Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with game harbor virus, website that opens on startup


  • This topic is locked This topic is locked
4 replies to this topic

#1 puppenstein

puppenstein

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 17 September 2014 - 09:02 PM

new sims 4 torrent most likely did it, other threads with same problems have fixlists that i dont have access too 

here are my FRST scan results

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Joel (administrator) on ACER on 18-09-2014 09:45:18
Running from C:\Users\User\Desktop\FRST
Platform: Windows 8.1 (Update 1) (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\IoacTOOL\IoacNetTool.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
(Acer Incorporated) C:\Program Files\Acer\Remote Files\RemoteFilesService.exe
(Acer Incorporated) C:\Program Files\Acer\Remote Files\CacheMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Users\User\Desktop\borderless\BorderlessWindowed.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Qualcomm®Atheros®))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-23878014-3031142099-3256649033-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-23878014-3031142099-3256649033-1002\...\Run: [AcerCloud] => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [18247424 2014-02-13] (Acer Incorporated)
HKU\S-1-5-21-23878014-3031142099-3256649033-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-23878014-3031142099-3256649033-1002\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-03] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-03] (NVIDIA Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BorderlessWindowed - Shortcut.lnk
ShortcutTarget: BorderlessWindowed - Shortcut.lnk -> C:\Users\User\Desktop\borderless\BorderlessWindowed.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\settings.ini ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 - {6FF95A39-6190-4D18-A386-B9F9926E8D43} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
 
FireFox:
========
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\BlackBerry World Browser Plugin\npappworld.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchKeyword: Default -> 74DB6E2512889ADD27C420507041D229C1781DE8A689CEDFB24F0C4EBC7346A1
CHR DefaultSearchURL: Default -> 5480968AFD648445089706E2C088B98689F9192D44C9EBF3D8E0D129CF9A6096
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-06]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-06]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-05-29]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-06]
CHR Extension: (Screencastify (Screen Video Recorder)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2014-04-23]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-06]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2798336 2014-02-13] (Acer Incorporated)
S2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-06] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-17] (TODO: <Company name>) [File not signed]
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2013-08-31] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-30] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-02] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-09-04] (LogMeIn Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-04-01] (NVIDIA Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 RDID1116; C:\Windows\system32\Drivers\rdwm1116.sys [157696 2012-10-23] (Roland Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2014-03-03] (Research In Motion Limited)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [427736 2013-08-09] (Realsil Semiconductor Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-18 09:45 - 2014-09-18 09:45 - 00000000 ____D () C:\Users\User\Desktop\FRST
2014-09-18 09:41 - 2014-09-18 09:45 - 00000000 ____D () C:\FRST
2014-09-16 09:22 - 2014-09-16 09:22 - 00000876 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-09-16 09:21 - 2014-09-17 00:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2014-09-15 22:48 - 2014-09-15 23:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-09-15 22:48 - 2014-09-15 23:26 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2014-09-15 22:48 - 2014-09-15 22:48 - 00000000 ____D () C:\Users\User\Documents\Image-Line
2014-09-15 22:48 - 2014-09-15 22:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\Image-Line
2014-09-15 22:48 - 2014-09-15 22:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\FlowStone
2014-09-15 22:48 - 2014-09-15 22:48 - 00000000 ____D () C:\Program Files\Image-Line
2014-09-15 22:43 - 2014-09-15 22:48 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-09-14 13:14 - 2014-09-14 13:14 - 00001047 _____ () C:\Users\Public\Desktop\DS4Tool.lnk
2014-09-14 13:14 - 2014-09-14 13:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\DSDCS
2014-09-14 13:14 - 2014-09-14 13:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\DS4Tool
2014-09-14 13:14 - 2014-09-14 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DS4Tool
2014-09-14 13:14 - 2014-09-14 13:14 - 00000000 ____D () C:\ProgramData\DSDCS
2014-09-14 13:14 - 2014-09-14 13:14 - 00000000 ____D () C:\ProgramData\Caphyon
2014-09-14 13:14 - 2014-09-14 13:14 - 00000000 ____D () C:\Program Files (x86)\DSDCS
2014-09-13 12:09 - 2014-09-13 12:09 - 00344912 _____ () C:\Windows\Minidump\091314-56843-01.dmp
2014-09-12 22:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-12 22:46 - 2014-09-13 10:11 - 00000000 ____D () C:\AdwCleaner
2014-09-12 15:12 - 2014-09-12 15:12 - 00001844 _____ () C:\Users\Public\Desktop\Smite.lnk
2014-09-11 18:20 - 2014-09-11 18:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-09-11 08:59 - 2014-09-11 08:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-09-11 08:59 - 2014-09-11 08:59 - 00000000 ____D () C:\ProgramData\Sophos
2014-09-11 08:59 - 2014-09-11 08:59 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-09-11 00:08 - 2014-09-11 10:02 - 00000000 ____D () C:\Users\User\Documents\Strife
2014-09-11 00:06 - 2014-09-11 00:06 - 00001959 _____ () C:\Users\User\Desktop\Strife.lnk
2014-09-11 00:06 - 2014-09-11 00:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-11 00:06 - 2014-09-11 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-11 00:03 - 2014-09-11 10:02 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-09-10 12:31 - 2014-09-10 12:32 - 00301936 _____ () C:\Windows\Minidump\091014-26218-01.dmp
2014-09-10 11:21 - 2014-09-10 11:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\Oracle
2014-09-10 11:20 - 2014-09-10 11:20 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-10 11:20 - 2014-09-10 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-10 11:20 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-07 15:36 - 2014-09-07 15:36 - 00001479 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScpServer - Shortcut.lnk
2014-09-05 00:33 - 2014-09-05 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-05 00:33 - 2014-09-05 00:33 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-05 00:27 - 2014-09-05 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SIMS 4 Deluxe Edition
2014-09-05 00:22 - 2014-09-05 00:22 - 00001338 _____ () C:\Users\User\Desktop\Origin - Shortcut.lnk
2014-09-04 11:44 - 2014-09-04 11:44 - 00046136 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2014-09-03 20:54 - 2014-09-03 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coop-Land
2014-09-03 20:53 - 2014-09-03 20:57 - 00000000 ____D () C:\Program Files (x86)\Coop-Land
2014-09-02 00:06 - 2014-09-02 00:06 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-28 17:06 - 2014-08-28 17:06 - 00301936 _____ () C:\Windows\Minidump\082814-23234-01.dmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-18 09:45 - 2014-09-18 09:45 - 00000000 ____D () C:\Users\User\Desktop\FRST
2014-09-18 09:45 - 2014-09-18 09:41 - 00000000 ____D () C:\FRST
2014-09-18 09:22 - 2014-04-07 11:54 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-23878014-3031142099-3256649033-1002
2014-09-18 09:22 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-18 09:17 - 2013-10-17 15:15 - 01329634 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 09:14 - 2014-07-12 14:12 - 00000000 ___HD () C:\Users\User\Desktop\borderless
2014-09-18 09:13 - 2014-05-17 12:44 - 00000000 ___RD () C:\Users\User\Google Drive
2014-09-18 09:13 - 2014-04-08 21:53 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-09-18 09:13 - 2014-04-07 11:50 - 00000000 ____D () C:\Users\User\AppData\Local\clear.fi
2014-09-18 09:12 - 2014-06-22 00:10 - 00000000 ____D () C:\Users\User\AppData\Local\LogMeIn Hamachi
2014-09-18 09:12 - 2014-04-06 22:24 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 09:11 - 2013-08-22 22:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 00:56 - 2014-04-06 22:24 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-17 17:06 - 2014-04-12 16:48 - 00000000 ____D () C:\Users\User\AppData\Local\PMB Files
2014-09-17 09:52 - 2014-04-24 21:25 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-09-17 09:19 - 2013-09-06 12:04 - 00047644 _____ () C:\Windows\PFRO.log
2014-09-17 00:40 - 2014-09-16 09:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2014-09-17 00:40 - 2014-04-07 02:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\Azureus
2014-09-16 23:29 - 2014-04-06 23:00 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-09-16 18:41 - 2014-05-22 15:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-09-16 16:20 - 2014-04-06 22:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-16 09:22 - 2014-09-16 09:22 - 00000876 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-09-15 23:27 - 2014-04-07 11:48 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-09-15 23:26 - 2014-09-15 22:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-09-15 23:26 - 2014-09-15 22:48 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2014-09-15 23:05 - 2014-04-07 18:51 - 00000000 ____D () C:\Cakewalk Projects
2014-09-15 22:48 - 2014-09-15 22:48 - 00000000 ____D () C:\Users\User\Documents\Image-Line
2014-09-15 22:48 - 2014-09-15 22:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\Image-Line
2014-09-15 22:48 - 2014-09-15 22:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\FlowStone
2014-09-15 22:48 - 2014-09-15 22:48 - 00000000 ____D () C:\Program Files\Image-Line
2014-09-15 22:48 - 2014-09-15 22:43 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-09-14 13:14 - 2014-09-14 13:14 - 00001047 _____ () C:\Users\Public\Desktop\DS4Tool.lnk
2014-09-14 13:14 - 2014-09-14 13:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\DSDCS
2014-09-14 13:14 - 2014-09-14 13:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\DS4Tool
2014-09-14 13:14 - 2014-09-14 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DS4Tool
2014-09-14 13:14 - 2014-09-14 13:14 - 00000000 ____D () C:\ProgramData\DSDCS
2014-09-14 13:14 - 2014-09-14 13:14 - 00000000 ____D () C:\ProgramData\Caphyon
2014-09-14 13:14 - 2014-09-14 13:14 - 00000000 ____D () C:\Program Files (x86)\DSDCS
2014-09-13 12:09 - 2014-09-13 12:09 - 00344912 _____ () C:\Windows\Minidump\091314-56843-01.dmp
2014-09-13 12:09 - 2014-04-08 21:08 - 00000000 ____D () C:\Windows\Minidump
2014-09-13 12:08 - 2014-04-08 21:08 - 902063843 ____N () C:\Windows\MEMORY.DMP
2014-09-13 11:25 - 2014-05-20 21:11 - 00000000 ____D () C:\Program Files (x86)\The Amazing Spider-Man 2
2014-09-13 11:08 - 2014-06-20 19:06 - 00000000 ____D () C:\Users\User\AppData\Local\Warframe
2014-09-13 10:11 - 2014-09-12 22:46 - 00000000 ____D () C:\AdwCleaner
2014-09-12 17:03 - 2014-06-27 23:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Unity
2014-09-12 16:34 - 2014-04-09 20:29 - 00000000 ____D () C:\ProgramData\Origin
2014-09-12 15:12 - 2014-09-12 15:12 - 00001844 _____ () C:\Users\Public\Desktop\Smite.lnk
2014-09-12 15:12 - 2014-04-07 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2014-09-11 18:20 - 2014-09-11 18:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-09-11 18:20 - 2013-08-22 22:46 - 00032456 _____ () C:\Windows\setupact.log
2014-09-11 18:16 - 2014-08-17 03:44 - 00000000 ____D () C:\Users\User\Desktop\beat hazard
2014-09-11 18:15 - 2014-04-09 20:29 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-11 17:41 - 2014-05-09 17:11 - 00055808 ___SH () C:\Users\User\Desktop\Thumbs.db
2014-09-11 10:02 - 2014-09-11 00:08 - 00000000 ____D () C:\Users\User\Documents\Strife
2014-09-11 10:02 - 2014-09-11 00:03 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-09-11 10:01 - 2014-04-12 16:48 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-11 08:59 - 2014-09-11 08:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-09-11 08:59 - 2014-09-11 08:59 - 00000000 ____D () C:\ProgramData\Sophos
2014-09-11 08:59 - 2014-09-11 08:59 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-09-11 00:06 - 2014-09-11 00:06 - 00001959 _____ () C:\Users\User\Desktop\Strife.lnk
2014-09-11 00:06 - 2014-09-11 00:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-11 00:06 - 2014-09-11 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-11 00:06 - 2014-04-07 00:04 - 00574824 _____ () C:\Windows\DirectX.log
2014-09-10 12:32 - 2014-09-10 12:31 - 00301936 _____ () C:\Windows\Minidump\091014-26218-01.dmp
2014-09-10 11:21 - 2014-09-10 11:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\Oracle
2014-09-10 11:20 - 2014-09-10 11:20 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-10 11:20 - 2014-09-10 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-10 11:20 - 2014-04-12 18:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-10 11:20 - 2014-04-12 18:59 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-07 15:36 - 2014-09-07 15:36 - 00001479 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScpServer - Shortcut.lnk
2014-09-05 12:53 - 2014-04-29 17:27 - 00000000 ____D () C:\Program Files\OblyTile
2014-09-05 03:37 - 2013-08-22 21:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-05 00:37 - 2014-04-10 18:50 - 00000000 ____D () C:\Users\User\Documents\Electronic Arts
2014-09-05 00:33 - 2014-09-05 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-05 00:33 - 2014-09-05 00:33 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-05 00:27 - 2014-09-05 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SIMS 4 Deluxe Edition
2014-09-05 00:22 - 2014-09-05 00:22 - 00001338 _____ () C:\Users\User\Desktop\Origin - Shortcut.lnk
2014-09-04 19:10 - 2014-04-07 00:06 - 00000000 ____D () C:\Users\User\Documents\My Games
2014-09-04 11:44 - 2014-09-04 11:44 - 00046136 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2014-09-03 22:05 - 2014-04-07 22:55 - 00000000 ____D () C:\Users\User\AppData\Local\dxhr
2014-09-03 21:53 - 2014-06-22 22:55 - 00000000 ____D () C:\Users\User\Desktop\gang beasts
2014-09-03 20:57 - 2014-09-03 20:53 - 00000000 ____D () C:\Program Files (x86)\Coop-Land
2014-09-03 20:54 - 2014-09-03 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coop-Land
2014-09-03 19:09 - 2013-10-17 15:40 - 00019202 _____ () C:\Windows\DPINST.LOG
2014-09-02 18:35 - 2014-05-10 23:10 - 00000000 ____D () C:\Users\User\Documents\songs
2014-09-02 00:06 - 2014-09-02 00:06 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-02 00:06 - 2013-08-22 23:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-29 21:44 - 2014-07-09 21:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\DarknessII
2014-08-28 17:06 - 2014-08-28 17:06 - 00301936 _____ () C:\Windows\Minidump\082814-23234-01.dmp
2014-08-19 23:22 - 2014-05-29 22:57 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-08-19 23:22 - 2014-05-29 22:45 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-08-19 23:12 - 2014-04-07 23:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Awesomium
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\BackupSetup.exe
C:\Users\User\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\User\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\User\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\User\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\User\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\User\AppData\Local\Temp\i4jdel0.exe
C:\Users\User\AppData\Local\Temp\i4jdel1.exe
C:\Users\User\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\libeay32.dll
C:\Users\User\AppData\Local\Temp\nsb544D.exe
C:\Users\User\AppData\Local\Temp\nse7557.exe
C:\Users\User\AppData\Local\Temp\nsm56AF.exe
C:\Users\User\AppData\Local\Temp\nsn7287.exe
C:\Users\User\AppData\Local\Temp\nsr551.exe
C:\Users\User\AppData\Local\Temp\oi_{2FA26F85-29AE-4DA0-AD81-B80C53F28008}.exe
C:\Users\User\AppData\Local\Temp\ovisetup-10072014234841.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
C:\Users\User\AppData\Local\Temp\Sqlite3.dll
C:\Users\User\AppData\Local\Temp\SRLDetectionLibrary7287067484613510430.dll
C:\Users\User\AppData\Local\Temp\ssleay32.dll
C:\Users\User\AppData\Local\Temp\swt-win32-3349.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-12 13:09
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 18 September 2014 - 11:10 AM

Hello puppenstein

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!
  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.



I need you to download this script I have made for you --> Attached File  fixlist.txt   139bytes   10 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 26 September 2014 - 01:55 PM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 29 September 2014 - 08:04 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 09 October 2014 - 07:22 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users