Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random webpage popup at start ut.


  • This topic is locked This topic is locked
20 replies to this topic

#1 RitsuT

RitsuT

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 20 October 2014 - 01:17 AM

Hi.

 

Whenever I start my pc some random page in Russian popsup, the website is called play-toolbar(dot)org.. Would appreciate the help.

 

Regards.


Edited by RitsuT, 20 October 2014 - 12:45 PM.


BC AdBot (Login to Remove)

 


#2 RitsuT

RitsuT
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 20 October 2014 - 12:45 PM

Bump ~~



#3 RitsuT

RitsuT
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 21 October 2014 - 12:50 PM

Here is the FRST scan

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by Poyan (administrator) on KYOU on 21-10-2014 19:45:53
Running from C:\Users\Poyan\Documents\FRST
Loaded Profile: Poyan (Available profiles: Poyan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938112 2014-09-23] (Valve Corporation)
HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\...\Run: [CMD] => cmd.exe /c start http://adverttraff.org && exit <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAF03499BB092CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {F0320816-41D9-49DD-B2F3-8E7B0AE32796} http://afupd1.afreeca.com:9091/AFC/AFCStarter.cab
Tcpip\Parameters: [DhcpNameServer] 46.239.89.102

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.0.1.5 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: application/AFCStarter -> C:\Windows\Downloaded Program Files\npAFCStarter.dll (© AfreecaTV)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-20]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Dokument) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-14]
CHR Extension: (Google Drive) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-14]
CHR Extension: (YouTube) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-14]
CHR Extension: (uTorrentControl_v6) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [2013-09-14]
CHR Extension: (Sök på Google) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-14]
CHR Extension: (Google Wallet) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14]
CHR Extension: (Gmail) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-14]
CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Poyan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-05-22]
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Poyan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-05-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-23] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-25] (DT Soft Ltd)
S3 IAMTVE; C:\Windows\system32\drivers\IAMTVE.sys [43416 2010-11-30] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\drivers\IAMTXPE.sys [51096 2010-11-30] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-12-02] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-03-14] ()
S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-05-14] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-23] (Todos Data System AB)
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 08:32 - 2014-10-21 19:45 - 00000000 ____D () C:\Users\Poyan\Documents\FRST
2014-10-15 21:27 - 2014-10-15 22:07 - 00000000 ____D () C:\Program Files (x86)\The Evil Within
2014-10-11 14:53 - 2014-10-11 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sherlock Holmes Crimes and Punishments
2014-10-11 14:45 - 2014-10-11 14:53 - 00000000 ____D () C:\Program Files (x86)\Sherlock Holmes Crimes and Punishments
2014-10-07 10:39 - 2014-10-11 14:30 - 00000000 ____D () C:\Program Files (x86)\Alien Isolation
2014-10-01 01:11 - 2014-10-01 01:11 - 00000000 ____D () C:\Users\Poyan\Documents\WB Games
2014-10-01 01:11 - 2014-10-01 01:11 - 00000000 ____D () C:\Users\Poyan\AppData\Roaming\Steam
2014-10-01 00:32 - 2014-10-04 19:45 - 00000000 ____D () C:\Program Files (x86)\Middle Earth Shadow of Mordor
2014-09-21 23:32 - 2014-09-21 23:33 - 144303252 _____ () C:\Users\Poyan\Documents\download.zip
2014-09-21 16:44 - 2014-09-21 23:01 - 00001334 _____ () C:\Users\Poyan\Documents\t4r.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 19:45 - 2014-09-11 07:16 - 00000000 ____D () C:\FRST
2014-10-21 19:45 - 2013-06-20 15:59 - 01466737 _____ () C:\Windows\WindowsUpdate.log
2014-10-21 19:42 - 2013-09-03 20:56 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 19:42 - 2013-06-20 21:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-21 19:40 - 2013-06-18 14:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-21 19:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 19:40 - 2009-07-14 06:51 - 00124905 _____ () C:\Windows\setupact.log
2014-10-21 09:45 - 2014-08-10 20:41 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-10-21 09:45 - 2013-06-20 22:21 - 00000000 ____D () C:\Users\Poyan\AppData\Roaming\uTorrent
2014-10-21 08:55 - 2013-09-03 20:56 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-21 06:59 - 2009-07-14 06:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 06:59 - 2009-07-14 06:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 23:59 - 2013-06-21 18:39 - 00000000 ____D () C:\Users\Poyan\AppData\Roaming\Synthesia
2014-10-20 19:57 - 2014-03-31 23:57 - 00002158 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-20 00:27 - 2014-05-18 20:34 - 00000000 ____D () C:\Users\Poyan\AppData\Roaming\TS3Client
2014-10-19 21:50 - 2013-09-03 20:56 - 00003990 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 21:50 - 2013-09-03 20:56 - 00003738 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-11 14:54 - 2014-02-07 19:26 - 00000000 ____D () C:\Users\Poyan\Documents\My Games
2014-10-07 09:48 - 2013-06-20 21:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-28 11:01 - 2009-07-14 07:08 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\Poyan\AppData\Local\Temp\utt810.tmp.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 06:01

==================== End Of Log ============================



#4 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 23 October 2014 - 10:46 AM

Hello RitsuT, welcome to Bleeping Computer's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================
 
STEP 1
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.

STEP 3
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[S0].txt
  • JRT.txt
  • FRST.txt
  • Addition.txt

Posted Image

#5 RitsuT

RitsuT
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 23 October 2014 - 12:41 PM

Hi, thanks for taking your time to help me!

 

Here is the AdwCleaner[S0].txt

 

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Poyan - KYOU
# Running from : C:\Users\Poyan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Poyan\AppData\Local\Conduit
Folder Deleted : C:\Users\Poyan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Poyan\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
File Deleted : C:\Users\Poyan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16618

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v38.0.2125.104

*************************

AdwCleaner[R0].txt - [3791 octets] - [23/10/2014 19:17:22]
AdwCleaner[S0].txt - [3156 octets] - [23/10/2014 19:23:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3216 octets] ##########

 

Here is the JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by Poyan on 2014-10-23 at 19:29:18,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cmd

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Poyan\appdata\local\cre"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-10-23 at 19:32:32,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Here is the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by Poyan (administrator) on KYOU on 23-10-2014 19:34:56
Running from C:\Users\Poyan\Documents\FRST
Loaded Profile: Poyan (Available profiles: Poyan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAF03499BB092CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {F0320816-41D9-49DD-B2F3-8E7B0AE32796} http://afupd1.afreeca.com:9091/AFC/AFCStarter.cab
Tcpip\Parameters: [DhcpNameServer] 46.239.89.102

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.0.1.5 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: application/AFCStarter -> C:\Windows\Downloaded Program Files\npAFCStarter.dll (© AfreecaTV)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-20]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Dokument) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-14]
CHR Extension: (Google Drive) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-14]
CHR Extension: (YouTube) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-14]
CHR Extension: (uTorrentControl_v6) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [2013-09-14]
CHR Extension: (Sök på Google) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-14]
CHR Extension: (Google Wallet) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14]
CHR Extension: (Gmail) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-23] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-25] (DT Soft Ltd)
S3 IAMTVE; C:\Windows\system32\drivers\IAMTVE.sys [43416 2010-11-30] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\drivers\IAMTXPE.sys [51096 2010-11-30] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-12-02] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-03-14] ()
S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-05-14] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-23] (Todos Data System AB)
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 19:32 - 2014-10-23 19:32 - 00000805 _____ () C:\Users\Poyan\Desktop\JRT.txt
2014-10-23 19:29 - 2014-10-23 19:29 - 00000000 ____D () C:\Windows\ERUNT
2014-10-23 19:27 - 2014-10-23 19:27 - 01706144 _____ (Thisisu) C:\Users\Poyan\Desktop\JRT.exe
2014-10-23 19:16 - 2014-10-23 19:23 - 00000000 ____D () C:\AdwCleaner
2014-10-23 19:16 - 2014-10-23 19:16 - 01962496 _____ () C:\Users\Poyan\Desktop\AdwCleaner.exe
2014-10-22 22:05 - 2014-10-22 22:05 - 00003092 _____ () C:\Users\Poyan\Downloads\Kara no Kyoukai - M07 Recollection.mid
2014-10-22 22:05 - 2014-10-22 22:05 - 00003092 _____ () C:\Users\Poyan\Downloads\Kara no Kyoukai - M07 Recollection (1).mid
2014-10-22 21:41 - 2014-10-22 21:41 - 00005478 _____ () C:\Users\Poyan\Downloads\karanokyoukai7m07 (1).mid
2014-10-22 21:41 - 2014-10-22 21:41 - 00003036 _____ () C:\Users\Poyan\Downloads\karanokyoukai2m21.mid
2014-10-22 21:41 - 2014-10-22 21:41 - 00002499 _____ () C:\Users\Poyan\Downloads\karanokyoukai2m21_pf.mid
2014-10-22 21:40 - 2014-10-22 21:40 - 00009407 _____ () C:\Users\Poyan\Downloads\karanokyoukai2m11.mid
2014-10-22 21:40 - 2014-10-22 21:40 - 00006708 _____ () C:\Users\Poyan\Downloads\karanokyoukai2m14.mid
2014-10-22 21:39 - 2014-10-22 21:39 - 00008671 _____ () C:\Users\Poyan\Downloads\karanokyoukai2m01 (1).mid
2014-10-22 21:30 - 2014-10-22 21:30 - 00005478 _____ () C:\Users\Poyan\Downloads\karanokyoukai7m07.mid
2014-10-22 21:30 - 2014-10-22 21:30 - 00001610 _____ () C:\Users\Poyan\Downloads\karanokyoukai6m07 (1).mid
2014-10-22 21:25 - 2014-10-22 21:25 - 00011344 _____ () C:\Users\Poyan\Downloads\karanokyoukai6m02.mid
2014-10-22 21:25 - 2014-10-22 21:25 - 00008671 _____ () C:\Users\Poyan\Downloads\karanokyoukai2m01.mid
2014-10-22 21:25 - 2014-10-22 21:25 - 00005405 _____ () C:\Users\Poyan\Downloads\interlude02.mid
2014-10-22 21:25 - 2014-10-22 21:25 - 00001610 _____ () C:\Users\Poyan\Downloads\karanokyoukai6m07.mid
2014-10-20 08:32 - 2014-10-23 19:34 - 00000000 ____D () C:\Users\Poyan\Documents\FRST
2014-10-15 21:27 - 2014-10-15 22:07 - 00000000 ____D () C:\Program Files (x86)\The Evil Within
2014-10-11 14:53 - 2014-10-11 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sherlock Holmes Crimes and Punishments
2014-10-11 14:45 - 2014-10-11 14:53 - 00000000 ____D () C:\Program Files (x86)\Sherlock Holmes Crimes and Punishments
2014-10-07 10:39 - 2014-10-11 14:30 - 00000000 ____D () C:\Program Files (x86)\Alien Isolation
2014-10-01 01:11 - 2014-10-01 01:11 - 00000000 ____D () C:\Users\Poyan\Documents\WB Games
2014-10-01 01:11 - 2014-10-01 01:11 - 00000000 ____D () C:\Users\Poyan\AppData\Roaming\Steam
2014-10-01 00:32 - 2014-10-04 19:45 - 00000000 ____D () C:\Program Files (x86)\Middle Earth Shadow of Mordor

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 19:34 - 2014-09-11 07:16 - 00000000 ____D () C:\FRST
2014-10-23 19:32 - 2009-07-14 06:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-23 19:32 - 2009-07-14 06:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-23 19:29 - 2013-06-20 15:59 - 01610360 _____ () C:\Windows\WindowsUpdate.log
2014-10-23 19:25 - 2013-09-03 20:56 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-23 19:25 - 2013-06-20 21:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-23 19:25 - 2013-06-18 14:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-23 19:25 - 2010-11-21 05:47 - 00580208 _____ () C:\Windows\PFRO.log
2014-10-23 19:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-23 19:25 - 2009-07-14 06:51 - 00125745 _____ () C:\Windows\setupact.log
2014-10-23 19:13 - 2013-06-20 21:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-23 09:35 - 2014-08-10 20:41 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-10-23 08:55 - 2013-09-03 20:56 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 23:22 - 2013-06-20 22:21 - 00000000 ____D () C:\Users\Poyan\AppData\Roaming\uTorrent
2014-10-22 22:07 - 2013-06-21 18:39 - 00000000 ____D () C:\Users\Poyan\AppData\Roaming\Synthesia
2014-10-20 19:57 - 2014-03-31 23:57 - 00002158 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-20 00:27 - 2014-05-18 20:34 - 00000000 ____D () C:\Users\Poyan\AppData\Roaming\TS3Client
2014-10-19 21:50 - 2013-09-03 20:56 - 00003990 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 21:50 - 2013-09-03 20:56 - 00003738 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-11 14:54 - 2014-02-07 19:26 - 00000000 ____D () C:\Users\Poyan\Documents\My Games
2014-09-28 11:01 - 2009-07-14 07:08 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\Poyan\AppData\Local\Temp\Quarantine.exe
C:\Users\Poyan\AppData\Local\Temp\sqlite3.dll
C:\Users\Poyan\AppData\Local\Temp\utt810.tmp.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 06:01

==================== End Of Log ============================

 

Here is the Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2014
Ran by Poyan at 2014-10-23 19:35:25
Running from C:\Users\Poyan\Documents\FRST
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34024 - BitTorrent Inc.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
¾ÆÇÁ¸®Ä«TV streamer Á¦°Å (HKLM-x32\...\afreecastreamer) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
BankID säkerhetsprogram (HKLM-x32\...\{4B2557F9-8C03-4BE7-9984-4DE525076580}) (Version: 6.0.1.5 - Finansiell ID-Teknik BID AB)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Combined Community Codec Pack 2011-07-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve )
DreadOut (HKLM-x32\...\DreadOut_is1) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{9085041D-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
NVIDIA 3D Vision drivrutin 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA 3D Vision drivrutin för styrenhet 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Grafikdrivrutin 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD audiodrivrutin 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
NVIDIAs kontrollpanel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA-uppdatering 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
osu! (HKLM-x32\...\{8062912b-1893-451f-bb93-6aa29197fbf9}) (Version: latest - ppy Pty Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Sherlock Holmes Crimes and Punishments (HKLM-x32\...\Sherlock Holmes Crimes and Punishments_is1) (Version:  - )
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Street Fighter IV: Arcade Edition (HKLM-x32\...\Steam App 45760) (Version:  - Capcom)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Evil Within (HKLM-x32\...\VGhlRXZpbFdpdGhpbg==_is1) (Version: 1 - )
Warcraft II Battle.NET Edition 2.02 (HKLM-x32\...\Warcraft II Battle.NET Edition) (Version: 2.02 - Blizzard Entertainment)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

28-09-2014 17:29:51 Schemalagd kontrollpunkt
16-10-2014 04:08:58 Schemalagd kontrollpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0363741F-3FBB-4842-9A23-330CAFBA6B82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {103C8AB9-866C-4241-B82E-1406ED8E176A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {11771759-754C-4BE5-AD45-C2724EB46317} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software)
Task: {7834F2D0-70F9-4E8D-B2A2-C41E5EA68D15} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970835742GUI => C:\Users\Poyan\AppData\Roaming\Mozilla\googleupd.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-18 14:45 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-11-09 20:08 - 2013-11-23 01:10 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-04 17:23 - 2014-07-04 17:23 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-23 19:13 - 2014-10-23 19:13 - 02896896 _____ () C:\Program Files\AVAST Software\Avast\defs\14102301\algo.dll
2014-08-28 22:13 - 2014-08-21 20:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 22:13 - 2014-08-21 20:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 22:13 - 2014-08-21 20:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-05-06 17:05 - 2014-10-02 01:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 05:40 - 2014-10-21 21:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-28 22:13 - 2014-08-21 20:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 22:13 - 2014-08-21 20:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-06-06 14:06 - 2014-10-21 21:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-07-04 17:23 - 2014-07-04 17:23 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-23 19:25 - 2014-10-23 19:25 - 00098816 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\win32api.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00110080 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\pywintypes27.dll
2014-10-23 19:25 - 2014-10-23 19:25 - 00364544 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\pythoncom27.dll
2014-10-23 19:25 - 2014-10-23 19:25 - 00045568 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\_socket.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 01160704 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\_ssl.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00320512 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\win32com.shell.shell.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00713216 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\_hashlib.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 01175040 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\wx._core_.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00805888 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\wx._gdi_.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00811008 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\wx._windows_.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 01062400 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\wx._controls_.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00735232 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\wx._misc_.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00128512 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\_elementtree.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00127488 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\pyexpat.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00557056 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\pysqlite2._sqlite.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00007168 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\hashobjs_ext.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00087552 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\_ctypes.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00119808 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\win32file.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00108544 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\win32security.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00018432 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\win32event.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00038912 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\win32inet.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00070656 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\wx._html2.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00167936 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\win32gui.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00011264 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\win32crypt.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00027136 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\_multiprocessing.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00686080 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\unicodedata.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00122368 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\wx._wizard.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00010240 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\select.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00024064 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\win32pipe.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00025600 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\win32pdh.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00525640 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\windows._lib_cacheinvalidation.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00035840 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\win32process.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00017408 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\win32profile.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00022528 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\win32ts.pyd
2014-10-23 19:25 - 2014-10-23 19:25 - 00078336 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI38442\wx._animate.pyd
2013-03-26 16:16 - 2014-09-05 01:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administratör (S-1-5-21-2486235572-1616634865-2212172251-500 - Administrator - Disabled)
Gäst (S-1-5-21-2486235572-1616634865-2212172251-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2486235572-1616634865-2212172251-1003 - Limited - Enabled)
Poyan (S-1-5-21-2486235572-1616634865-2212172251-1001 - Administrator - Enabled) => C:\Users\Poyan

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD FX™-8320 Eight-Core Processor
Percentage of memory in use: 23%
Total physical RAM: 8141.47 MB
Available physical RAM: 6206.57 MB
Total Pagefile: 16281.13 MB
Available Pagefile: 14088.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:931.51 GB) (Free:711.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (Elements) (Fixed) (Total:1863.01 GB) (Free:175.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DDD7F975)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 001C09CC)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 23 October 2014 - 01:19 PM

Hello, 
 
Please consider the following warning. 
 

goGMWSt.gifP2P WARNING

------------------------------

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - wormsbackdoor TrojansIRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Your P2P software can be removed by following the instructions below.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned programmes, right-click and click Uninstall.
If you choose not to, please refrain from using the programme(s) during this process.

 
Do you recognise this programme? ¾ÆÇÁ¸®Ä«TV streamer Á¦°Å
 
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    CHR Extension: (uTorrentControl_v6) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [2013-09-14]
    S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
    Task: {7834F2D0-70F9-4E8D-B2A2-C41E5EA68D15} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970835742GUI => C:\Users\Poyan\AppData\Roaming\Mozilla\googleupd.exe <==== ATTENTION
    C:\Users\Poyan\AppData\Roaming\Mozilla\googleupd.exe
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

Please provide an update on your computer. Are there any outstanding issues?


Posted Image

#7 RitsuT

RitsuT
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 23 October 2014 - 05:09 PM

Here is the fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-10-2014
Ran by Poyan at 2014-10-23 20:40:27 Run:4
Running from C:\Users\Poyan\Documents\FRST
Loaded Profile: Poyan (Available profiles: Poyan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
CHR Extension: (uTorrentControl_v6) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [2013-09-14]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
Task: {7834F2D0-70F9-4E8D-B2A2-C41E5EA68D15} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970835742GUI => C:\Users\Poyan\AppData\Roaming\Mozilla\googleupd.exe <==== ATTENTION
C:\Users\Poyan\AppData\Roaming\Mozilla\googleupd.exe
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp => Moved successfully.
X6va021 => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7834F2D0-70F9-4E8D-B2A2-C41E5EA68D15}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7834F2D0-70F9-4E8D-B2A2-C41E5EA68D15}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970835742GUI => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1970835742GUI" => Key deleted successfully.
"C:\Users\Poyan\AppData\Roaming\Mozilla\googleupd.exe" => File/Directory not found.

=========  ipconfig /flushdns =========

IP-konfiguration f�r Windows

DNS-matcharens cacheminne har rensats.

========= End of CMD: =========

=========  netsh winsock reset all =========

Winsock-katalogen har nollst�llts.
Du m�ste starta om datorn f�r att slutf�ra nollst�llningen.

========= End of CMD: =========

=========  netsh int ipv4 reset =========

�terst�llning av Allm�n, OK!
�terst�llning av Gr�nssnitt, OK!
Slutf�r �tg�rden genom att starta om datorn.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

�terst�llning av Gr�nssnitt, OK!
Slutf�r �tg�rden genom att starta om datorn.

========= End of CMD: =========

EmptyTemp: => Removed 640.9 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#8 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 23 October 2014 - 11:47 PM

Please answer the two questions in my previous post.
Posted Image

#9 RitsuT

RitsuT
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 24 October 2014 - 03:12 AM

I recognise this program "¾ÆÇÁ¸®Ä«TV streamer Á¦°Å". This is a videoplayer which you use at a korean webiste called (www.afreeca.tv).

 

No there are no outstanding issues after the fix, whenever I start my pc that website wont popup. So thanks for your help!



#10 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 24 October 2014 - 03:18 AM

Very good. 
Lets check for remnants and confirm your machine appears free of malware. 
 
STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Download the Malwarebytes Anti-Malware setup file to your Desktop.
  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM Scan log
  • ESET Online Scan log

Posted Image

#11 RitsuT

RitsuT
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 25 October 2014 - 04:03 AM

Here is the Mbam scanlog

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2014-10-24
Scan Time: 21:58:04
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.24.08
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Poyan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 303512
Time Elapsed: 7 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.OpenCandy, C:\Users\Poyan\Downloads\DTLite4471-0333.exe, Quarantined, [655cc3543349b680eba9fc55d62f2bd5],
PUP.Optional.Somoto.A, C:\Users\Poyan\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe, Quarantined, [d7ea0215d0acd95d8e3e2d0043be8d73],

Physical Sectors: 0
(No malicious items detected)

(end)

 

Here is the eset scanlog

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Poyan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Program Files (x86)\DreadOut\steam_api64.dll a variant of Win32/Packed.VMProtect.ABD trojan
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application
F:\$RECYCLE.BIN\S-1-5-21-2746131627-1072193184-3144114574-1000\$RPBBKQJ\foxit\FoxIt PDF Pro Pack.rar a variant of Win32/HackTool.Patcher.BS potentially unsafe application
F:\$RECYCLE.BIN\S-1-5-21-2746131627-1072193184-3144114574-1000\$RPBBKQJ\foxit\FoxIt PDF Pro Pack\Foxit Reader Pro 2.3.2008.2825 - Olexijl\patch.exe a variant of Win32/HackTool.Patcher.BS potentially unsafe application
F:\1\ccleaner\ccsetup319.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
 



#12 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 25 October 2014 - 09:05 AM

OK. Please do the following. Let me know if there are any outstanding issues. 

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    C:\Program Files (x86)\DreadOut\steam_api64.dll
    C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw
    F:\$RECYCLE.BIN\S-1-5-21-2746131627-1072193184-3144114574-1000\$RPBBKQJ\foxit
    F:\1\ccleaner\ccsetup319.exe
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 3
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================

STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?

Posted Image

#13 RitsuT

RitsuT
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 25 October 2014 - 12:20 PM

I've updated Adobe Air and Flash player. But when I try to use the fixlog with FRST my antivirus (avast) says that I am not allowed to update the program. It wont let me use the program since it thinks that it is some kind of virus..


Edited by RitsuT, 25 October 2014 - 12:22 PM.


#14 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 25 October 2014 - 12:22 PM

Please temporarily disable avast!. 

Instructions here.


Posted Image

#15 RitsuT

RitsuT
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 25 October 2014 - 02:11 PM

I disabled the antivirus and then I could proceed as normal. But during the process I got a message saying FRST has stopped working and that I have to turn it off. This happened after 1 hour or so..






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users