Solved Removing Saleplus

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2015 01
Ran by Matt at 2015-04-27 19:59:19 Run:1
Running from C:\Users\Matt\Desktop
Loaded Profiles: Matt (Available profiles: Matt)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1707229653-1735831777-1245905739-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-03-27 23:05 - 2015-03-27 23:05 - 0000000 ___SH () C:\Users\Matt\AppData\Local\LumaEmu
2015-03-27 22:42 - 2014-04-12 21:27 - 0002080 _____ () C:\Users\Matt\AppData\Local\LumaEmu.ini
2015-03-27 22:42 - 2014-04-27 19:49 - 0003903 _____ () C:\Users\Matt\AppData\Local\LumaEmu.txt

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => Key deleted successfully.
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => Key deleted successfully.
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => Key deleted successfully.
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1707229653-1735831777-1245905739-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.4.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.5.0" => Key deleted successfully.
catchme => Service deleted successfully.
GPUZ => Service deleted successfully.
nvvad_WaveExtensible => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Matt\AppData\Local\LumaEmu => Moved successfully.
C:\Users\Matt\AppData\Local\LumaEmu.ini => Moved successfully.
C:\Users\Matt\AppData\Local\LumaEmu.txt => Moved successfully.

==== End of Fixlog 19:59:19 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.00
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 17.0.0.169
Adobe Reader 10.1.12 Adobe Reader out of Date!
Google Chrome (41.0.2272.118)
Google Chrome (42.0.2311.90)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 40% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 17-01-2015
Ran by Matt (administrator) on 27-04-2015 at 20:34:14
Running from "C:\Users\Matt\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
2015-04-28 03:40:06.833 Sophos Virus Removal Tool version 2.5.4
2015-04-28 03:40:06.833 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-04-28 03:40:06.833 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-04-28 03:40:06.833 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2015-04-28 03:40:06.833 Checking for updates...
2015-04-28 03:40:11.738 Option all = no
2015-04-28 03:40:11.738 Option recurse = yes
2015-04-28 03:40:11.738 Option archive = no
2015-04-28 03:40:11.738 Option service = yes
2015-04-28 03:40:11.738 Option confirm = yes
2015-04-28 03:40:11.738 Option sxl = yes
2015-04-28 03:40:11.739 Option max-data-age = 35
2015-04-28 03:40:11.739 Option EnableSafeClean = yes
2015-04-28 03:40:12.821 Option vdl-logging = yes
2015-04-28 03:40:12.825 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-04-28 03:40:12.825 Machine ID: b14301d5cd8d420394403dff3488884c
2015-04-28 03:40:12.825 Component SVRTcli.exe version 2.5.4
2015-04-28 03:40:12.825 Component control.dll version 2.5.4
2015-04-28 03:40:12.825 Component SVRTservice.exe version 2.5.4
2015-04-28 03:40:12.825 Component engine\osdp.dll version 1.44.1.2200
2015-04-28 03:40:12.825 Component engine\veex.dll version 3.60.0.2200
2015-04-28 03:40:12.825 Component engine\savi.dll version 8.1.7.2200
2015-04-28 03:40:12.825 Component rkdisk.dll version 1.5.30.0
2015-04-28 03:40:12.825 Version info: Product version 2.5.4
2015-04-28 03:40:12.826 Version info: Detection engine 3.60.0
2015-04-28 03:40:12.826 Version info: Detection data 5.13
2015-04-28 03:40:12.826 Version info: Build date 3/31/2015
2015-04-28 03:40:12.826 Version info: Data files added 328
2015-04-28 03:40:12.826 Version info: Last successful update (not yet updated)
2015-04-28 03:40:20.405 Update progress: proxy server not available
2015-04-28 03:40:30.454 Downloading updates...
2015-04-28 03:40:30.454 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-04-28 03:40:30.454 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-04-28 03:40:30.454 Update progress: [I49502] Found supplement IDE514 LATEST
2015-04-28 03:40:30.454 Update progress: [I49502] Found supplement IDE515 LATEST
2015-04-28 03:40:30.454 Update progress: [I49502] Found supplement IDE516 LATEST
2015-04-28 03:40:30.454 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-04-28 03:40:30.454 Update progress: [I19463] Syncing product SAVIW32 53
2015-04-28 03:40:31.940 Update progress: [I19463] Syncing product IDE514 161
2015-04-28 03:40:32.495 Installing updates...
2015-04-28 03:40:33.096 Error level 1
2015-04-28 03:40:33.103 Update progress: [I19463] Syncing product IDE515 169
2015-04-28 03:40:33.103 Update progress: [I19463] Syncing product IDE516 1
2015-04-28 03:40:36.272 Update successful
2015-04-28 03:40:41.400 Option all = no
2015-04-28 03:40:41.400 Option recurse = yes
2015-04-28 03:40:41.400 Option archive = no
2015-04-28 03:40:41.400 Option service = yes
2015-04-28 03:40:41.400 Option confirm = yes
2015-04-28 03:40:41.400 Option sxl = yes
2015-04-28 03:40:41.401 Option max-data-age = 35
2015-04-28 03:40:41.401 Option EnableSafeClean = yes
2015-04-28 03:40:41.428 Option vdl-logging = yes
2015-04-28 03:40:41.432 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-04-28 03:40:41.432 Machine ID: b14301d5cd8d420394403dff3488884c
2015-04-28 03:40:41.433 Component SVRTcli.exe version 2.5.4
2015-04-28 03:40:41.433 Component control.dll version 2.5.4
2015-04-28 03:40:41.433 Component SVRTservice.exe version 2.5.4
2015-04-28 03:40:41.433 Component engine\osdp.dll version 1.44.1.2200
2015-04-28 03:40:41.433 Component engine\veex.dll version 3.60.0.2200
2015-04-28 03:40:41.433 Component engine\savi.dll version 8.1.7.2200
2015-04-28 03:40:41.433 Component rkdisk.dll version 1.5.30.0
2015-04-28 03:40:41.433 Version info: Product version 2.5.4
2015-04-28 03:40:41.433 Version info: Detection engine 3.60.0
2015-04-28 03:40:41.434 Version info: Detection data 5.13G
2015-04-28 03:40:41.434 Version info: Build date 3/31/2015
2015-04-28 03:40:41.434 Version info: Data files added 327
2015-04-28 03:40:41.434 Version info: Last successful update 4/27/2015 8:40:36 PM

2015-04-28 03:53:08.938 Could not open C:\Boot\BCD
2015-04-28 03:53:09.594 Could not open C:\hiberfil.sys
2015-04-28 03:53:21.977 Could not open C:\pagefile.sys
2015-04-28 03:55:16.346 Could not open C:\System Volume Information\{1f8c5328-eb92-11e4-9119-40167ead2668}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-28 03:55:16.346 Could not open C:\System Volume Information\{1f8c5455-eb92-11e4-9119-40167ead2668}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-28 03:55:16.347 Could not open C:\System Volume Information\{1f8c55ef-eb92-11e4-9119-40167ead2668}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-28 03:55:16.347 Could not open C:\System Volume Information\{1f8c5841-eb92-11e4-9119-40167ead2668}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-28 03:55:16.347 Could not open C:\System Volume Information\{2fe42fa5-ed44-11e4-81ce-40167ead2668}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-28 03:55:16.347 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-28 03:55:16.347 Could not open C:\System Volume Information\{3a16fa68-eb9b-11e4-8137-40167ead2668}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-28 03:55:16.347 Could not open C:\System Volume Information\{970cb606-eb8f-11e4-a7e2-40167ead2668}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-28 03:55:16.347 Could not open C:\System Volume Information\{c40bc1eb-ed57-11e4-90b6-40167ead2668}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-28 03:55:17.924 Could not open C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Current Session
2015-04-28 03:55:17.924 Could not open C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2015-04-28 03:55:17.941 Could not check C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
2015-04-28 03:55:17.945 Could not check C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2015-04-28 03:55:18.017 Could not check C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOCK (virus scan failed)
2015-04-28 03:55:18.024 Could not check C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK (virus scan failed)
2015-04-28 03:55:18.198 Could not check C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
2015-04-28 03:55:18.803 Could not check C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2015-04-28 03:57:01.770 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-04-28 03:57:01.770 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-04-28 03:57:02.247 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-04-28 03:57:02.248 Could not open C:\Windows\System32\config\RegBack\SAM
2015-04-28 03:57:02.249 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-04-28 03:57:02.249 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-04-28 03:57:02.250 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-04-28 04:01:52.318 >>> Virus 'Mal/Generic-S' found in file E:\Docs\Rockstar Games\gsrld.dll
2015-04-28 04:01:52.318 >>> Virus 'Mal/Generic-S' found in file E:\Docs\Rockstar Games\gsrld.dll
2015-04-28 04:01:52.318 >>> Virus 'Mal/Generic-S' found in file E:\Docs\Rockstar Games\gsrld.dll
2015-04-28 04:01:52.318 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1707229653-1735831777-1245905739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-28 04:01:52.318 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1707229653-1735831777-1245905739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-28 04:01:52.318 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-28 04:03:55.574 The following items will be cleaned up:
2015-04-28 04:03:55.574 Mal/Generic-S
 
2015-04-28 03:40:06.833 Sophos Virus Removal Tool version 2.5.4
2015-04-28 03:40:06.833 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-04-28 03:40:06.833 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-04-28 03:40:06.833 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2015-04-28 03:40:06.833 Checking for updates...
2015-04-28 03:40:11.738 Option all = no
2015-04-28 03:40:11.738 Option recurse = yes
2015-04-28 03:40:11.738 Option archive = no
2015-04-28 03:40:11.738 Option service = yes
2015-04-28 03:40:11.738 Option confirm = yes
2015-04-28 03:40:11.738 Option sxl = yes
2015-04-28 03:40:11.739 Option max-data-age = 35
2015-04-28 03:40:11.739 Option EnableSafeClean = yes
2015-04-28 03:40:12.821 Option vdl-logging = yes
2015-04-28 03:40:12.825 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-04-28 03:40:12.825 Machine ID: b14301d5cd8d420394403dff3488884c
2015-04-28 03:40:12.825 Component SVRTcli.exe version 2.5.4
2015-04-28 03:40:12.825 Component control.dll version 2.5.4
2015-04-28 03:40:12.825 Component SVRTservice.exe version 2.5.4
2015-04-28 03:40:12.825 Component engine\osdp.dll version 1.44.1.2200
2015-04-28 03:40:12.825 Component engine\veex.dll version 3.60.0.2200
2015-04-28 03:40:12.825 Component engine\savi.dll version 8.1.7.2200
2015-04-28 03:40:12.825 Component rkdisk.dll version 1.5.30.0
2015-04-28 03:40:12.825 Version info: Product version 2.5.4
2015-04-28 03:40:12.826 Version info: Detection engine 3.60.0
2015-04-28 03:40:12.826 Version info: Detection data 5.13
2015-04-28 03:40:12.826 Version info: Build date 3/31/2015
2015-04-28 03:40:12.826 Version info: Data files added 328
2015-04-28 03:40:12.826 Version info: Last successful update (not yet updated)
2015-04-28 03:40:20.405 Update progress: proxy server not available
2015-04-28 03:40:30.454 Downloading updates...
2015-04-28 03:40:30.454 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-04-28 03:40:30.454 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-04-28 03:40:30.454 Update progress: [I49502] Found supplement IDE514 LATEST
2015-04-28 03:40:30.454 Update progress: [I49502] Found supplement IDE515 LATEST
2015-04-28 03:40:30.454 Update progress: [I49502] Found supplement IDE516 LATEST
2015-04-28 03:40:30.454 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-04-28 03:40:30.454 Update progress: [I19463] Syncing product SAVIW32 53
2015-04-28 03:40:31.940 Update progress: [I19463] Syncing product IDE514 161
2015-04-28 03:40:32.495 Installing updates...
2015-04-28 03:40:33.096 Error level 1
2015-04-28 03:40:33.103 Update progress: [I19463] Syncing product IDE515 169
2015-04-28 03:40:33.103 Update progress: [I19463] Syncing product IDE516 1
2015-04-28 03:40:36.272 Update successful
2015-04-28 03:40:41.400 Option all = no
2015-04-28 03:40:41.400 Option recurse = yes
2015-04-28 03:40:41.400 Option archive = no
2015-04-28 03:40:41.400 Option service = yes
2015-04-28 03:40:41.400 Option confirm = yes
2015-04-28 03:40:41.400 Option sxl = yes
2015-04-28 03:40:41.401 Option max-data-age = 35
2015-04-28 03:40:41.401 Option EnableSafeClean = yes
2015-04-28 03:40:41.428 Option vdl-logging = yes
2015-04-28 03:40:41.432 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-04-28 03:40:41.432 Machine ID: b14301d5cd8d420394403dff3488884c
2015-04-28 03:40:41.433 Component SVRTcli.exe version 2.5.4
2015-04-28 03:40:41.433 Component control.dll version 2.5.4
2015-04-28 03:40:41.433 Component SVRTservice.exe version 2.5.4
2015-04-28 03:40:41.433 Component engine\osdp.dll version 1.44.1.2200
2015-04-28 03:40:41.433 Component engine\veex.dll version 3.60.0.2200
2015-04-28 03:40:41.433 Component engine\savi.dll version 8.1.7.2200
2015-04-28 03:40:41.433 Component rkdisk.dll version 1.5.30.0
2015-04-28 03:40:41.433 Version info: Product version 2.5.4
2015-04-28 03:40:41.433 Version info: Detection engine 3.60.0
2015-04-28 03:40:41.434 Version info: Detection data 5.13G
2015-04-28 03:40:41.434 Version info: Build date 3/31/2015
2015-04-28 03:40:41.434 Version info: Data files added 327
2015-04-28 03:40:41.434 Version info: Last successful update 4/27/2015 8:40:36 PM

2015-04-28 03:53:08.938 Could not open C:\Boot\BCD
2015-04-28 03:53:09.594 Could not open C:\hiberfil.sys
2015-04-28 03:53:21.977 Could not open C:\pagefile.sys
2015-04-28 03:55:16.346 Could not open C:\System Volume Information\{1f8c5328-eb92-11e4-9119-40167ead2668}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-28 03:55:16.346 Could not open C:\System Volume Information\{1f8c5455-eb92-11e4-9119-40167ead2668}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-28 03:55:16.347 Could not open C:\System Volume Information\{1f8c55ef-eb92-11e4-9119-40167ead2668}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-28 03:55:16.347 Could not open C:\System Volume Information\{1f8c5841-eb92-11e4-9119-40167ead2668}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-28 03:55:16.347 Could not open C:\System Volume Information\{2fe42fa5-ed44-11e4-81ce-40167ead2668}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-28 03:55:16.347 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-28 03:55:16.347 Could not open C:\System Volume Information\{3a16fa68-eb9b-11e4-8137-40167ead2668}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-28 03:55:16.347 Could not open C:\System Volume Information\{970cb606-eb8f-11e4-a7e2-40167ead2668}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-28 03:55:16.347 Could not open C:\System Volume Information\{c40bc1eb-ed57-11e4-90b6-40167ead2668}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-28 03:55:17.924 Could not open C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Current Session
2015-04-28 03:55:17.924 Could not open C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2015-04-28 03:55:17.941 Could not check C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
2015-04-28 03:55:17.945 Could not check C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2015-04-28 03:55:18.017 Could not check C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOCK (virus scan failed)
2015-04-28 03:55:18.024 Could not check C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK (virus scan failed)
2015-04-28 03:55:18.198 Could not check C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
2015-04-28 03:55:18.803 Could not check C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2015-04-28 03:57:01.770 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-04-28 03:57:01.770 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-04-28 03:57:02.247 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-04-28 03:57:02.248 Could not open C:\Windows\System32\config\RegBack\SAM
2015-04-28 03:57:02.249 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-04-28 03:57:02.249 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-04-28 03:57:02.250 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-04-28 04:01:52.318 >>> Virus 'Mal/Generic-S' found in file E:\Docs\Rockstar Games\gsrld.dll
2015-04-28 04:01:52.318 >>> Virus 'Mal/Generic-S' found in file E:\Docs\Rockstar Games\gsrld.dll
2015-04-28 04:01:52.318 >>> Virus 'Mal/Generic-S' found in file E:\Docs\Rockstar Games\gsrld.dll
2015-04-28 04:01:52.318 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1707229653-1735831777-1245905739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-28 04:01:52.318 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1707229653-1735831777-1245905739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-28 04:01:52.318 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-28 04:03:55.574 The following items will be cleaned up:
2015-04-28 04:03:55.574 Mal/Generic-S
2015-04-28 04:06:23.017 Threat 'Mal/Generic-S' has been cleaned up.
2015-04-28 04:06:23.017 File "E:\Docs\Rockstar Games\gsrld.dll" belongs to malware 'Mal/Generic-S'.
2015-04-28 04:06:23.017 File "E:\Docs\Rockstar Games\gsrld.dll" has been cleaned up.
2015-04-28 04:06:23.017 Removal successful
2015-04-28 04:06:23.033 Contents of SafeClean bin directory:
2015-04-28 04:06:23.033 {
2015-04-28 04:06:23.033 RecordID : "0000000000000001",
2015-04-28 04:06:23.033 ItemType : "1",
2015-04-28 04:06:23.033 Location : "E:\Docs\Rockstar Games\",
2015-04-28 04:06:23.033 FileName : "gsrld.dll",
2015-04-28 04:06:23.033 ThreatName : "Mal/Generic-S",
2015-04-28 04:06:23.033 Checksum : "0cd6ad171382fcb7ec85f544fd1298ae76cae2796774fbaddbb429790100dc60",
2015-04-28 04:06:23.033 TimeStamp : "Mon Apr 27 21:06:21 2015"
2015-04-28 04:06:23.033 }
2015-04-28 04:06:23.454 Error level 0
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

===============================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Back