Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NextCoup & GGOSave browser malware keeps coming back. Help me please!


  • This topic is locked This topic is locked
6 replies to this topic

#1 emphatic

emphatic

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 16 October 2014 - 05:21 AM

Fellow members,

 

These two extensions NextCoup & GGoSave keep coming back in my Chrome browser after I restart the browser. Even after having deleted these extensions manually in chrome's extension options, they keep reappearing.

These broswer extensions manifest through annoying popups and links on all my tabs that are not supposed to be there, until I manually shut it down in chrome again.

In windows explorer I cannot manage to get rid of these annoying add-ons too.

Hence, could someone please assist me in the process of cleaning this stupidly self-caused mess?

 

Somehow I could not manage to open dds.com as it kept stating "DDS is not meant to run in Compatibility Mode." I did not specifically chose to run it this way, and I tried opening it as an administrator, which didnt work either.

So hereby I include my report of FRST.txt and attached is the addition.txt

 

Thank you for considering my issue.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 02
Ran by Maxiboek (administrator) on MAXIME on 16-10-2014 12:13:56
Running from C:\Users\Maxiboek\Desktop
Loaded Profile: Maxiboek (Available profiles: Maxiboek)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Cold Turkey\CTService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Cold Turkey\CTConfigServer.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [13936 2013-12-19] (ASUS)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe [37728 2011-09-14] (Mindjet)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1205769780-2014387907-159496476-1001\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649816 2012-12-25] (CyberLink Corp.)
AppInit_DLLs: C:\PROGRA~2\GS_BOO~1\ASSIST~2.DLL => C:\PROGRA~2\GS_BOO~1\ASSIST~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~2\gs_boo~1\assist~1.dll => "c:\progra~2\gs_boo~1\assist~1.dll" File Not Found
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [StorageProviderError] -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [StorageProviderSyncing] -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1412247570&from=wpc&uid=ST750LM000-1EJ16G_W3819LS5XXXXW3819LS5
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKCU - DefaultScope {7FD6AB63-A9E1-472E-B187-6BBF5EEF80AD} URL = http://www.google.nl/search?hl=nl&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {7FD6AB63-A9E1-472E-B187-6BBF5EEF80AD} URL = http://www.google.nl/search?hl=nl&q={searchTerms}
BHO: GGOSave -> {4d13a571-05d9-4b4d-844c-c0b678984b70} -> C:\Program Files (x86)\GGOSave\fjOpcUBRQ3fsiO.x64.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: GGOSave -> {4d13a571-05d9-4b4d-844c-c0b678984b70} -> C:\Program Files (x86)\GGOSave\fjOpcUBRQ3fsiO.dll No File
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 195.121.1.34 195.121.1.66
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Maxiboek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Documenten) - C:\Users\Maxiboek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-26]
CHR Extension: (Google Drive) - C:\Users\Maxiboek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-26]
CHR Extension: (GoSSave) - C:\Users\Maxiboek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjjnlkfiohhfbjfgjgiefkdadbpfdnie [2014-10-02]
CHR Extension: (YouTube) - C:\Users\Maxiboek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-26]
CHR Extension: (Adblock Plus) - C:\Users\Maxiboek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-26]
CHR Extension: (Google Zoeken) - C:\Users\Maxiboek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-26]
CHR Extension: (NExtCOup) - C:\Users\Maxiboek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbgigmhhhkgmajmleoneabfdjobkpcmg [2014-10-02]
CHR Extension: (Google Wallet) - C:\Users\Maxiboek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26]
CHR Extension: (Gmail) - C:\Users\Maxiboek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-26]
CHR Extension: (GoSSave) - C:\Users\Maxiboek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjjnlkfiohhfbjfgjgiefkdadbpfdnie\2.0 [2014-10-02]
CHR Extension: (Extutil) - C:\Users\Maxiboek\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-07-07]
CHR Extension: (NExtCOup) - C:\Users\Maxiboek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbgigmhhhkgmajmleoneabfdjobkpcmg\1.0 [2014-10-02]
CHR Extension: (Managera) - C:\Users\Maxiboek\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-07-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 CTService; C:\Program Files\Cold Turkey\CTService.exe [62976 2013-12-08] () [File not signed]
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [129992 2014-01-19] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2013-12-13] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2013-08-22] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
S2 4d349a54; "C:\Windows\system32\rundll32.exe" "c:\progra~2\gs_boo~1\AssistantSvc.dll",service
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 51760281; C:\Windows\system32\DRIVERS\51760281.sys [458336 2014-10-14] (Kaspersky Lab ZAO)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-12] (ASUS Corporation)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [149448 2013-11-23] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-08-06] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3609056 2013-12-05] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows ® Win 7 DDK provider)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-16 12:13 - 2014-10-16 12:14 - 00021203 _____ () C:\Users\Maxiboek\Desktop\FRST.txt
2014-10-16 12:08 - 2014-10-16 12:13 - 00000000 ____D () C:\FRST
2014-10-16 12:00 - 2014-10-16 12:00 - 02111488 _____ (Farbar) C:\Users\Maxiboek\Desktop\FRST64.exe
2014-10-16 07:09 - 2014-10-16 07:10 - 45666476 _____ () C:\Users\Maxiboek\Downloads\The Way To Do It - Hannah Wants & Chris Lorenzo.wav
2014-10-16 05:20 - 2014-10-16 05:20 - 00028343 _____ () C:\Users\Maxiboek\Downloads\[rutracker.org].t4523137.torrent
2014-10-16 05:20 - 2014-10-16 05:20 - 00000000 ____D () C:\Users\Maxiboek\Downloads\SPF.Samplers.Massive.Deep.House.Presets.MiDi.NI.Massive.Presets
2014-10-16 05:18 - 2014-10-16 05:42 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Spf Samplers - Underground Techno WAV Sylenth1
2014-10-16 05:18 - 2014-10-16 05:18 - 00016564 _____ () C:\Users\Maxiboek\Downloads\Spf_Samplers_Underground_Techno_WAV_Sylenth1_-demonoid.ph-_.torrent
2014-10-16 04:50 - 2014-10-16 04:50 - 02347384 _____ (ESET) C:\Users\Maxiboek\Downloads\esetsmartinstaller_enu.exe
2014-10-16 04:50 - 2014-10-16 04:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-15 17:48 - 2014-10-15 17:48 - 00986658 _____ () C:\Users\Maxiboek\Desktop\dnb ieks.wav
2014-10-15 13:39 - 2014-10-15 13:39 - 00000000 ____D () C:\Users\Maxiboek\Downloads\25places
2014-10-15 13:19 - 2014-10-15 13:19 - 54442922 _____ () C:\Users\Maxiboek\Downloads\25places.zip
2014-10-14 19:59 - 2014-10-14 19:59 - 00063211 _____ () C:\Users\Maxiboek\Desktop\Task 19 - Different forms of groups.pptx
2014-10-14 14:31 - 2014-10-14 14:31 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-14 14:01 - 2014-10-14 10:25 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\51760281.sys
2014-10-14 10:08 - 2014-10-14 10:09 - 161350640 _____ () C:\Users\Maxiboek\Downloads\setup_11.0.3.7.x01_2014_10_14_10_26.exe
2014-10-14 10:08 - 2014-10-14 10:08 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Maxiboek\Downloads\rkill.com
2014-10-14 09:55 - 2014-10-14 09:58 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Mefjus - Contemporary EP
2014-10-12 21:35 - 2014-10-12 21:35 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-12 21:35 - 2014-10-12 21:35 - 00000000 _____ () C:\autoexec.bat
2014-10-12 21:34 - 2014-10-12 21:47 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-12 15:24 - 2014-10-12 16:00 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Boris Brejcha - Feuerfalter Part 01 [HHMA024-4] 2013
2014-10-12 15:24 - 2014-10-12 15:27 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Boris Brejcha - Feuerfalter Part 02 [HHMA 0254] 2014
2014-10-12 12:17 - 2014-10-13 15:00 - 00000000 ____D () C:\Users\Maxiboek\Downloads\MEGA SAMPLES VOL-8[PART-1]
2014-10-12 12:15 - 2014-10-12 14:30 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Loopmasters Deep and Raw Techno MULTiFORMAT
2014-10-11 16:49 - 2014-10-11 21:07 - 00000000 __HDC () C:\ProgramData\{34163C5E-1AE4-49D8-B5F9-A3C2422AAB96}
2014-10-11 16:16 - 2014-10-11 16:36 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Loopmasters Spektre Atmospheric Techno MULTiFORMAT
2014-10-11 16:05 - 2014-10-11 16:41 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Loopmasters Punchy Techno Vol 2 [DJ Vagan]
2014-10-11 16:01 - 2014-10-11 16:40 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Loopmasters Ultimate Tech House Techno WAV
2014-10-11 12:03 - 2014-10-11 12:03 - 00000000 ____D () C:\Users\Maxiboek\Documents\Sonic Academy
2014-10-11 11:58 - 2014-10-11 11:58 - 00000000 ____D () C:\ProgramData\Sonic Academy
2014-10-11 11:51 - 2014-10-11 12:10 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Sonic Academy KICK Nicky Romero Edition v1.01 WiN MacOSX Incl. Keygen-R2R [deepstatus][h33t][1337x][flashtorrents]
2014-10-10 20:07 - 2014-10-10 20:08 - 16031570 _____ () C:\Users\Maxiboek\Desktop\what i learned in techno sampling.wav
2014-10-10 11:02 - 2014-10-10 11:02 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Native.Instruments.Driver.v1.0.1
2014-10-09 14:47 - 2014-10-09 14:51 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Chronicle.2012.DVDRip.XviD-SPARKS
2014-10-08 19:08 - 2014-10-08 19:08 - 00001020 _____ () C:\Users\Public\Desktop\Traktor 2.lnk
2014-10-08 19:06 - 2014-10-08 19:06 - 00000000 __HDC () C:\ProgramData\{9477ED15-E4A3-4984-9B76-31F573D8EAAF}
2014-10-08 19:05 - 2014-10-08 19:05 - 00000000 __HDC () C:\ProgramData\{F2610326-6A40-4BBC-9FBC-7F05356A912A}
2014-10-05 23:17 - 2014-10-08 19:08 - 00000000 __HDC () C:\ProgramData\{E54DB1D4-CC7D-414E-8BED-584C447836EA}
2014-10-05 14:58 - 2014-10-05 14:59 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Native.Instruments.Traktor.Scratch.Pro.2.v2.6.3-REViSE
2014-10-04 23:17 - 2014-10-04 23:17 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Status_Anxiety
2014-10-03 19:23 - 2014-10-03 19:23 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Flume (Deluxe Edition)
2014-10-02 15:42 - 2014-10-02 15:42 - 00013002 _____ () C:\Windows\system32\.crusader
2014-10-02 15:39 - 2014-10-02 15:39 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-10-02 15:39 - 2014-10-02 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-10-02 15:39 - 2014-10-02 15:39 - 00000000 ____D () C:\Program Files\HitmanPro
2014-10-02 15:38 - 2014-10-02 15:38 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Hitman Pro 3.7.9 Cracked 32+64-Bit [danhuk]
2014-10-02 15:32 - 2014-10-02 15:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-02 15:32 - 2014-10-02 15:32 - 11194928 _____ (SurfRight B.V.) C:\Users\Maxiboek\Downloads\HitmanPro_x64.exe
2014-10-02 12:58 - 2014-10-02 13:07 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-02 12:58 - 2014-10-02 13:07 - 00000000 ____D () C:\ProgramData\db2f369425a7ce35
2014-10-02 12:58 - 2014-10-02 12:58 - 00000000 ____D () C:\Users\Maxiboek\AppData\Local\Torch
2014-10-02 12:58 - 2014-10-02 12:58 - 00000000 ____D () C:\Users\Maxiboek\AppData\Local\Chromatic Browser
2014-10-02 12:58 - 2014-10-02 12:58 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-10-02 12:58 - 2014-10-02 12:58 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-10-02 12:58 - 2014-10-02 12:58 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-10-02 12:58 - 2014-10-02 12:58 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-10-02 12:58 - 2014-10-02 12:58 - 00000000 ____D () C:\Users\Guest
2014-10-02 12:58 - 2014-10-02 12:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-10-02 12:58 - 2014-10-02 12:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-10-02 12:58 - 2014-10-02 12:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-10-02 12:58 - 2014-10-02 12:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-10-02 12:58 - 2014-10-02 12:58 - 00000000 ____D () C:\Users\Administrator
2014-10-01 21:00 - 2014-10-01 21:04 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Ministry Of Sound - The House That Garage Built (3CD) 2014 (320kbps) (AciDToX8)
2014-10-01 20:54 - 2014-10-01 21:55 - 00000000 ____D () C:\Users\Maxiboek\Downloads\VA - Ministry of Sound Chilled House Session 4 (2013)
2014-10-01 20:54 - 2014-10-01 20:54 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Ministry Of Sound The Sound Of Deep House 2 (2014)
2014-10-01 20:53 - 2014-10-01 21:11 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Ministry of Sound Tech House (2014) (320kbps) (AciDToX8)
2014-10-01 20:53 - 2014-10-01 21:02 - 00000000 ____D () C:\Users\Maxiboek\Downloads\VA - Ministry of Sound - Deep House Sessions [2013] [Mp3-320]-V3nom [GLT]
2014-09-29 21:52 - 2014-09-29 21:52 - 00383851 _____ () C:\Users\Maxiboek\Downloads\Week5 2014.pptx
2014-09-26 01:24 - 2014-09-26 01:24 - 00756704 _____ () C:\Users\Maxiboek\Downloads\Presentation 1 PESTLE.pptx
2014-09-25 16:44 - 2014-09-25 16:53 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Mr. Scruff
2014-09-25 16:34 - 2014-09-25 16:38 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Ninja Tune
2014-09-25 16:34 - 2014-09-25 16:34 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Mr. Scruff - Friendly Bacteria - 2014
2014-09-25 15:46 - 2014-09-25 15:50 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Rawtekk – Sprouted and Formed - 2013
2014-09-25 11:17 - 2014-09-25 11:17 - 00131584 _____ () C:\Windows\SysWOW64\SpoonUninstall.exe
2014-09-25 11:17 - 2014-09-25 11:17 - 00041653 _____ () C:\Windows\SysWOW64\SpoonUninstall-DDXL Student.dat
2014-09-25 11:17 - 2014-09-25 11:16 - 00027076 _____ () C:\Windows\SysWOW64\SpoonUninstall-DDXL Student.bmp
2014-09-25 11:16 - 2014-09-25 11:17 - 00000000 ____D () C:\Program Files (x86)\DDXL
2014-09-25 10:03 - 2014-09-25 11:36 - 00307025 _____ () C:\Users\Maxiboek\Downloads\Maxime 6082273 Week4ExcelAss.xlsx
2014-09-24 16:03 - 2014-09-24 16:08 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Sample Magic - Drum & Bass
2014-09-21 19:37 - 2014-09-21 19:46 - 00000000 ____D () C:\Users\Maxiboek\Downloads\NickBee - Empty Your Mind LP (DISLTDLP001D) [2014-WEB-320]
2014-09-18 16:00 - 2014-09-18 16:05 - 00000000 ____D () C:\Users\Maxiboek\Downloads\[RG.REBOOT] Feed Me - Calamari Tuesday (2013) [SOVOD001] {MP3-320CBR}
2014-09-18 14:51 - 2014-09-18 14:51 - 00000000 ____D () C:\Program Files\ASIO4ALL v2
2014-09-17 13:42 - 2014-09-17 13:42 - 00000000 ____D () C:\Users\Maxiboek\Downloads\Foreign Concept - Make Meals EP (CRIT077) [2014-WEB-320]
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-16 12:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-16 11:45 - 2014-09-10 14:27 - 00000000 ____D () C:\Users\Maxiboek\Documents\Outlook Files
2014-10-16 11:37 - 2014-04-15 00:01 - 01415637 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 11:27 - 2014-04-15 00:12 - 00003474 _____ () C:\Windows\System32\Tasks\ASUS Live Update1
2014-10-16 11:27 - 2014-04-15 00:12 - 00003464 _____ () C:\Windows\System32\Tasks\ASUS Live Update2
2014-10-16 11:25 - 2014-06-26 13:01 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1205769780-2014387907-159496476-1001
2014-10-16 11:25 - 2013-12-13 13:27 - 00806586 _____ () C:\Windows\system32\perfh013.dat
2014-10-16 11:25 - 2013-12-13 13:27 - 00162126 _____ () C:\Windows\system32\perfc013.dat
2014-10-16 11:25 - 2013-12-13 06:09 - 01823174 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 11:21 - 2014-06-26 12:57 - 00000073 _____ () C:\Users\Maxiboek\AppData\Roaming\sp_data.sys
2014-10-16 11:20 - 2014-06-26 13:13 - 00000000 ___RD () C:\Users\Maxiboek\SkyDrive
2014-10-16 11:19 - 2014-06-26 18:43 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-16 11:19 - 2013-12-13 05:57 - 00020346 _____ () C:\Windows\PFRO.log
2014-10-16 11:19 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 11:18 - 2014-06-26 18:45 - 00000000 ____D () C:\Users\Maxiboek\AppData\Roaming\BitTorrent
2014-10-16 11:18 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-14 23:03 - 2014-08-31 01:18 - 00000000 ____D () C:\Users\Maxiboek\Desktop\EBE Uni Folder
2014-10-12 00:03 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-11 21:09 - 2014-06-27 04:05 - 00000000 ____D () C:\Users\Maxiboek\Documents\Native Instruments
2014-10-11 21:07 - 2014-07-05 13:36 - 00000000 ____D () C:\Program Files\Native Instruments
2014-10-11 21:07 - 2014-06-27 04:04 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2014-10-11 21:07 - 2014-06-26 19:27 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2014-10-11 12:23 - 2014-07-24 00:44 - 172918465 _____ () C:\Users\Maxiboek\Downloads\Skanner XT - Uraniumwilly.rar
2014-10-08 19:43 - 2014-04-15 00:06 - 00025290 _____ () C:\Windows\DPINST.LOG
2014-10-08 19:43 - 2014-04-15 00:06 - 00003538 _____ () C:\Windows\System32\Tasks\ASUS Smart Gesture Launcher
2014-10-08 19:06 - 2014-07-05 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-10-08 19:06 - 2014-06-27 04:03 - 00000000 ____D () C:\ProgramData\Native Instruments
2014-10-02 18:37 - 2014-09-01 12:48 - 00000000 ____D () C:\Users\Maxiboek\AppData\Roaming\MeldaProduction
2014-10-02 15:42 - 2014-06-26 18:45 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-02 14:05 - 2014-09-11 16:24 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-02 13:07 - 2014-06-26 18:43 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-02 12:59 - 2014-06-26 12:56 - 00001668 _____ () C:\Users\Maxiboek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-02 12:58 - 2014-06-26 18:43 - 00000000 ____D () C:\Users\Maxiboek\AppData\Local\Google
2014-10-02 12:58 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-02 12:58 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-25 11:04 - 2014-06-26 12:56 - 00000000 ____D () C:\Users\Maxiboek
2014-09-25 11:03 - 2014-07-23 02:11 - 00000000 ____D () C:\Users\Maxiboek\AppData\Local\Microsoft Help
2014-09-18 13:36 - 2014-06-26 19:25 - 00000000 ____D () C:\Users\Maxiboek\AppData\Roaming\FlowStone
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
 
 
Some content of TEMP:
====================
C:\Users\Maxiboek\AppData\Local\Temp\6_Offer_13.exe
C:\Users\Maxiboek\AppData\Local\Temp\arctic-loop.exe
C:\Users\Maxiboek\AppData\Local\Temp\HitmanPro.exe
C:\Users\Maxiboek\AppData\Local\Temp\loop.exe
C:\Users\Maxiboek\AppData\Local\Temp\PlaySound.dll
C:\Users\Maxiboek\AppData\Local\Temp\SHSetup.exe
C:\Users\Maxiboek\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Maxiboek\AppData\Local\Temp\_is6A53.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 07:18
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:35 AM

Posted 20 October 2014 - 03:59 AM

:welcome:

Hello emphatic,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 emphatic

emphatic
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 20 October 2014 - 02:18 PM

Dear Jo,

 

Thanks for your reply!

Sorry for not having mentioned it earlier, but after the scan i uninstalled internet explorer (sheit browser which i never use anyway), and I deleted the files that FRST associated with the Malware.

Since then, it seems that the problem has resolved itself in google Chrome!

Do you think that despite the visual problems not reappearing/reoccurnig, that there may be traces left of the malware?

 

Kind regards,

 

Maxime



#4 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:35 AM

Posted 20 October 2014 - 02:49 PM

1. You cannot uninstall IE, as Windows uses parts of it for Updates.

2. If you still Need help, please run the Farbar Recovery Scan Tool again and post a fresh log.

3. Case you need no help, please let us know as well, your Topic will be closed then.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:35 AM

Posted 24 October 2014 - 03:40 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 emphatic

emphatic
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 24 October 2014 - 05:31 AM

My apologies for my late response, I had exam week this week and just finished.

I managed to fix the problem, nevertheless thanks for your reply and support!

The thread can be closed.

 

Kind regards,

 

Maxime



#7 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:35 AM

Posted 24 October 2014 - 06:03 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users