6da26]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?t...840XEVOX120GB_S1D5NSAF599506N&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[d9170eefc6c31b1b6928990829dce31d]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[60901de06f1aa29460ff7b323bcade22]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF599506N, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...),Replaced,[9d5369946722290df155950cda2baf51]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?t...840XEVOX120GB_S1D5NSAF599506N&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[cc2453aad0b9cd69068a8b16679ec040]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=...uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF599506N, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...),Replaced,[e60a96675e2b142298f7138e0ff6a55b]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystartsearch.com/?type=...uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF599506N, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...),Replaced,[846c8875cfba4beb37e1f9b656af728e]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?t...840XEVOX120GB_S1D5NSAF599506N&q={searchTerms}, Good: (www.google.com), Bad: (http://www.mystartsearch.com/web/?t...),Replaced,[3fb112eb8cfd81b5236e911011f45fa1]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[80709865bbce8caa4817cfde0df83fc1]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2463482003-2002589441-2981365847-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=...uid=SamsungXSSDX840XEVOX120GB_S1D5NSAF599506N, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=...-on-Reboot,[bf31b5486c1dcc6a72209e03eb1a5ea2]

Folders: 2
PUP.Optional.SoftwareUpdater.A, C:\Users\Alaistair\AppData\Roaming\SoftwareUpdater, Quarantined, [3ab659a47118ee48b756d8a955aef907],
PUP.Optional.TheAnswerFinder.A, C:\Users\Alaistair\AppData\Roaming\TheAnswerFinder, Quarantined, [48a8ec1129606bcbb731107717ec7e82],

Files: 26
PUP.Optional.Nova.A, C:\Program Files (x86)\24ca4bef-13f4-41f4-9407-1aa1d58eb814\d8d03eda-719d-4cf3-9080-2a2abcf39db2.dll, Quarantined, [519fb647038656e063169570aa58926e],
PUP.Optional.Nova.A, C:\Program Files (x86)\Apple Software Update\437322b1-3a5f-49b0-b8ea-abbf70e56304.dll, Quarantined, [db15c736d6b32c0a98e18f76c43e1ae6],
PUP.Optional.Cgminer, C:\Windows\Installer\233679.msi, Quarantined, [955b6499d1b865d1223f1850fc057c84],
PUP.Optional.Patsearch.A, C:\Windows\patsearch.bin, Quarantined, [be3264994b3e40f653b30a7752b10000],
PUP.Optional.SoftwareUpdater.A, C:\Users\Alaistair\AppData\Roaming\SoftwareUpdater\Uninstall.exe, Quarantined, [3ab659a47118ee48b756d8a955aef907],
PUP.Optional.SoftwareUpdater.A, C:\Users\Alaistair\AppData\Roaming\SoftwareUpdater\SoftwareUpdater.exe, Quarantined, [3ab659a47118ee48b756d8a955aef907],
PUP.Optional.SoftwareUpdater.A, C:\Users\Alaistair\AppData\Roaming\SoftwareUpdater\surunasu.exe, Quarantined, [3ab659a47118ee48b756d8a955aef907],
PUP.Optional.SoftwareUpdater.A, C:\Users\Alaistair\AppData\Roaming\SoftwareUpdater\SUSetup.exe, Quarantined, [3ab659a47118ee48b756d8a955aef907],
PUP.Optional.SoftwareUpdater.A, C:\Users\Alaistair\AppData\Roaming\SoftwareUpdater\UpdateNotifier.exe, Quarantined, [3ab659a47118ee48b756d8a955aef907],
PUP.Optional.Webinstr.A, C:\Windows\System32\drivers\webinstrNHKT.sys, Quarantined, [856b5da0addccd69f33a90f1e122f40c],
PUP.Optional.WebInstr.A, C:\Windows\System32\drivers\Msft_Kernel_webinstrNHKT_01009.Wdf, Quarantined, [a24ecf2e0c7d6dc980b4bac8877c49b7],
PUP.Optional.TheAnswerFinder.A, C:\Users\Alaistair\AppData\Roaming\TheAnswerFinder\RootCert.cer, Quarantined, [48a8ec1129606bcbb731107717ec7e82],
PUP.Optional.TheAnswerFinder.A, C:\Users\Alaistair\AppData\Roaming\TheAnswerFinder\makecert.exe, Quarantined, [48a8ec1129606bcbb731107717ec7e82],
PUP.Optional.TheAnswerFinder.A, C:\Users\Alaistair\AppData\Roaming\TheAnswerFinder\storage.bin, Quarantined, [48a8ec1129606bcbb731107717ec7e82],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-1, Quarantined, [3bb5609d771230069b51326e63a0669a],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-2, Quarantined, [5a966499553477bf13d9e5bbe91ace32],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-5, Quarantined, [ac44a954cbbe4cea2fbdecb4758e9f61],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-5_user, Quarantined, [f6fa9c61e3a631051ece6b356f9424dc],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-6, Quarantined, [945c53aab6d35cdaec001888d23137c9],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-7, Quarantined, [678909f41c6dbc7a4d9f1e82a16225db],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-1.job, Quarantined, [4da38d7032579c9abe9d1ae47c88b14f],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-2.job, Quarantined, [569a2ad38bfe4beba2b9758933d1ac54],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-5.job, Quarantined, [e80818e5becbce689ebd8b73ce36c53b],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-5_user.job, Quarantined, [965a23da90f995a13f1c708e16eefe02],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-6.job, Quarantined, [b33d96671277c373332848b6e2221de3],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\92a6edf7-aafc-44a2-92cb-71df4e170c31-7.job, Quarantined, [529e54a90980f046f962748a11f337c9],

Physical Sectors: 0
(No malicious items detected)


(end)
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
 
Hi Broni, Thanks for your help!
Computer seems better after the MBAM scan.

logs of Roguekiller:

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Alaistair [Administrator]
Mode : Delete -- Date : 02/01/2015 09:21:17

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2463482003-2002589441-2981365847-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:59434;https=127.0.0.1:59434 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2463482003-2002589441-2981365847-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:59434;https=127.0.0.1:59434 -> Not selected
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Not selected
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] DWZFC.job -- C:\Users\Alaistair\AppData\Roaming\DWZFC.exe (/infocmdline=WgwUosehqe0Ir3XyquJkVOmpD1W3TrDxZys9qUFW/nFcB5Nof7kNzqW50jfZypQLYJ8PIzpfyikxzTUEgjQxDbq/bvraMhaY71ReI+ZS5/MBAq6jHsQufaGtPXcMmGgE0V86K20M5A0WQjWZ0TXO7j7Fx7T2+G4+GJqd4g21KkufVb+8Ka+2NXRaoRU8953mS+4xwDhGpdbDgj5OQSOufbx0Qa0eL52qgR/jZ4EBFUBJA3X94J1fgrnsC7efGKO77KIjErL9u8OiLGryglCWE2bOjtSF6H7mSkVA2RQQnEe9KvszdZvo6J0xTxsokJ2NFpDEUfkqpUyzb+C2yzTowRUOb6mkCcK9JlIdZX5i236v23ae5p2REpxvd4wjEVS+uKYFFw+lAUhGPBeCKtRB317aiJGYlhkUWI0boOVpHnskJ1K1PrM7lUG6et2+hEtUT4JJstDlIgc/WE4jnWeuGKDAnymsUDIchZivj1jln3gKYvUft7NGNh03Bz7jUucF) -> Deleted
[Suspicious.Path] \\DWZFC -- C:\Users\Alaistair\AppData\Roaming\DWZFC.exe (/infocmdline=WgwUosehqe0Ir3XyquJkVOmpD1W3TrDxZys9qUFW/nFcB5Nof7kNzqW50jfZypQLYJ8PIzpfyikxzTUEgjQxDbq/bvraMhaY71ReI+ZS5/MBAq6jHsQufaGtPXcMmGgE0V86K20M5A0WQjWZ0TXO7j7Fx7T2+G4+GJqd4g21KkufVb+8Ka+2NXRaoRU8953mS+4xwDhGpdbDgj5OQSOufbx0Qa0eL52qgR/jZ4EBFUBJA3X94J1fgrnsC7efGKO77KIjErL9u8OiLGryglCWE2bOjtSF6H7mSkVA2RQQnEe9KvszdZvo6J0xTxsokJ2NFpDEUfkqpUyzb+C2yzTowRUOb6mkCcK9JlIdZX5i236v23ae5p2REpxvd4wjEVS+uKYFFw+lAUhGPBeCKtRB317aiJGYlhkUWI0boOVpHnskJ1K1PrM7lUG6et2+hEtUT4JJstDlIgc/WE4jnWeuGKDAnymsUDIchZivj1jln3gKYvUft7NGNh03Bz7jUucF) -> Deleted

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 EVO 120GB +++++
--- User ---
[MBR] 0f2f76e44c86f98d9490ed3b97a63103
[BSP] b7dd38aeaccd7cee4d8f93cb6779fd08 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 114121 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD2003FZEX-00Z4SA0 +++++
--- User ---
[MBR] fe0d30f210b42c96ddff6adbcf2c39a8
[BSP] fdf0e816e5d9258551be4020c5447cc4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1000000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048002048 | Size: 500000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): -1222965248 | Size: 407726 MB [Error reading VBR! ([83] An attempt was made to move the file pointer before the beginning of the file. )]
User != LL1 ... KO!
--- LL1 ---
[MBR] fe0d30f210b42c96ddff6adbcf2c39a8
[BSP] fdf0e816e5d9258551be4020c5447cc4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1000000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048002048 | Size: 500000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): -1222965248 | Size: 407726 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User != LL2 ... KO!
--- LL2 ---
[MBR] fe0d30f210b42c96ddff6adbcf2c39a8
[BSP] fdf0e816e5d9258551be4020c5447cc4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1000000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048002048 | Size: 500000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): -1222965248 | Size: 407726 MB[Invalid]


============================================
RKreport_SCN_02012015_092051.log


Restore point created.

MBAR log file:

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
main: v2015.01.31.06
rootkit: v2015.01.14.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.16384
Alaistair :: ALY [administrator]

01-02-2015 09:31:03 AM
mbar-log-2015-02-01 (09-31-03).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 335248
Time elapsed: 7 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


System-log file:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16384

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.498000 GHz
Memory total: 8530251776, free: 5176135680

Downloaded database version: v2015.01.31.06
Downloaded database version: v2015.01.14.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
02/01/2015 09:30:38
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\mgbkfk.sys
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\anodlwfx.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\Drivers\rimvndis6_AMD64.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\system32\DRIVERS\e1d64x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\Drivers\dtscsidrv.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\xusb22.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\system32\drivers\nvvadarm.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mslldp.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\system32\drivers\WmVirHid.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
IRP handler 0 of \Driver\iaStorA points to an unknown module
Unhooking enabled.

Scan started
Database versions:
main: v2015.01.31.06
rootkit: v2015.01.14.01

<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffe00002fca060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000003a\
Lower Device Object: 0xffffe000018b0340
Lower Device Driver Name: \Driver\iaStorA\
Driver name found: iaStorA
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffe00002fcb060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000039\
Lower Device Object: 0xffffe000018b1320
Lower Device Driver Name: \Driver\iaStorA\
Driver name found: iaStorA
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe00002fcb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00002fcbb20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00002fcb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000003abb90, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000002db880, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000018b1320, DeviceName: \Device\00000039\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffc0000be49600, 0xffffe00002fcb060, 0xffffe00007cf7770
Lower DeviceData: 0xffffc00003d4f1f0, 0xffffe000018b1320, 0xffffe00001618c10
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rndismp6.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rndismp6.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usb80236.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usb80236.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DBFB7076

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 716800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 718848 Numsec = 233719808

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe00002fca060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00002fcab20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00002fca060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000003ab9a0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000003abe50, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000018b0340, DeviceName: \Device\0000003a\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffc0001268e1a0, 0xffffe00002fca060, 0xffffe00005ece770
Lower DeviceData: 0xffffc0000cec2ac0, 0xffffe000018b0340, 0xffffe000046c2090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 58DC14DA

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 2048000000

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048002048 Numsec = 1024000000

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3072002048 Numsec = 835022848

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
Logs from AdwCleaner

# AdwCleaner v4.109 - Report created 01/02/2015 at 10:40:16
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Alaistair - ALY
# Running from : C:\Users\Alaistair\Desktop\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\Alaistair\AppData\Local\globalUpdate
File Deleted : C:\Users\Alaistair\AppData\Roaming\Mozilla\Firefox\Profiles\Cq3pK5XT.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{491C5DB0-06FD-A9EC-D0EA-5BA6B97B7E56}]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905565}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906665}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905565}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906665}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;<local>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:59434;hxxps=127.0.0.1:59434

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v


-\\ Google Chrome v40.0.2214.93


*************************

AdwCleaner[R0].txt - [4576 octets] - [01/02/2015 10:39:14]
AdwCleaner[S0].txt - [4118 octets] - [01/02/2015 10:40:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4178 octets] ##########


Logs from Junkware Removal Tool - JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 Pro x64
Ran by Alaistair on 01-02-2015 at 10:44:03.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440644904465}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644904465}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440644904465}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644904465}



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\ZTOOLBAR.EXE-C7CF1455.pf
Successfully deleted: [File] C:\Windows\prefetch\SPEEDUP.EXE-ABAC2381.pf
Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01-02-2015 at 10:44:56.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Logs from Farbar Recovery Scan Tool

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Alaistair (administrator) on ALY on 01-02-2015 10:46:18
Running from C:\Users\Alaistair\Desktop
Loaded Profiles: Alaistair (Available profiles: Alaistair)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(OptimizerMonitor Inc.) C:\Program Files (x86)\IGS\OptimizerMonitor.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Beepa P/L) E:\fraps\fraps.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\Alaistair\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Beepa P/L) E:\fraps\fraps64.dat
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Akamai Technologies, Inc.) C:\Users\Alaistair\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Alaistair\AppData\Local\Akamai\netsession_win.exe
(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
() C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe
(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-06-13] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-15] (Logitech Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4857592 2014-11-28] (BlackBerry Limited)
HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\Run: [GoogleChromeAutoLaunch_382B58309B65E5013E04110C4AB659DE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Alaistair\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3128408 2014-03-13] (Disc Soft Ltd)
HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-22] (Piriform Ltd)
HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\Run: [BlackBerryLink.exe] => C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe [1475320 2014-11-19] (Research In Motion)
HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\MountPoints2: {7da04aef-8aa2-11e4-827d-382c4abc47ac} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL G:\start.exe
HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\MountPoints2: {da8e3c5c-822a-11e4-8274-382c4abc47ac} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL G:\start.exe
HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\MountPoints2: {e6db5554-884d-11e4-827b-382c4abc47ac} - "G:\LG_PC_Programs.exe"
HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\MountPoints2: {f45e9d33-7a2c-11e4-8251-806e6f6e6963} - "H:\setup.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Startup GPU Miner.lnk
ShortcutTarget: Startup GPU Miner.lnk -> F:\simple gpu miner\ProcessG.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-in/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> F:\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{549E08BA-758D-49B5-B371-1CA73E424555}: [NameServer] 208.67.222.222,208.67.220.220
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Alaistair\AppData\Roaming\Mozilla\Firefox\Profiles\Cq3pK5XT.default
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Avira Browser Safety - C:\Users\Alaistair\AppData\Roaming\Mozilla\Firefox\Profiles\Cq3pK5XT.default\Extensions\abs@avira.com [2014-12-02]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-02]
CHR Extension: (From Dust) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2014-12-02]
CHR Extension: (Google Docs) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-02]
CHR Extension: (Google Drive) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-02]
CHR Extension: (YouTube) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-02]
CHR Extension: (Facebook) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-12-02]
CHR Extension: (Google Search) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-02]
CHR Extension: (Google Sheets) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-02]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-01-02]
CHR Extension: (AdBlock) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-02]
CHR Extension: (redditery) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\imooeldfapggncchoebfnidcgeiimojb [2014-12-02]
CHR Extension: (StumbleUpon) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2014-12-02]
CHR Extension: (Any.do Extension) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-12-02]
CHR Extension: (Digg) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkaodmpkbaenhnnfinhmlonngcnffmaf [2014-12-02]
CHR Extension: (Movi Kanti Revo) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdkcgeghhfjiglphfppinecpcpnnbne [2014-12-02]
CHR Extension: (ruddl - reddit browser) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\llpknfhbmlngapjlboenfmmeminfdpil [2014-12-02]
CHR Extension: (Google Wallet) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-02]
CHR Extension: (Gmail) - C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe [56648 2014-12-15] (Google Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 OptimizerMonitor; C:\Program Files (x86)\IGS\OptimizerMonitor.exe [1820240 2015-01-29] (OptimizerMonitor Inc.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-12-12] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-04-01] (CyberLink)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2014-11-28] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1348344 2014-11-28] (BlackBerry Limited)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2014-03-28] (Google Inc)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2014-03-28] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2014-03-28] (LG Electronics Inc.)
R1 anodlwf; C:\Windows\system32\DRIVERS\anodlwfx.sys [15872 2014-12-02] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-22] (Avira Operations GmbH & Co. KG)
S3 blackberryncm; C:\Windows\system32\DRIVERS\blackberryncm6_AMD64.sys [25088 2014-09-08] (BlackBerry)
U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2014-12-02] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1578128 2012-12-05] (Realtek Semiconductor Corporation )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-12-02] (Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-01] ()
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
S0 WinDivert1.1; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 10:46 - 2015-02-01 10:46 - 00022799 _____ () C:\Users\Alaistair\Desktop\FRST.txt
2015-02-01 10:46 - 2015-02-01 10:46 - 00000000 ____D () C:\FRST
2015-02-01 10:46 - 2015-02-01 10:45 - 02131456 _____ (Farbar) C:\Users\Alaistair\Desktop\FRST64.exe
2015-02-01 10:44 - 2015-02-01 10:44 - 00001302 _____ () C:\Users\Alaistair\Desktop\JRT.txt
2015-02-01 10:44 - 2015-02-01 10:44 - 00000000 ____D () C:\Windows\ERUNT
2015-02-01 10:39 - 2015-02-01 10:40 - 00000000 ____D () C:\AdwCleaner
2015-02-01 10:38 - 2015-02-01 10:38 - 02194432 _____ () C:\Users\Alaistair\Desktop\adwcleaner_4.109.exe
2015-02-01 10:12 - 2015-02-01 10:12 - 00000000 ____D () C:\Users\Alaistair\AppData\Local\Risen3
2015-02-01 09:30 - 2015-02-01 09:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-01 09:29 - 2015-02-01 09:37 - 00000000 ____D () C:\Users\Alaistair\Desktop\mbar
2015-02-01 09:17 - 2015-02-01 09:17 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-01 09:17 - 2015-02-01 09:17 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-01 09:16 - 2015-02-01 09:15 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Alaistair\Desktop\mbar-1.08.3.1004.exe
2015-02-01 09:16 - 2015-02-01 09:13 - 15431256 _____ () C:\Users\Alaistair\Desktop\RogueKiller.exe
2015-02-01 09:08 - 2015-02-01 09:08 - 00017589 _____ () C:\Windows\DirectX.log
2015-02-01 09:08 - 2015-02-01 09:08 - 00000909 _____ () C:\Users\Public\Desktop\Risen 3 - Titan Lords.lnk
2015-02-01 09:08 - 2015-02-01 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Risen 3 - Titan Lords
2015-01-31 23:31 - 2015-01-31 23:31 - 00000796 _____ () C:\Windows\setupact.log
2015-01-31 23:31 - 2015-01-31 23:31 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-31 22:36 - 2015-01-31 22:36 - 00015148 _____ () C:\Users\Alaistair\Desktop\MBAM scan 31-Jan-2015.txt
2015-01-31 22:33 - 2015-02-01 10:41 - 00013088 _____ () C:\Windows\PFRO.log
2015-01-31 22:21 - 2015-02-01 09:30 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 22:21 - 2015-02-01 09:29 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-31 22:21 - 2015-01-31 22:21 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 22:21 - 2015-01-31 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 22:21 - 2015-01-31 22:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-31 22:21 - 2015-01-31 22:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-31 22:21 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-31 22:21 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-31 12:03 - 2013-08-22 18:55 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150131-120333.backup
2015-01-31 12:02 - 2013-08-22 18:55 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150131-120256.backup
2015-01-31 11:10 - 2015-01-31 22:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-31 11:10 - 2015-01-31 22:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-31 11:10 - 2015-01-31 11:10 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-30 18:14 - 2015-01-30 18:15 - 00004784 _____ () C:\Windows\SysWOW64\OptimizerMonitor.ini
2015-01-30 18:14 - 2015-01-30 18:15 - 00002568 _____ () C:\Windows\SysWOW64\OptimizerMonitorOff.ini
2015-01-30 18:14 - 2015-01-30 18:15 - 00002568 _____ () C:\Windows\system32\OptimizerMonitorOff.ini
2015-01-30 18:13 - 2015-01-30 18:13 - 00000000 ____D () C:\Program Files (x86)\IGS
2015-01-30 18:13 - 2015-01-29 18:52 - 00301152 _____ (OptimizerMonitor Inc.) C:\Windows\SysWOW64\OptimizerMonitor.dll
2015-01-30 18:11 - 2015-01-31 08:55 - 00000000 ____D () C:\Users\Alaistair\AppData\Local\igs
2015-01-28 10:25 - 2015-01-28 10:25 - 00000000 ____D () C:\Program Files\Logitech
2015-01-28 10:25 - 2015-01-28 10:25 - 00000000 ____D () C:\Program Files\Common Files\Logitech
2015-01-27 13:57 - 2015-01-27 13:57 - 04533505 _____ () C:\Users\Alaistair\Desktop\BlackBerry_Blend_2015_01_27_13_57_55.zip
2015-01-27 07:22 - 2015-01-27 07:22 - 00003158 _____ () C:\Windows\System32\Tasks\{9B52B64F-F911-45DF-85E4-30B2EA819EB5}
2015-01-27 06:58 - 2015-01-31 22:32 - 00000000 ____D () C:\Program Files (x86)\24ca4bef-13f4-41f4-9407-1aa1d58eb814
2015-01-27 06:57 - 2015-01-27 06:57 - 00000000 ____D () C:\Users\Alaistair\Documents\MGR
2015-01-27 06:54 - 2015-01-27 06:54 - 00000643 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\METAL GEAR RISING REVENGEANCE.lnk
2015-01-25 21:42 - 2015-01-25 21:42 - 00001248 _____ () C:\Users\Alaistair\AppData\Roaming\DWZFC
2015-01-24 14:05 - 2015-01-24 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Walking Dead 2
2015-01-24 13:57 - 2015-01-24 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Walking Dead 1
2015-01-23 10:31 - 2015-01-23 10:31 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\Promotion Software GmbH
2015-01-23 10:19 - 2015-01-23 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emergency 5
2015-01-23 02:21 - 2015-01-24 20:29 - 00000000 ____D () C:\Users\Alaistair\Documents\Telltale Games
2015-01-23 02:21 - 2015-01-23 02:21 - 00000000 ____D () C:\ProgramData\REVOLT
2015-01-23 01:42 - 2015-01-23 01:42 - 00000000 ____D () C:\Users\Alaistair\Documents\NBGI
2015-01-23 01:42 - 2015-01-23 01:42 - 00000000 ____D () C:\Users\Alaistair\AppData\Local\NBGI
2015-01-23 01:41 - 2015-01-23 01:41 - 00001558 _____ () C:\Users\Public\Desktop\Dark Souls Prepare to Die Edition.lnk
2015-01-23 01:40 - 2015-01-23 01:40 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2015-01-23 01:40 - 2015-01-23 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2015-01-23 01:40 - 2015-01-23 01:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-01-21 02:48 - 2015-01-21 02:50 - 00000000 ____D () C:\Users\Alaistair\Zomboid
2015-01-21 02:47 - 2015-01-21 02:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Zomboid
2015-01-20 00:28 - 2015-01-20 01:47 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\.minecraft
2015-01-20 00:28 - 2015-01-20 00:28 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\java
2015-01-20 00:21 - 2015-01-20 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-01-19 15:31 - 2015-01-20 15:21 - 00018254 _____ () C:\Users\Alaistair\Desktop\Interview Questions.odt
2015-01-19 04:27 - 2015-01-19 04:27 - 00000000 ____D () C:\Users\Alaistair\AppData\Local\SCE
2015-01-18 19:50 - 2015-01-18 19:50 - 00000000 ____D () C:\Program Files (x86)\USB Game Controller
2015-01-17 12:54 - 2015-01-17 12:54 - 00000202 _____ () C:\Users\Alaistair\Desktop\DARK SOULS II.url
2015-01-17 10:25 - 2015-01-17 10:26 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\DarkSoulsII
2015-01-16 23:00 - 2015-01-16 23:00 - 00000802 _____ () C:\Users\Alaistair\Desktop\Cat-A-Cat GAMES.lnk
2015-01-16 23:00 - 2015-01-16 23:00 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlagueInc 1.0
2015-01-16 10:55 - 2015-01-17 11:05 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-15 18:09 - 2015-01-19 04:59 - 00000000 ____D () C:\Users\Alaistair\Documents\Euro Truck Simulator 2
2015-01-15 18:09 - 2015-01-15 18:09 - 00000000 ___SH () C:\Users\Alaistair\AppData\Local\LumaEmu
2015-01-15 18:09 - 2015-01-15 18:09 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 v1.14.0.4s (18 DLC)
2015-01-15 18:09 - 2015-01-15 18:09 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2015-01-15 18:07 - 2015-01-15 18:07 - 00000000 ____D () C:\2-click run
2015-01-15 13:39 - 2015-01-15 13:39 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\11bitstudios
2015-01-15 13:17 - 2015-01-15 13:17 - 00000000 ____D () C:\Users\Alaistair\Documents\ALY
2015-01-15 13:10 - 2015-01-15 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extreme Roads USA
2015-01-14 15:04 - 2015-01-14 15:04 - 00000000 _____ () C:\Users\Alaistair\Desktop\New Text Document.txt
2015-01-13 20:44 - 2015-01-13 20:44 - 00000808 _____ () C:\Users\Public\Desktop\Lifeless Planet.lnk
2015-01-13 20:44 - 2015-01-13 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KISS ltd
2015-01-13 10:49 - 2015-01-13 10:49 - 00000000 ____D () C:\Users\Alaistair\Documents\Larian Studios
2015-01-13 03:06 - 2015-01-13 03:06 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\Divinity - Original Sin
2015-01-13 03:06 - 2015-01-13 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-01-12 12:25 - 2015-01-12 12:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_blackberryncm6_AMD64_01007.Wdf
2015-01-12 12:23 - 2015-01-27 13:57 - 00000000 ____D () C:\Users\Alaistair\AppData\Local\BlackBerry
2015-01-12 12:21 - 2015-01-12 12:21 - 00001115 _____ () C:\Users\Public\Desktop\BlackBerry Link.lnk
2015-01-12 12:21 - 2015-01-12 12:21 - 00001031 _____ () C:\Users\Public\Desktop\BlackBerry Blend.lnk
2015-01-12 12:21 - 2015-01-12 12:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2015-01-12 12:21 - 2015-01-12 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry Link
2015-01-12 12:21 - 2015-01-12 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry Blend
2015-01-12 12:21 - 2015-01-12 12:21 - 00000000 ____D () C:\Program Files (x86)\BlackBerry
2015-01-12 12:21 - 2012-12-10 15:48 - 00044544 _____ (Research in Motion Ltd) C:\Windows\system32\Drivers\RimSerial_AMD64.sys
2015-01-12 12:07 - 2015-01-12 12:07 - 00000668 _____ () C:\Users\Public\Desktop\Free MP3 Ringtone Maker.lnk
2015-01-12 12:07 - 2015-01-12 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseTips
2015-01-12 01:35 - 2015-01-12 01:35 - 00000000 ____D () C:\Users\Alaistair\sachesi2
2015-01-11 09:09 - 2015-01-11 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ryse Son of Rome
2015-01-09 18:17 - 2015-01-09 18:17 - 00000061 _____ () C:\Users\Alaistair\Desktop\dads appointment.txt
2015-01-05 15:33 - 2015-01-05 15:33 - 00000000 ____D () C:\Users\Alaistair\Documents\WB Games
2015-01-05 15:19 - 2015-01-05 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
2015-01-05 02:28 - 2015-01-05 02:28 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\Apple Computer
2015-01-02 18:51 - 2015-01-02 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alien. Isolation
2015-01-02 01:24 - 2015-01-02 01:24 - 00000000 ____D () C:\ProgramData\Google

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 10:43 - 2014-12-02 19:42 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log
2015-02-01 10:41 - 2014-12-09 19:31 - 00003136 _____ () C:\Windows\System32\Tasks\FRAPS
2015-02-01 10:41 - 2014-12-02 19:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-01 10:41 - 2014-12-02 17:44 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 10:41 - 2013-08-22 20:15 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 10:30 - 2013-08-22 21:06 - 00000000 ____D () C:\Windows\system32\sru
2015-02-01 09:57 - 2014-12-02 17:13 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2463482003-2002589441-2981365847-1001
2015-02-01 09:49 - 2014-12-02 17:44 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 09:08 - 2014-12-04 16:16 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\uTorrent
2015-02-01 09:00 - 2014-12-02 19:39 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\DAEMON Tools Pro
2015-02-01 02:16 - 2014-12-02 17:37 - 01500480 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 00:39 - 2014-12-02 17:12 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-31 22:33 - 2013-08-22 21:06 - 00000000 __RSD () C:\Windows\Media
2015-01-31 22:32 - 2014-12-30 13:11 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-31 12:55 - 2014-12-24 16:32 - 00000000 ____D () C:\Users\Alaistair\Documents\Assassin's Creed Unity
2015-01-31 11:03 - 2013-08-22 21:06 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-30 19:32 - 2014-12-04 07:16 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\vlc
2015-01-28 10:28 - 2014-12-02 20:37 - 00000000 ____D () C:\Users\Alaistair\AppData\Local\Logitech
2015-01-28 10:25 - 2014-12-02 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-01-27 09:29 - 2014-12-04 19:29 - 00000000 ____D () C:\Users\Alaistair\Desktop\Games
2015-01-27 07:51 - 2014-12-02 17:49 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-27 07:23 - 2014-12-02 17:08 - 00001446 _____ () C:\Users\Alaistair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-27 07:19 - 2014-12-21 01:30 - 00000000 ____D () C:\Users\Alaistair\AppData\Roaming\Free Download Manager
2015-01-27 07:14 - 2014-12-14 18:13 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-27 07:14 - 2013-08-22 18:55 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-27 07:02 - 2014-12-04 07:16 - 00001086 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-24 14:03 - 2014-12-03 00:37 - 00000000 ____D () C:\ProgramData\Steam
2015-01-21 02:48 - 2014-12-02 17:08 - 00000000 ____D () C:\Users\Alaistair
2015-01-19 23:51 - 2014-12-04 02:44 - 00000000 ____D () C:\Users\Alaistair\Documents\Settlers7
2015-01-18 19:50 - 2014-12-02 19:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-13 23:46 - 2014-12-30 13:12 - 00000000 ____D () C:\Users\Public\CyberLink
2015-01-13 23:46 - 2014-12-30 13:12 - 00000000 ____D () C:\Users\Alaistair\Documents\CyberLink
2015-01-13 20:45 - 2014-12-07 10:24 - 00000000 ____D () C:\Users\Alaistair\AppData\Local\SKIDROW
2015-01-12 12:21 - 2014-12-02 18:42 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-06 22:28 - 2013-08-22 21:06 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-05 02:27 - 2013-08-22 20:14 - 00374608 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-02 18:51 - 2014-12-05 09:02 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-02 09:25 - 2014-12-02 17:44 - 00000000 ____D () C:\Program Files (x86)\Google

==================== Files in the root of some directories =======

2015-01-25 21:42 - 2015-01-25 21:42 - 0001248 _____ () C:\Users\Alaistair\AppData\Roaming\DWZFC
2014-12-02 20:17 - 2014-12-02 20:17 - 0585728 _____ () C:\Users\Alaistair\AppData\Local\file__0.localstorage
2015-01-15 18:09 - 2015-01-15 18:09 - 0000000 ___SH () C:\Users\Alaistair\AppData\Local\LumaEmu
2014-12-25 10:54 - 2014-12-25 10:54 - 0306176 _____ (Valve Corporation) C:\Users\Alaistair\AppData\Local\steam_api64.dll

Some content of TEMP:
====================
C:\Users\Alaistair\AppData\Local\Temp\362270A4-3E15-7424-D959-B84C15887660.exe
C:\Users\Alaistair\AppData\Local\Temp\4BCD0FE7-18E4-2031-5542-49664A1ECCCD.dll
C:\Users\Alaistair\AppData\Local\Temp\4BCD0FE7-18E4-2031-5542-49664A1ECCCD.exe
C:\Users\Alaistair\AppData\Local\Temp\avgnt.exe
C:\Users\Alaistair\AppData\Local\Temp\bdacabfccced.exe
C:\Users\Alaistair\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Alaistair\AppData\Local\Temp\Quarantine.exe
C:\Users\Alaistair\AppData\Local\Temp\SpOrder.dll
C:\Users\Alaistair\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-25 04:06

==================== End Of Log ============================
 
FARBAR Recovery Tool logs for ADDITION.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Alaistair at 2015-02-01 10:46:40
Running from C:\Users\Alaistair\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

«Middle-earth™ Shadow of Mordor™» 1.0.1636.21 (HKLM-x32\...\«Middle-earth™ Shadow of Mordor™»_is1) (Version: 1.0.1636.21 - WB Games)
µTorrent (HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Alien. Isolation (HKLM-x32\...\Alien. Isolation_is1) (Version: 1.0 - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassins Creed Unity (HKLM-x32\...\ACU_is1) (Version: - VEBMAX)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
BlackBerry 10 Desktop Software (HKLM-x32\...\{ddaa6aab-c1ec-45ea-a8f2-a95d10f57295}) (Version: 1.1.0.21 - BlackBerry)
BlackBerry Blend (x32 Version: 1.1.0.17 - BlackBerry Ltd.) Hidden
BlackBerry Communication Drivers (x32 Version: 8.0.0.118 - BlackBerry Ltd.) Hidden
BlackBerry Device Drivers (x32 Version: 8.0.0.118 - BlackBerry Ltd.) Hidden
BlackBerry Link (x32 Version: 1.2.4.27 - BlackBerry) Hidden
BlackBerry Link Remover (x32 Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Chrome Remote Desktop Host (HKLM-x32\...\{6FC79C95-F54F-4515-8012-01F33D894492}) (Version: 40.0.2214.44 - Google Inc.)
CPUID ROG CPU-Z 1.69 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.69 - CPUID, Inc.)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.1.0.0 - Electronic Arts)
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2104.0 - CyberLink Corp.)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0387 - Disc Soft Ltd)
Dark Souls Prepare to Die Edition (HKLM-x32\...\GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}) (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.)
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version: - FromSoftware, Inc)
Darkcoin (HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\Darkcoin) (Version: 0.10.16.16 - Darkcoin Project)
Divinity - Original Sin (HKLM-x32\...\Divinity - Original Sin_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm)
Emergency 5 (HKLM-x32\...\Emergency 5_is1) (Version: - )
Escape Dead Island ver. 1.0.0.0 (HKLM-x32\...\{50041179-92AZ-28DE-83U8-36FK6M446AC}_is1) (Version: 1.0.0.0 - Deep Silver)
Euro Truck Simulator 2 v1.14.0.4s (18 DLC) (HKLM-x32\...\Euro Truck Simulator 2 v1.14.0.4s (18 DLC)1.14.0.4s) (Version: 1.14.0.4s - Friends in War)
Extreme Roads USA (HKLM-x32\...\Extreme Roads USA_is1) (Version: - )
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)
FireStorm version V1.0.44.000 (HKLM-x32\...\FireStorm_is1) (Version: V1.0.44.000 - )
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Free MP3 Ringtone Maker 2.3 (HKLM-x32\...\Free MP3 Ringtone Maker_is1) (Version: - musetips.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Heaven DX11 Benchmark version 3.0 (HKLM\...\Unigine Heaven DX11 Benchmark (Basic Edition)_is1) (Version: 3.0 - Unigine Corp.)
IGS (HKLM-x32\...\IGS) (Version: - )
igsc (HKLM-x32\...\igsc) (Version: 1.0.0.0 - igs)
Intel(R) Chipset Device Software (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.11.3.0 - LG Electronics)
Lifeless Planet (HKLM-x32\...\Lifeless Planet_is1) (Version: - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\TUVUQUxHRUFSUklTSU5HUkVWRU5HRUFOQ0U=_is1) (Version: 1 - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{0BFFC345-DBD4-411C-97E4-86EC7C0F4B72}) (Version: 1.0.2.0 - Mojang)
My Game Long Name (HKLM\...\UDK-95867b76-8fea-48e3-917c-bb076e227dae) (Version: - Epic Games, Inc.)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PlagueInc 1.0 (HKLM-x32\...\PlagueInc 1.0) (Version: 1.0 - Cat-A-Cat)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\SOE-PlanetSide 2) (Version: - Sony Online Entertainment)
Project Zomboid (HKLM-x32\...\Project Zomboid_is1) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
Risen 3 - Titan Lords (HKLM-x32\...\Risen 3 - Titan Lords_is1) (Version: - Deep Silver)
Ryse Son of Rome (HKLM-x32\...\Ryse Son of Rome_is1) (Version: - )
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Sid Meier`s Civilization® Beyond Earth™ / RePack by Baracuda (HKLM-x32\...\Sid Meier`s Civilization® Beyond Earth™_is1) (Version: 1.0.0.574 - )
Simple GPU Miner (HKLM-x32\...\{7CDFCC48-3AA5-4D86-88F7-3799B4158A9B}) (Version: 1.6 - Miner)
Sonic Radar II (HKLM\...\{203BCA8D-BC00-4DD5-85DF-2F84DB803B57}) (Version: 2.1.001 - ASUSTeKcomputer.Inc)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{F109C8D7-7417-460B-836F-717AE17619C4}) (Version: 2.2.3.0 - Husdawg, LLC)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
The Bureau: XCOM Declassified (HKLM-x32\...\VGhlQnVyZWF1WENPTURlY2xhc3NpZmllZA==_is1) (Version: 1 - )
The Old City Leviathan v1.0 / RePack by Azaq (HKLM-x32\...\The Old City Leviathan_is1) (Version: - )
The Settlers 7 - Paths to a Kingdom (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.02.1221 - Ubisoft)
This War of Mine (HKLM-x32\...\This War of Mine_is1) (Version: - )
Tom Clancy's Ghost Recon Future Soldier (HKLM-x32\...\{6D87CAD9-9B94-4421-A439-B25F8DE14575}) (Version: 1.00 - Ubisoft)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
USB Game Controller (HKLM-x32\...\{95CC887F-91B2-45E9-AE29-0D51995192CB}) (Version: 2005.05.26 - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Walking Dead (HKLM-x32\...\Walking Dead_is1) (Version: - Audioslave)
Walking Dead 2 (HKLM-x32\...\Walking Dead 2_is1) (Version: - Audioslave)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 4.00 beta 6 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.6 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

01-02-2015 05:12:31 Scheduled Checkpoint
01-02-2015 09:28:00 MBAR scan

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 18:55 - 2015-01-31 12:03 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0391EE69-CC47-4DA7-8A20-F30FD4426A7B} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
Task: {2EEE8F6A-D891-4155-9DE2-1A0A38EB1961} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-02] (Google Inc.)
Task: {42490B46-19D7-4205-BF94-B698ABC51EC8} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {603268C8-F4BF-4D13-981A-0B6C21831744} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-22] (Piriform Ltd)
Task: {67701E52-8579-4752-A6B0-7062C1187B97} - System32\Tasks\FRAPS => E:\fraps\fraps.exe [2013-02-26] (Beepa P/L)
Task: {A9479303-48E3-4D5F-ADEC-0E96FE7A9859} - System32\Tasks\{9B52B64F-F911-45DF-85E4-30B2EA819EB5} => pcalua.exe -a C:\Users\Alaistair\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
Task: {CF9C9422-1BED-4B2D-B30A-DCCD5E9372D0} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {F7C1EEB6-9DC0-43FC-8F07-A2711657CBA4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-02] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-02 19:53 - 2014-12-13 13:33 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-02 19:33 - 2014-01-28 08:46 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2014-12-02 19:33 - 2014-04-24 11:59 - 01360016 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2014-12-02 22:26 - 2014-12-12 14:27 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-02 19:34 - 2014-05-22 13:54 - 00096568 _____ () C:\Windows\SYSTEM32\audioLibVc.dll
2014-09-18 12:53 - 2014-09-18 12:53 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-15 00:21 - 2014-10-15 00:21 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 12:53 - 2014-09-18 12:53 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-15 00:21 - 2014-10-15 00:21 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-12-02 19:53 - 2014-12-13 05:43 - 00708240 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2014-12-02 19:53 - 2014-12-13 05:43 - 00854160 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2014-11-28 11:48 - 2014-11-28 11:48 - 00688888 _____ () C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
2014-12-02 19:33 - 2015-02-01 10:41 - 00036864 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2014-12-02 19:33 - 2014-01-28 08:46 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2014-11-28 11:18 - 2014-11-28 11:18 - 00094208 _____ () C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll
2014-12-02 20:05 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-03-20 11:43 - 2014-03-20 11:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-27 07:50 - 2015-01-25 11:38 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-27 07:50 - 2015-01-25 11:38 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-27 07:50 - 2015-01-25 11:38 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
2015-01-27 07:50 - 2015-01-25 11:38 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\OptimizerMonitor => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2463482003-2002589441-2981365847-500 - Administrator - Disabled)
Alaistair (S-1-5-21-2463482003-2002589441-2981365847-1001 - Administrator - Enabled) => C:\Users\Alaistair
Guest (S-1-5-21-2463482003-2002589441-2981365847-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (02/01/2015 10:46:24 AM) (Source: DCOM) (EventID: 10010) (User: Aly)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 25%
Total physical RAM: 8135.08 MB
Available physical RAM: 6042.24 MB
Total Pagefile: 9415.08 MB
Available Pagefile: 6933.59 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.45 GB) (Free:84.32 GB) NTFS
Drive d: (Games) (Fixed) (Total:976.56 GB) (Free:533.57 GB) NTFS
Drive e: (Stuff) (Fixed) (Total:488.28 GB) (Free:199.6 GB) NTFS
Drive f: (Win8-Ext) (Fixed) (Total:398.17 GB) (Free:393.64 GB) NTFS
Drive h: (Risen 3 - Titan Lords) (CDROM) (Total:6.75 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: DBFB7076)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 58DC14DA)
Partition 1: (Not Active) - (Size=976.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=398.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2.1 KB · Views: 1
Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Alaistair at 2015-02-02 06:27:04 Run:1
Running from C:\Users\Alaistair\Desktop
Loaded Profiles: Alaistair (Available profiles: Alaistair)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\MountPoints2: {7da04aef-8aa2-11e4-827d-382c4abc47ac} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL G:\start.exe
HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\MountPoints2: {da8e3c5c-822a-11e4-8274-382c4abc47ac} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL G:\start.exe
HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\MountPoints2: {e6db5554-884d-11e4-827b-382c4abc47ac} - "G:\LG_PC_Programs.exe"
HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\...\MountPoints2: {f45e9d33-7a2c-11e4-8251-806e6f6e6963} - "H:\setup.exe"
ShortcutTarget: Startup GPU Miner.lnk -> F:\simple gpu miner\ProcessG.exe (No File)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
S0 WinDivert1.1; No ImagePath
2015-01-25 21:42 - 2015-01-25 21:42 - 0001248 _____ () C:\Users\Alaistair\AppData\Roaming\DWZFC
2014-12-02 20:17 - 2014-12-02 20:17 - 0585728 _____ () C:\Users\Alaistair\AppData\Local\file__0.localstorage
2015-01-15 18:09 - 2015-01-15 18:09 - 0000000 ___SH () C:\Users\Alaistair\AppData\Local\LumaEmu
2014-12-25 10:54 - 2014-12-25 10:54 - 0306176 _____ (Valve Corporation) C:\Users\Alaistair\AppData\Local\steam_api64.dll
C:\Users\Alaistair\AppData\Local\Temp\362270A4-3E15-7424-D959-B84C15887660.exe
C:\Users\Alaistair\AppData\Local\Temp\4BCD0FE7-18E4-2031-5542-49664A1ECCCD.dll
C:\Users\Alaistair\AppData\Local\Temp\4BCD0FE7-18E4-2031-5542-49664A1ECCCD.exe
C:\Users\Alaistair\AppData\Local\Temp\avgnt.exe
C:\Users\Alaistair\AppData\Local\Temp\bdacabfccced.exe
C:\Users\Alaistair\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Alaistair\AppData\Local\Temp\Quarantine.exe
C:\Users\Alaistair\AppData\Local\Temp\SpOrder.dll
C:\Users\Alaistair\AppData\Local\Temp\sqlite3.dll

*****************

"HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7da04aef-8aa2-11e4-827d-382c4abc47ac}" => Key deleted successfully.
HKCR\CLSID\{7da04aef-8aa2-11e4-827d-382c4abc47ac} => Key not found.
"HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da8e3c5c-822a-11e4-8274-382c4abc47ac}" => Key deleted successfully.
HKCR\CLSID\{da8e3c5c-822a-11e4-8274-382c4abc47ac} => Key not found.
"HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6db5554-884d-11e4-827b-382c4abc47ac}" => Key deleted successfully.
HKCR\CLSID\{e6db5554-884d-11e4-827b-382c4abc47ac} => Key not found.
"HKU\S-1-5-21-2463482003-2002589441-2981365847-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f45e9d33-7a2c-11e4-8251-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{f45e9d33-7a2c-11e4-8251-806e6f6e6963} => Key not found.
F:\simple gpu miner\ProcessG.exe not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
WinDivert1.1 => Error deleting Service
C:\Users\Alaistair\AppData\Roaming\DWZFC => Moved successfully.
C:\Users\Alaistair\AppData\Local\file__0.localstorage => Moved successfully.
C:\Users\Alaistair\AppData\Local\LumaEmu => Moved successfully.
C:\Users\Alaistair\AppData\Local\steam_api64.dll => Moved successfully.
C:\Users\Alaistair\AppData\Local\Temp\362270A4-3E15-7424-D959-B84C15887660.exe => Moved successfully.
C:\Users\Alaistair\AppData\Local\Temp\4BCD0FE7-18E4-2031-5542-49664A1ECCCD.dll => Moved successfully.
C:\Users\Alaistair\AppData\Local\Temp\4BCD0FE7-18E4-2031-5542-49664A1ECCCD.exe => Moved successfully.
C:\Users\Alaistair\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\Alaistair\AppData\Local\Temp\bdacabfccced.exe => Moved successfully.
C:\Users\Alaistair\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Alaistair\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Alaistair\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\Users\Alaistair\AppData\Local\Temp\sqlite3.dll => Moved successfully.

==== End of Fixlog 06:27:05 ====
 
I missed one entry so we have to run one more fix...


Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    250 bytes · Views: 1
Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Alaistair at 2015-02-02 16:22:25 Run:2
Running from C:\Users\Alaistair\Desktop
Loaded Profiles: Alaistair (Available profiles: Alaistair)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {A9479303-48E3-4D5F-ADEC-0E96FE7A9859} - System32\Tasks\{9B52B64F-F911-45DF-85E4-30B2EA819EB5} => pcalua.exe -a C:\Users\Alaistair\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
C:\Users\Alaistair\AppData\Roaming\mystartsearch
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9479303-48E3-4D5F-ADEC-0E96FE7A9859}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9479303-48E3-4D5F-ADEC-0E96FE7A9859}" => Key deleted successfully.
C:\Windows\System32\Tasks\{9B52B64F-F911-45DF-85E4-30B2EA819EB5} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9B52B64F-F911-45DF-85E4-30B2EA819EB5}" => Key deleted successfully.
"C:\Users\Alaistair\AppData\Roaming\mystartsearch" => File/Directory not found.

==== End of Fixlog 16:22:25 ====
 
Good :)

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Checkup.txt

Results of screen317's Security Check version 0.99.96
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Windows Defender
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Java 64-bit 8 Update 31
Google Chrome (40.0.2214.91)
Google Chrome (40.0.2214.93)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


FSS.txt

Farbar Service Scanner Version: 17-01-2015
Ran by Alaistair (administrator) on 03-02-2015 at 04:05:48
Running from "F:\Chrome Downloads"
Microsoft Windows 8.1 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Sophos found 4 threats :

2015-02-02 22:40:58.269 Sophos Virus Removal Tool version 2.5.4
2015-02-02 22:40:58.269 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-02-02 22:40:58.269 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-02-02 22:40:58.269 Windows version 6.2 SP 0.0 build 9200 SM=0x100 PT=0x1 WOW64
2015-02-02 22:40:58.269 Checking for updates...
2015-02-02 22:40:58.273 Update progress: proxy server not available
2015-02-02 22:41:02.941 Option all = no
2015-02-02 22:41:02.942 Option recurse = yes
2015-02-02 22:41:02.942 Option archive = no
2015-02-02 22:41:02.942 Option service = yes
2015-02-02 22:41:02.942 Option confirm = yes
2015-02-02 22:41:02.942 Option sxl = yes
2015-02-02 22:41:02.942 Option max-data-age = 35
2015-02-02 22:41:02.942 Option EnableSafeClean = yes
2015-02-02 22:41:04.233 Option vdl-logging = yes
2015-02-02 22:41:04.234 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-02-02 22:41:04.234 Machine ID: 1c8fd706d74a405c830a514a5aae6b4b
2015-02-02 22:41:04.234 Component SVRTcli.exe version 2.5.4
2015-02-02 22:41:04.235 Component control.dll version 2.5.4
2015-02-02 22:41:04.235 Component SVRTservice.exe version 2.5.4
2015-02-02 22:41:04.235 Component engine\osdp.dll version 1.44.1.2183
2015-02-02 22:41:04.235 Component engine\veex.dll version 3.58.3.2183
2015-02-02 22:41:04.235 Component engine\savi.dll version 8.1.5.2183
2015-02-02 22:41:04.235 Component rkdisk.dll version 1.5.30.0
2015-02-02 22:41:04.235 Version info: Product version 2.5.4
2015-02-02 22:41:04.235 Version info: Detection engine 3.58.3
2015-02-02 22:41:04.235 Version info: Detection data 5.10
2015-02-02 22:41:04.235 Version info: Build date 06-01-2015
2015-02-02 22:41:04.235 Version info: Data files added 330
2015-02-02 22:41:04.235 Version info: Last successful update (not yet updated)
2015-02-02 22:41:55.084 Downloading updates...
2015-02-02 22:41:55.084 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-02-02 22:41:55.084 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-02-02 22:41:55.084 Update progress: [I49502] Found supplement IDE509 LATEST
2015-02-02 22:41:55.084 Update progress: [I49502] Found supplement IDE510 LATEST
2015-02-02 22:41:55.084 Update progress: [I49502] Found supplement IDE511 LATEST
2015-02-02 22:41:55.084 Update progress: [I49502] Found supplement IDE512 LATEST
2015-02-02 22:41:55.084 Update progress: [I49502] Found supplement IDE513 LATEST
2015-02-02 22:41:55.084 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-02-02 22:41:55.084 Update progress: [I19463] Syncing product SAVIW32 48
2015-02-02 22:42:15.229 Update progress: [I19463] Syncing product IDE509 177
2015-02-02 22:43:54.374 Update progress: [I19463] Syncing product IDE510 179
2015-02-02 22:45:23.183 Installing updates...
2015-02-02 22:45:23.785 Error level 1
2015-02-02 22:45:23.794 Update progress: [I19463] Syncing product IDE511 170
2015-02-02 22:45:23.794 Update progress: [I19463] Syncing product IDE512 162
2015-02-02 22:45:23.794 Update progress: [I19463] Syncing product IDE513 1
2015-02-02 22:45:26.070 Update successful
2015-02-02 22:45:31.237 Option all = no
2015-02-02 22:45:31.237 Option recurse = yes
2015-02-02 22:45:31.237 Option archive = no
2015-02-02 22:45:31.237 Option service = yes
2015-02-02 22:45:31.237 Option confirm = yes
2015-02-02 22:45:31.237 Option sxl = yes
2015-02-02 22:45:31.238 Option max-data-age = 35
2015-02-02 22:45:31.238 Option EnableSafeClean = yes
2015-02-02 22:45:31.333 Option vdl-logging = yes
2015-02-02 22:45:31.335 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-02-02 22:45:31.335 Machine ID: 1c8fd706d74a405c830a514a5aae6b4b
2015-02-02 22:45:31.335 Component SVRTcli.exe version 2.5.4
2015-02-02 22:45:31.335 Component control.dll version 2.5.4
2015-02-02 22:45:31.335 Component SVRTservice.exe version 2.5.4
2015-02-02 22:45:31.335 Component engine\osdp.dll version 1.44.1.2183
2015-02-02 22:45:31.335 Component engine\veex.dll version 3.58.3.2183
2015-02-02 22:45:31.335 Component engine\savi.dll version 8.1.5.2183
2015-02-02 22:45:31.335 Component rkdisk.dll version 1.5.30.0
2015-02-02 22:45:31.335 Version info: Product version 2.5.4
2015-02-02 22:45:31.336 Version info: Detection engine 3.58.3
2015-02-02 22:45:31.336 Version info: Detection data 5.08G
2015-02-02 22:45:31.336 Version info: Build date 11-11-2014
2015-02-02 22:45:31.336 Version info: Data files added 683
2015-02-02 22:45:31.336 Version info: Last successful update 03-02-2015 04:15:26

2015-02-02 22:52:34.918 Could not open C:\hiberfil.sys
2015-02-02 22:53:23.579 Could not open C:\Program Files (x86)\24ca4bef-13f4-41f4-9407-1aa1d58eb814\a48e2c26-4fd3-4ee0-aec9-95962273e3e5.dll
2015-02-02 22:53:23.588 Could not open C:\Program Files (x86)\Apple Software Update\24ca4bef-13f4-41f4-9407-1aa1d58eb814.dll
2015-02-02 22:55:02.572 Could not open C:\swapfile.sys
2015-02-02 22:55:02.586 Could not open C:\System Volume Information\{157b3f0c-a96b-11e4-8294-382c4abc47ac}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-02 22:55:02.586 Could not open C:\System Volume Information\{157b417a-a96b-11e4-8294-382c4abc47ac}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-02 22:55:02.586 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-02 22:55:02.587 Could not open C:\System Volume Information\{4af367d8-aadc-11e4-829a-382c4abc47ac}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-02-02 22:55:05.394 Could not open C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Current Session
2015-02-02 22:55:05.398 Could not check C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
2015-02-02 22:55:05.401 Could not check C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2015-02-02 22:55:06.443 Could not check C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK (virus scan failed)
2015-02-02 22:55:06.461 Could not check C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\LOCK (virus scan failed)
2015-02-02 22:55:06.527 Could not check C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kcahibnffhnnjcedflmchmokndkjnhpg\LOCK (virus scan failed)
2015-02-02 22:55:06.530 Could not check C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
2015-02-02 22:55:06.590 Could not check C:\Users\Alaistair\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2015-02-02 22:56:47.045 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-02-02 22:56:47.045 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-02-02 22:56:48.084 Could not open C:\Windows\System32\config\BBI
2015-02-02 22:56:48.100 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-02-02 22:56:48.101 Could not open C:\Windows\System32\config\RegBack\SAM
2015-02-02 22:56:48.101 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-02-02 22:56:48.101 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-02-02 22:56:48.102 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-02-02 23:03:19.502 >>> Virus 'Mal/VMProtBad-A' found in file D:\Games\Alien. Isolation\STEAM_API.dll
2015-02-02 23:03:27.833 >>> Virus 'Mal/Generic-S' found in file D:\Games\Crysis 3\Bin32\crys3.dll
2015-02-02 23:03:27.834 >>> Virus 'Mal/Generic-S' found in file D:\Games\Crysis 3\Bin32\crys3.dll
2015-02-02 23:03:27.834 >>> Virus 'Mal/Generic-S' found in file D:\Games\Crysis 3\Bin32\crys3.dll
2015-02-02 23:03:32.858 >>> Virus 'Mal/Generic-S' found in file D:\Games\Crysis 3\Bin32\rldea.dll
2015-02-02 23:03:32.858 >>> Virus 'Mal/Generic-S' found in file D:\Games\Crysis 3\Bin32\rldea.dll
2015-02-02 23:03:32.858 >>> Virus 'Mal/Generic-S' found in file D:\Games\Crysis 3\Bin32\rldea.dll
2015-02-02 23:03:40.824 >>> Virus 'Mal/VMProtBad-A' found in file D:\Games\Dead State\steam_api.dll
2015-02-02 23:03:45.854 >>> Virus 'Mal/VMProtBad-A' found in file D:\Games\Divinity - Original Sin\Shipping\steam_api.dll
2015-02-02 23:03:54.005 >>> Virus 'Mal/Generic-S' found in file D:\Games\Dragon Age Inquisition\Dragon Age Inquisition\3dmgame.dll
2015-02-02 23:03:54.005 >>> Virus 'Mal/Generic-S' found in file D:\Games\Dragon Age Inquisition\Dragon Age Inquisition\3dmgame.dll
2015-02-02 23:04:38.338 >>> Virus 'Mal/VMProtBad-A' found in file D:\Games\plague\PlagueInc\steam_api.dll
2015-02-02 23:05:14.868 >>> Virus 'Troj/Agent-ABWY' found in file D:\Games\The Walking Dead\steam_api.dll
2015-02-02 23:05:25.155 >>> Virus 'Mal/VMProtBad-A' found in file D:\setllers7\Data\Base\_Dbg\Bin\Release\1911.dll
2015-02-02 23:05:28.547 >>> Virus 'Mal/VMProtBad-A' found in file D:\setllers7\Razor1911\Crack\Data\Base\_Dbg\Bin\Release\1911.dll
2015-02-02 23:08:27.643 >>> Virus 'Mal/Generic-E' found in file E:\torrent downloads\Metal Gear Solid 5 - GroundZeros Portable Multi-8\GroundZeroes.exe
2015-02-02 23:10:14.263 Could not open F:\darkCoin-cpuminer-1.3-avx-aes-windows-binaries\minerd-aes-sse2-sss3.exe
2015-02-02 23:10:14.306 Could not open F:\darkCoin-cpuminer-1.3-avx-aes-windows-binaries\minerd-avx-aes-sse2-sss3.exe
2015-02-02 23:10:14.336 Could not open F:\darkCoin-cpuminer-1.3-avx-aes-windows-binaries\minerd-bdver1.exe
2015-02-02 23:10:14.366 Could not open F:\darkCoin-cpuminer-1.3-avx-aes-windows-binaries\minerd-core-avx-I.exe
2015-02-02 23:10:14.401 Could not open F:\darkCoin-cpuminer-1.3-avx-aes-windows-binaries\minerd-corei7-avx.exe
2015-02-02 23:10:22.166 The following items will be cleaned up:
2015-02-02 23:10:22.166 Mal/VMProtBad-A
2015-02-02 23:10:22.166 Mal/Generic-S
2015-02-02 23:10:22.166 Troj/Agent-ABWY
2015-02-02 23:10:22.166 Mal/Generic-E
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
  • Like
Reactions: aly
You must log in or register to reply here.

Similar threads

W
Solved HackTool:Wind32/Mailpassview found
Replies
10
Views
5K
Broni
Broni
M
Solved Avira engine unable to load. Also Steam and GeForce.
Replies
22
Views
5K
Broni
Broni
N
Solved Computer runs at high CPU and overheats.
2
Replies
31
Views
5K
Broni
Broni

Latest posts

Back