Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

anti-virus frequently cleaning various viruses


  • Please log in to reply
13 replies to this topic

#1 4p3x90

4p3x90

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern California
  • Local time:03:32 AM

Posted 14 November 2014 - 05:05 PM

Around the beginning of November I was infected with a virus, through a website script or add I assume as I know I didn't consent to any suspicious download. I left my computer on when I went to sleep late on the 2nd and got up and went to school the next day. When I came back home I saw Microsoft Security Essentials had removed "Exploit: JS/Anogre.E" early that morning around 3:00 am and removed "Exploit: JS/Fiexp.C" just half an our before I got home at 3:50 pm. I then decided to run malwarebytes at 4:40 pm and it came back with:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/3/2014
Scan Time: 4:51:04 PM
Logfile:
Administrator: Yes

 

Version: 2.00.3.1025
Malware Database: v2014.11.03.11
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

 

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kevin

 

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329637
Time Elapsed: 11 min, 33 sec

 

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

 

Processes: 0
(No malicious items detected)

 

Modules: 0
(No malicious items detected)

 

Registry Keys: 0
(No malicious items detected)

 

Registry Values: 1
Trojan.Agent, HKU\S-1-5-21-2975500842-1493700774-1685154035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Ubrjjawlpn, regsvr32.exe /s "C:\Users\Kevin\AppData\Local\Mozilla\Ubrjjawlpn.dll", Quarantined, [5b0c0f284834330346d40dc85fa436ca]

 

Registry Data: 0
(No malicious items detected)

 

Folders: 0
(No malicious items detected)

 

Files: 3
Trojan.Ransom.LCK, C:\Users\Kevin\AppData\Local\Temp\stuprt.exe, Quarantined, [2146ed4abebea98da2cb518bbf42bb45],
PUP.Optional.MyPCBackup.A, C:\Users\Kevin\AppData\Local\Temp\BackupSetup.exe, Quarantined, [2542ac8b423a44f23a08ab31e51cdb25],
Trojan.Agent, C:\Users\Kevin\AppData\Local\Mozilla\Ubrjjawlpn.dll, Quarantined, [5b0c0f284834330346d40dc85fa436ca
],

 

Physical Sectors: 0
(No malicious items detected)

 

(end)

 

Thinking that was that, I started doing my work, but noticed less than 10 minutes later another MSE pop-up showed up saying it was removing another threat and it was "Trojan: Win32/Peaac.gen!A!plock". I ran malwarebytes again a little more than an hour later and it came back with this:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/3/2014
Scan Time: 5:41:01 PM
Logfile:
Administrator: Yes

 

Version: 2.00.3.1025
Malware Database: v2014.11.03.11
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

 

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kevin

 

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328842
Time Elapsed: 16 min, 19 sec

 

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

 

Processes: 3
Trojan.Agent.FSAVXGen, C:\ProgramData\Windows Genuine Advantage\{553126FB-1877-4CEE-8FDA-361BF7D32275}\msiexec.exe, 10760, Delete-on-Reboot, [fa6de552ccb0ac8aacee8d0309f8cb35]
Trojan.Agent.FSAVXGen, C:\ProgramData\Windows Genuine Advantage\{CCBE770D-D786-4966-A9A5-CF4688A2478C}\msiexec.exe, 11172, Delete-on-Reboot, [0067e7506c108fa7e5b57f118978db25]
Trojan.Agent.ED, C:\ProgramData\Windows Genuine Advantage\{56C2389A-2675-4DB6-90E1-B86705637A2C}\msiexec.exe, 11180, Delete-on-Reboot, [580f89ae562692a46cbfb51c897860a0]

 

Modules: 0
(No malicious items detected)

 

Registry Keys: 0
(No malicious items detected)

 

Registry Values: 2
Trojan.Crypt.NKN, HKU\S-1-5-21-2975500842-1493700774-1685154035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|clic32gt, C:\Users\Kevin\AppData\Local\Temp\BWUnr_36.exe, Quarantined, [68ff71c6afcd1026f2ade19d976a6b95]
Trojan.Sharik, HKU\S-1-5-21-2975500842-1493700774-1685154035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|{8D7C4EB5-037B-7BA9-B97E-8384C835B92C}, C:\Users\Kevin\AppData\Roaming\Ozyfi\kyhyk.exe, Quarantined, [d691e552d2aa36000df53ca160a102fe]

 

Registry Data: 0
(No malicious items detected)

 

Folders: 0
(No malicious items detected)

 

Files: 13
Trojan.Agent.FSAVXGen, C:\ProgramData\Windows Genuine Advantage\{553126FB-1877-4CEE-8FDA-361BF7D32275}\msiexec.exe, Quarantined, [fa6de552ccb0ac8aacee8d0309f8cb35],
Trojan.Agent.FSAVXGen, C:\ProgramData\Windows Genuine Advantage\{CCBE770D-D786-4966-A9A5-CF4688A2478C}\msiexec.exe, Quarantined, [0067e7506c108fa7e5b57f118978db25],
Trojan.Agent.ED, C:\ProgramData\Windows Genuine Advantage\{56C2389A-2675-4DB6-90E1-B86705637A2C}\msiexec.exe, Quarantined, [580f89ae562692a46cbfb51c897860a0],
Trojan.Crypt.NKN, C:\Users\Kevin\AppData\Local\Temp\BWUnr_36.exe, Quarantined, [68ff71c6afcd1026f2ade19d976a6b95],
Trojan.Sharik, C:\Users\Kevin\AppData\Roaming\Ozyfi\kyhyk.exe, Delete-on-Reboot, [d691e552d2aa36000df53ca160a102fe],
Trojan.Agent.ED, C:\ProgramData\Windows Genuine Advantage\{6A514066-7606-4B5C-BDA4-057AB81E531D}\msiexec.exe, Quarantined, [abbcd364324ae84e5bd0bb1629d82cd4],
Trojan.Agent.ED, C:\ProgramData\Windows Genuine Advantage\{79AC0B44-4272-418A-8EBC-CEEABD040978}\msiexec.exe, Quarantined, [81e66ec9dca0ea4c549400d9b44def11],
Trojan.Sharik, C:\Users\Kevin\AppData\Roaming\Imara\itmyy.exe, Quarantined, [145348efbac263d30bf7d90410f1e31d],
Trojan.Ransom.ED, C:\Users\Kevin\AppData\Local\Temp\UpdateFlashPlayer_3cb6dcf2.exe, Quarantined, [71f61f18aecef2447331defea45dcd33],
Trojan.Ransom.ED, C:\Users\Kevin\AppData\Local\Temp\UpdateFlashPlayer_53de044d.exe, Quarantined, [9bcc9a9de696c1755b494795857cfe02],
Trojan.Ransom.ED, C:\Users\Kevin\AppData\Local\Temp\UpdateFlashPlayer_6263ee07.exe, Quarantined, [adbacc6b3943a492e2c2f4e840c1718f],
Trojan.Ransom.ED, C:\Users\Kevin\AppData\Local\Temp\UpdateFlashPlayer_6a89f98d.exe, Quarantined, [65021a1d93e9af870f955f7d1ae7b947],
Trojan.Ransom.ED, C:\Users\Kevin\AppData\Local\Temp\UpdateFlashPlayer_7a1be61c.exe, Quarantined, [0e5970c768143afc545019c3669bd22e],

 

Physical Sectors: 0
(No malicious items detected)

 

(end)

 

On top of this while malwarebytes was in the process of running this scan, MSE messages popped up 4 times in under a minute at 5:41 pm saying these threats had been removed:

 

PWS: Win32/Zbot.gen!VM (2 of these)

TrojanDownloader: Win32/Waledac.AJ

Backdoor: Win32/Simda.AT

 

 

I was quite shocked. Unfortunately since that day, every Malwarebytes scan since has turned up nothing, but MSE keeps alerting me that its removing threats which I assume it catches through its real-time protection as I don't use it to scan my machine often.

 

On 11/4 MSE caught:

 

Virtool:Win32/CeeInject.gen!KK

TrojanDownloader: Win32/Zemot.E

 

On 11/5:

 

TrojanDownloader: Win32/Zemot.E

Virtool:Win32/CeeInject.gen!KK

 

On 11/10:

 

Trojan: Win32/Powessere.A!reg

 

On 11/12:

 

Trojan: Win32/Chroject.D!dll (x3)

 

Since 11/12 nothing has come up, but I'm sure I'm still infected with something as I wasn't even using the computer when most of these were found by MSE, it was just idling.

 

I'm using Windows 7 SP 1 x64.

 

Any help would be greatly appreciated.


Edited by 4p3x90, 14 November 2014 - 05:08 PM.


BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 14 November 2014 - 05:14 PM

Hi 4p3x90 and :welcome:

 

icon1348768721.jpgDownload Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

icon1337954655.pngPlease download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

icon1337952077.pngPlease download Farbar Service Scanner (FSS) HERE and run it on the computer with the issue.

    Make sure the following options are checked:
        Internet Services
        Windows Firewall
        System Restore
        Security Center/Action Center
        Windows Update
        Windows Defender
        Other Services
    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.

logo.jpgDownload Malwarebytes Anti-Rootkit HERE
    Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    Double click on downloaded file. OK self extracting prompt.
    MBAR will start. Click "Next" to continue.
    Click in the following screen "Update" to obtain the latest malware definitions.
    Once the update is complete select "Next" and click "Scan".
    When the scan is finished and no malware has been found select "Exit".
    If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    [b][color=limegreen]"mbar-log-{date} (xx-xx-xx).txt"
    "system-log.txt"
 

Thank you!



#3 4p3x90

4p3x90
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern California
  • Local time:03:32 AM

Posted 14 November 2014 - 06:27 PM

Thank you for Responding to my help request Alex&Vanko and thanks for the welcome, here are the logs you requested in order:

 

 Results of screen317's Security Check version 0.99.89 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 Windows Firewall Disabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71 
 Java version out of Date!
 Adobe Flash Player 15.0.0.223 
 Mozilla Firefox 32.0.3 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Comodo Firewall cmdagent.exe
 Kevin Desktop Anti-Malware SecurityCheck.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Kevin (administrator) on 14-11-2014 at 14:33:01
Running from "C:\Users\Kevin\Desktop\Anti-Malware"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/14/2014 01:20:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 11:54:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/13/2014 07:46:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 04:48:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 00:50:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 00:09:35 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/12/2014 02:58:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2014 05:27:19 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/11/2014 06:41:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 05:45:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/13/2014 02:07:14 AM) (Source: Service Control Manager) (User: )
Description: The HP SI Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (11/14/2014 01:20:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 11:54:43 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/13/2014 07:46:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 04:48:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 00:50:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 00:09:35 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/12/2014 02:58:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2014 05:27:19 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/11/2014 06:41:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 05:45:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2013-03-09 22:10:20.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-09 21:43:40.480
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-09 13:57:55.893
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-09 11:56:15.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-09 11:15:08.391
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-09 11:09:43.638
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-09 09:07:07.810
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-09 09:01:13.925
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-08 16:56:00.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-05 19:06:13.692
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

 

=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)
3 Stars of Destiny (HKLM-x32\...\Steam App 278530) (Version:  - Aldorlea Games)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Advanced Archive Password Recovery (HKCU\...\Advanced Archive Password Recovery) (Version: 4.53 - ElcomSoft Co. Ltd.)
Advanced PDF Password Recovery (HKCU\...\Advanced PDF Password Recovery) (Version: 5.0 - ElcomSoft Co. Ltd.)
Afraid of Monsters: Director's Cut v1.0 (HKLM-x32\...\Afraid of Monsters: Director's Cut) (Version: v1.0 - Andreas Rönnberg)
alien_crossfire (HKLM\...\{fa451eea-8a73-486b-9ea0-9628c2c2c3ad}.sdb) (Version:  - )
alpha_centauri (HKLM\...\{fe81cd48-2ed2-4e7d-886c-b65767350095}.sdb) (Version:  - )
ARMA 2: Private Military Company - Data cache removal (HKLM-x32\...\A2PMC Data cache removal) (Version:  - )
Arma 3 Alpha (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3 Plugin (64 bit) (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.8.9.371 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version:  - )
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.3 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brothers in Arms: Earned in Blood (HKLM-x32\...\Steam App 19800) (Version:  - Ubisoft)
Brothers in Arms: Road to Hill 30 (HKLM-x32\...\Steam App 15190) (Version:  - Ubisoft)
Call of Cthulhu: Dark Corners of the Earth (HKLM-x32\...\Steam App 22340) (Version:  - Headfirst Productions)
CD Audio Reader Filter (remove only) (HKLM-x32\...\CD Audio Reader Filter) (Version:  - )
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Command & Conquer Gold Edition Stand Alone v1.06c revision 3 (HKLM-x32\...\{931CFA8E-3CE1-4A96-97D7-32B21A7A8DAA}_is1) (Version:  - Westwood Studios)
COMODO Internet Security (HKLM\...\{BCC0552D-76C0-4130-BFBD-49BE49ACC594}) (Version: 6.0.2566.2708 - COMODO Security Solutions Inc.)
Company of Heroes (HKLM-x32\...\Steam App 4560) (Version:  - Relic)
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome LLC)
CopyTrans Control Center Uninstall Only (HKCU\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - )
CPUID CPU-Z 1.69 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version:  - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Electronic Arts)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - )
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DCoder Image Source (remove only) (HKLM-x32\...\DCoder Image Source) (Version:  - )
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
Dead Rising 2 (HKLM-x32\...\Steam App 45740) (Version:  - )
Dead Rising 2: Off the Record (HKLM-x32\...\Steam App 45770) (Version:  - )
Dead Space (HKLM-x32\...\Steam App 17470) (Version:  - EA Redwood Shores)
Definition Update for Microsoft Office 2010 (KB2899521) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{BEC38614-4337-4E47-9723-ED1BD35E5658}) (Version:  - Microsoft)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dictation Pro (HKLM-x32\...\Dictation Pro_is1) (Version:  - Deskshare Inc.)
DirectVobSub (remove only) (HKLM-x32\...\DirectVobSub) (Version:  - )
DOOM 3: BFG Edition (HKLM-x32\...\Steam App 208200) (Version:  - )
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
DScaler 5 Mpeg Decoders (HKLM-x32\...\DScaler 5 Mpeg Decoders_is1) (Version:  - )
Empire Earth II (HKLM-x32\...\{DF315348-721C-40B8-BAE2-58C6C7D935A2}) (Version:  - )
Empire Earth II Gold Edition (HKLM-x32\...\Empire Earth II Gold Edition_is1) (Version:  - GOG.com)
EphPod (HKLM-x32\...\EphPod) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Bethesda Softworks)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft)
ffdshow v1.2.4453 [2012-05-21] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4453.0 - )
FFMPEG Core Files (remove only) (HKLM-x32\...\FFMPEG Core Files) (Version:  - )
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Gabest MPEG Splitter (remove only) (HKLM-x32\...\Gabest MPEG Splitter) (Version:  - )
Geeks3D.com FurMark 1.10.1 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D.com)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version:  - Microsoft Game Studios)
Halo 2 for Windows Vista (x32 Version: 1.0.0.0 - Microsoft Corporation) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Unified IO (Version: 2.0.0.399 - HP) Hidden
HP Unified IO (x32 Version: 2.0.0.399 - HP) Hidden
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.0.0.009 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{5DC3BFF3-B84F-4CBE-B2BD-FB52B6C247CA}) (Version: 1.1.66.0 - HTC)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
Java™ 7 Update 4 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417004FF}) (Version: 7.0.40 - Oracle)
LAV Filters 0.58.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.58.2 - Hendrik Leppkes)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
MadVR (remove only) (HKLM-x32\...\MadVR) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
MechWarrior Online (HKCU\...\{74d11f91-05cc-44f6-8e49-94fe7f33c79b}) (Version: 1.2.0.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.2.0.0 - Piranha Games Inc.) Hidden
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - THQ)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version:  - NetherRealm Studios)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.1 - Black Tree Gaming)
NJStar Japanese WP (HKLM-x32\...\NJStar Japanese WP) (Version: 5.30 - NJStar Software Corp.)
NVIDIA Control Panel 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version:  - Timeslip)
One Way Heroics (HKLM-x32\...\Steam App 266210) (Version:  - Smoking WOLF)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenSource AVI Splitter (remove only) (HKLM-x32\...\OpenSource AVI Splitter) (Version:  - )
OpenSource DTS/AC3/DD+ Source Filter (remove only) (HKLM-x32\...\OpenSource DTS/AC3/DD+ Source Filter) (Version:  - )
OpenSource Flash Video Splitter (remove only) (HKLM-x32\...\OpenSource Flash Video Splitter) (Version:  - )
Oracle VM VirtualBox 4.1.12 (HKLM\...\{7492BCA7-9F62-4265-A727-DC26A9E3DF10}) (Version: 4.1.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDF Reader (HKLM-x32\...\PDF Reader) (Version:  - PDF Reader)
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version:  - PopCap)
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
RegClean Pro (HKLM-x32\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )
RollerCoaster Tycoon 2 Triple Thrill Pack (HKLM-x32\...\RollerCoaster Tycoon 2 Triple Thrill Pack_is1) (Version:  - GOG.com)
RollerCoaster Tycoon Deluxe (HKLM-x32\...\{924EAD66-F854-4605-8493-696DD59A113B}) (Version: 1.00.000 - )
S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version:  - GSC Game World)
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM-x32\...\Steam App 4500) (Version:  - GSC Game World)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shadow Warrior (HKLM-x32\...\Steam App 233130) (Version:  - Flying Wild Hog)
Sid Meier's Alpha Centauri (HKLM-x32\...\GOGPACKSIDMEIERSALPHACENTAURI_is1) (Version: 2.0.2.23 - GOG.com)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version:  - Maxis)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sound Blaster X-Fi (HKLM-x32\...\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}) (Version: 1.0 - )
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Stalker Complete 2009 v1.4.4 (HKLM-x32\...\{Stalker Complete 2009 v1.4.4}}_is1) (Version:  - )
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 2.0.8.25604 - Blizzard Entertainment)
Starpoint Gemini 2 (HKLM-x32\...\Steam App 236150) (Version:  - Little Green Men Games)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steam Trading Card Beta Access (HKLM-x32\...\Steam App 202352) (Version:  - )
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tom Clancy's Splinter Cell: Chaos Theory (HKLM-x32\...\Steam App 13570) (Version:  - Ubisoft Montreal)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - )
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version:  - )
Unigine Heaven Benchmark Advanced version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark Advanced_is1) (Version: 4.0 - Unigine Corp.)
Update for Microsoft Excel 2010 (KB2889935) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{A1EF8C47-61EE-4FC8-A871-41BFD084E104}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589386) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{B340E9EB-DDA6-40E7-8501-5B7BAEC6D25F}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687275) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{9505441B-65A1-4AD5-B727-0CE42D24D2B7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.STANDARD_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{69CF587A-D75B-47F8-9D59-3958C37C0A88}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{69CF587A-D75B-47F8-9D59-3958C37C0A88}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.STANDARD_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2889828) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.STANDARD_{569742BC-C32F-4C9C-9B21-18409AFF9599}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.STANDARD_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.STANDARD_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2878251) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{75C06E70-E3D5-4516-B60F-68E8FA132E2D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Warhammer 40,000 Space Marine (HKLM-x32\...\Steam App 55150) (Version:  - Relic)
Warhammer 40,000: Dawn of War - Game of the Year Edition (HKLM-x32\...\Steam App 4570) (Version:  - Relic)
Warhammer 40,000: Dawn of War – Winter Assault (HKLM-x32\...\Steam App 9310) (Version:  - Relic)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version:  - Relic)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version:  - Relic)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Wolfenstein: The New Order (HKLM-x32\...\Steam App 201810) (Version:  - Machine Games)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
XviD Video Codec (remove only) (HKLM-x32\...\XviD Video Codec) (Version:  - )
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version:  - )

========================= Devices: ================================

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 8168.89 MB
Available physical RAM: 5943.94 MB
Total Pagefile: 16635.96 MB
Available Pagefile: 14020.25 MB
Total Virtual: 4095.88 MB
Available Virtual: 3975.13 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:233.65 GB) (Free:96.84 GB) NTFS
3 Drive e: (Data) (Fixed) (Total:1863.01 GB) (Free:1135.57 GB) NTFS
4 Drive f: (Data) (Fixed) (Total:931.51 GB) (Free:373.65 GB) NTFS
5 Drive g: (RCT_DELUXE) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\RIG

Administrator            Guest                    Kevin                   

**** End of log ****

 

Farbar Service Scanner Version: 21-07-2014
Ran by Kevin (administrator) on 14-11-2014 at 14:38:56
Running from "C:\Users\Kevin\Desktop\Anti-Malware"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17420

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.304000 GHz
Memory total: 8565702656, free: 6335692800

Downloaded database version: v2014.11.14.10
Downloaded database version: v2014.11.12.01
=======================================
Initializing...
------------ Kernel report ------------
     11/14/2014 14:41:30
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\System32\DRIVERS\cmderd.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\inspect.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\ctaud2k.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ctoss2k.sys
\SystemRoot\system32\drivers\ctprxy2k.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\ha20x2k.sys
\SystemRoot\system32\drivers\emupia2k.sys
\SystemRoot\system32\drivers\ctsfm2k.sys
\SystemRoot\system32\drivers\ctac32k.sys
\SystemRoot\System32\drivers\CT20XUT.SYS
\SystemRoot\System32\drivers\CTEXFIFX.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Users\Kevin\AppData\Local\Temp\ALSysIO64.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\CTEDSPSY.DLL
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\comdlg32.dll
\Windows\System32\psapi.dll
\Windows\System32\imm32.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\clbcatq.dll
\Windows\System32\msctf.dll
\Windows\System32\ws2_32.dll
\Windows\System32\user32.dll
\Windows\System32\gdi32.dll
\Windows\System32\ole32.dll
\Windows\System32\setupapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\advapi32.dll
\Windows\System32\difxapi.dll
\Windows\System32\wininet.dll
\Windows\System32\Wldap32.dll
\Windows\System32\sechost.dll
\Windows\System32\lpk.dll
\Windows\System32\oleaut32.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\iertutil.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shell32.dll
\Windows\System32\nsi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shlwapi.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800782f060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xfffffa8007561060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800782e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-4\
Lower Device Object: 0xfffffa800757a3b0
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800782d060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\
Lower Device Object: 0xfffffa800756e060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800782e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800782eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800782e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800757a3b0, DeviceName: \Device\Ide\IdeDeviceP4T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800782d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800782db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800782d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80075719b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800756e060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CAF1703E

Partition information:

    Partition 0 type is Dynamic (0x42)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 1953523057

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A27AA27A

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 490008576

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250991630336 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa800782f060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800782fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800782f060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007564760, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007561060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C7393B0A

Partition information:

    Partition 0 type is Dynamic (0x42)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 3907027057

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished



#4 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 14 November 2014 - 08:58 PM

Uninstall these two from Programs and Features:

RegClean Pro
MyPC Backup

You have two antivirus program.Comodo Internet Security is not only a firewall I think.Why you need ZoneAlarm toolbar?

 

icon1349013334.jpgPlease download AdwCleaner by XplodeHERE onto your desktop.

    Close all open programs and internet browsers.
    Double click on AdwCleaner.exe to run the tool.
    Click on Scan.
    After the scan is complete click on "Clean"
    Confirm each time with Ok.
    Your computer will be rebooted automatically. A text file will open after the restart.
    Please post the content of that logfile with your next answer.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.

icon1351185104.pngPlease download Junkware Removal Tool HERE to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.

icon1356707420.jpgDownload Malwarebytes' Anti-Malware Free HERE to your desktop.
    - Do not accept the Free Trial Version at this time -
    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Thread scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.
How to open the log:
Open MalwareBytes Anti-Malware and then click on History
On the left column, select Application Logs. Select the most recent log among the list, it is usually the one on the top (or sort by date) and open it.
Go to the bottom left corner to Export and select Text File (*.txt)
Save it to the desktop

    Be sure to restart the computer if requested.

esetsmartinstaller_enu.pngPlease download the ESET Online Scanner HERE and save it to your Desktop.
Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
    Start esetsmartinstaller_enu.exe with administartor privileges.
    Select the option Yes, I accept the Terms of Use and click on Start.
    Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
    Now click on Advanced Settings and select the following:
        Scan for potentially unwanted applications
        Scan for potentially unsafe applications
        Enable Anti-Stealth Technology
    Click on Start. The virus signature database will begin to download. This may take some time.
    When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
    When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

Note: Do not forget to re-enable your antivirus application after running the above scan!
 

Thank you!



#5 4p3x90

4p3x90
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern California
  • Local time:03:32 AM

Posted 15 November 2014 - 07:00 AM

RegClean Pro and MyPC Backup and the remnants of the Zone Alarm toolbar were removed by Adwcleaner. I was sure that Comodo free firewall didn't come with an anti-virus, and If it did it never seems to run, nor does it conflict with MSE or Malwarebytes. On to the logs:

 

 

# AdwCleaner v4.101 - Report created 14/11/2014 at 23:38:35
# Updated 09/11/2014 by Xplode
# Database : 2014-11-13.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Kevin - RIG
# Running from : C:\Users\Kevin\Desktop\Anti-Malware\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Kevin\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Kevin\AppData\Local\Temp\PlurPush
Folder Deleted : C:\Users\Kevin\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Kevin\AppData\Local\Temp\Uninstall.exe

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC\HTC Sync Manager\Uninstall HTC Sync Manager.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKCU\Software\Nation Toolbar
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Nation Toolbar
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Mozilla Firefox v32.0.3 (x86 en-US)

-\\ Chromium v

-\\ Comodo Dragon v

*************************

AdwCleaner[R0].txt - [2168 octets] - [14/11/2014 23:34:57]
AdwCleaner[R1].txt - [2227 octets] - [14/11/2014 23:36:32]
AdwCleaner[S0].txt - [2219 octets] - [14/11/2014 23:38:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2279 octets] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Professional x64
Ran by Kevin on Fri 11/14/2014 at 23:50:32.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/14/2014 at 23:59:02.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/15/2014
Scan Time: 12:06:41 AM

Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.15.02
Rootkit Database: v2014.11.12.01
License: Free

Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kevin

 

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330676
Time Elapsed: 9 min, 44 sec

 

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

 

Processes: 0
(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0
(No malicious items detected)

(end)

 

ESET SCAN RESULTS:

 

C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
C:\Users\Kevin\AppData\Local\Temp\1_Offer_6.exe a variant of Win32/Reporter.A potentially unwanted application deleted - quarantined
C:\Users\Kevin\AppData\Local\Temp\ASK175D.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Users\Kevin\AppData\Local\Temp\ASKAAA.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Users\Kevin\AppData\Local\Temp\bitool.dll Win32/Somoto.B potentially unwanted application deleted - quarantined
C:\Users\Kevin\AppData\Local\Temp\ICReinstall_JDownloaderSetup_CH1.exe Win32/InstallCore potentially unwanted application deleted - quarantined
C:\Users\Kevin\AppData\Local\Temp\jar_cache4367011680097469585.tmp Java/Exploit.CVE-2012-1723.J trojan cleaned by deleting - quarantined
C:\Users\Kevin\AppData\Local\Temp\2428\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1ANCAWC2\khdxvvmee1[1].htm JS/Exploit.Agent.NHV trojan cleaned by deleting - quarantined
C:\Users\Kevin\AppData\Local\Temp\ICReinstall\cnet2_agsetup183se_exe.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined
C:\Users\Kevin\AppData\Local\Temp\is1598539481\BuzzdockSetup-Silent.exe multiple threats cleaned by deleting - quarantined
C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\5d99bec0-466fe109 Java/Exploit.CVE-2013-0422.CD trojan cleaned by deleting - quarantined
C:\Users\Kevin\Desktop\Baathist_6_Trainer_for_CoH_ToV_2.602.EXE a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined
C:\Users\Kevin\Desktop\Windows_8.1_Pro_X64_Activated.iso MSIL/HackTool.IdleKMS.C potentially unsafe application deleted - quarantined
E:\Data\Anime\anime (Licensed and Not)\Navel\Shuffle!\Navel Shuffle!\BGI.exe.old a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined
F:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application deleted - quarantined
F:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined

 

I know that some of the stuff that ESET picked up in the scan as malware or adware was harmless, so I restored about 4 items, nothing that was labeled as an exploit or Trojan though.
 



#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 15 November 2014 - 04:17 PM

Downloaddelfix.pngDelfix by Xplode HERE to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

    Activate UAC (optional; some users prefer to keep it off)
    Remove disinfection tools
    Create registry backup
    Reset system settings


Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

icon1365009334.jpgDownload HitmanPro x64 HERE onto your desktop.

Double-click on the file named HitmanPro.exe.It will be updated.When the program starts you will be presented with the start screen.Click on the Next button.Accept to store a copy of the program to your computer and click Next and it will start to scan.
When it has finished it will display a list of all the malware that the program found.Below next to button buy now is option Save log.Save it to your desktop and paste it here.The log can be found here:]C:\ProgramData\HitmanPro\Logs
 

Thank you!



#7 4p3x90

4p3x90
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern California
  • Local time:03:32 AM

Posted 16 November 2014 - 10:32 PM

Here is the log from Hitman Pro x64.

 

HitmanPro 3.7.9.232
www.hitmanpro.com
   Computer name . . . . : RIG
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Rig\Kevin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2014-11-16 18:32:14
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 15m 44s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 71
   Objects scanned . . . : 3,442,693
   Files scanned . . . . : 373,474
   Remnants scanned  . . : 1,824,835 files / 1,244,384 keys
Suspicious files ____________________________________________________________
   C:\Users\Kevin\AppData\Local\PunkBuster\BF3\pb\dll\wc002325.dll
      Size . . . . . . . : 959,376 bytes
      Age  . . . . . . . : 582.0 days (2013-04-13 17:57:12)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
   C:\Users\Kevin\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 959,376 bytes
      Age  . . . . . . . : 557.0 days (2013-05-08 17:54:12)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
   C:\Users\Kevin\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 959,376 bytes
      Age  . . . . . . . : 582.0 days (2013-04-13 17:52:55)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
   C:\Users\Kevin\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 137,992 bytes
      Age  . . . . . . . : 582.0 days (2013-04-13 17:53:19)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 21A3D2E3A063EA2F986EF1BAFD1A71F7FC9EDB3F69E0265E51A18DBC111084F1
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
   C:\Users\Kevin\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
      Size . . . . . . . : 953,886 bytes
      Age  . . . . . . . : 701.8 days (2012-12-14 23:59:29)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
   C:\Users\Kevin\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
      Size . . . . . . . : 953,886 bytes
      Age  . . . . . . . : 701.8 days (2012-12-14 23:59:29)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
   C:\Users\Kevin\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
      Size . . . . . . . : 138,032 bytes
      Age  . . . . . . . : 701.8 days (2012-12-14 23:59:50)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
   C:\Users\Kevin\AppData\Local\PunkBuster\HOS\pb\pbcl.dll
      Size . . . . . . . : 951,877 bytes
      Age  . . . . . . . : 135.9 days (2014-07-03 21:04:17)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 833CB80463E9181DBCC24242B392B70E6E80DD72A07B79727AB9936FCADEDD2A
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
   C:\Users\Kevin\AppData\Local\PunkBuster\HOS\pb\pbclold.dll
      Size . . . . . . . : 951,877 bytes
      Age  . . . . . . . : 534.7 days (2013-05-31 00:32:29)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 833CB80463E9181DBCC24242B392B70E6E80DD72A07B79727AB9936FCADEDD2A
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
   C:\Users\Kevin\AppData\Local\PunkBuster\HOS\pb\PnkBstrK.sys
      Size . . . . . . . : 140,304 bytes
      Age  . . . . . . . : 534.7 days (2013-05-31 00:32:52)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : E7BAC3CC5AD8D1B11C55BD39437326883D86657CE8EB61606C3BED5710945660
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
   C:\Users\Kevin\Desktop\Anti-Malware\FSS.exe
      Size . . . . . . . : 415,232 bytes
      Age  . . . . . . . : 3.7 days (2014-11-13 01:17:01)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 149759CADFDF8C19A4104C7DB08BA490D33CFBD29785640385239087B79E1FD2
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -71.1s C:\Users\Kevin\Desktop\Anti-Malware\
         -52.8s C:\Users\Kevin\Desktop\Anti-Malware\SecurityCheck.exe
         -48.7s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{12FA3BA5-979D-4CE6-9586-6A3AB529C0AA}
         -29.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{08E51F3F-0F62-413C-863A-80140F81E9F7}
          0.0s C:\Users\Kevin\Desktop\Anti-Malware\FSS.exe
          1.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D7475731-8DA5-445D-8545-EA100B488405}
         19.1s C:\Users\Kevin\Desktop\Anti-Malware\MiniToolBox.exe
         32.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B332FFA0-7280-41C3-BA84-11D4A5F966E6}
   C:\Users\Kevin\Desktop\Anti-Malware\MiniToolBox.exe
      Size . . . . . . . : 401,920 bytes
      Age  . . . . . . . : 3.7 days (2014-11-13 01:17:20)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 55ADA329F40AC0E0F13EC464E56D09C12078ADEF021A934F059BCD3E962EC46E
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -90.2s C:\Users\Kevin\Desktop\Anti-Malware\
         -71.9s C:\Users\Kevin\Desktop\Anti-Malware\SecurityCheck.exe
         -67.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{12FA3BA5-979D-4CE6-9586-6A3AB529C0AA}
         -48.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{08E51F3F-0F62-413C-863A-80140F81E9F7}
         -19.1s C:\Users\Kevin\Desktop\Anti-Malware\FSS.exe
         -17.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D7475731-8DA5-445D-8545-EA100B488405}
          0.0s C:\Users\Kevin\Desktop\Anti-Malware\MiniToolBox.exe
         13.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{B332FFA0-7280-41C3-BA84-11D4A5F966E6}
   C:\Users\Kevin\Desktop\Stalker CoP MODS\ArsenalOverhaul2\ArsenalOverhaul2\fov_switcher_v17\bin\fov_presets\1510_fov75.dll
      Size . . . . . . . : 7,025,344 bytes
      Age  . . . . . . . : 216.8 days (2014-04-13 23:36:15)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 63CBD5ACDF5296B19E40642CB5F597AA221819818FB9388A8BD66352EE6B6480
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 26.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
   C:\Users\Kevin\Desktop\Stalker CoP MODS\ArsenalOverhaul2\ArsenalOverhaul2\fov_switcher_v17\bin\fov_presets\1510_fov85.dll
      Size . . . . . . . : 7,025,344 bytes
      Age  . . . . . . . : 216.8 days (2014-04-13 23:36:15)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 40F1D8661C1C05EA460A9D498FB99FC354CD6821A53490194020B94689EB8873
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 26.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
   C:\Users\Kevin\Desktop\Stalker CoP MODS\ArsenalOverhaul2\ArsenalOverhaul2\fov_switcher_v17\bin\fov_presets\1510_fov90.dll
      Size . . . . . . . : 7,025,344 bytes
      Age  . . . . . . . : 216.8 days (2014-04-13 23:36:15)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : F99B7E488F12CFEA98DDF753BFF4E6033F681ED303E49A7B8614A28164FC5A77
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 26.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
   C:\Users\Kevin\Desktop\Stalker CoP MODS\ArsenalOverhaul2_2Lite\ArsenalOverhaul2_2Lite\fov_switcher_v17\bin\fov_presets\1510_fov75.dll
      Size . . . . . . . : 7,025,344 bytes
      Age  . . . . . . . : 215.9 days (2014-04-14 20:41:51)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 63CBD5ACDF5296B19E40642CB5F597AA221819818FB9388A8BD66352EE6B6480
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 26.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
   C:\Users\Kevin\Desktop\Stalker CoP MODS\ArsenalOverhaul2_2Lite\ArsenalOverhaul2_2Lite\fov_switcher_v17\bin\fov_presets\1510_fov85.dll
      Size . . . . . . . : 7,025,344 bytes
      Age  . . . . . . . : 215.9 days (2014-04-14 20:41:51)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 40F1D8661C1C05EA460A9D498FB99FC354CD6821A53490194020B94689EB8873
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 26.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
   C:\Users\Kevin\Desktop\Stalker CoP MODS\ArsenalOverhaul2_2Lite\ArsenalOverhaul2_2Lite\fov_switcher_v17\bin\fov_presets\1510_fov90.dll
      Size . . . . . . . : 7,025,344 bytes
      Age  . . . . . . . : 215.9 days (2014-04-14 20:41:51)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : F99B7E488F12CFEA98DDF753BFF4E6033F681ED303E49A7B8614A28164FC5A77
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 26.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

Cookies _____________________________________________________________________
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\134RLJQ4.txt
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\2GG2OS1Z.txt
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\2NYWQL7H.txt
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\3BJGTSR6.txt
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\8ZNGW4G0.txt
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\94LMK8S9.txt
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\FB2N55TO.txt
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\FT40UXXB.txt
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\G4DTW9UQ.txt
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\HRYNVGYS.txt
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\MKA8PQ0I.txt
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\MU3232EA.txt
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\OM8EJQLH.txt
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\RV7SIM0M.txt
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\TRB9R7W9.txt
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\VDGI3KCR.txt
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\XLW5VHHC.txt
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\XYSY4VVX.txt
   C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\ZOTDKYC8.txt
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:2o7.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:a1.interclick.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:ad.mangapanda.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:adbrite.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:ads.gplusmedia.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:ads.pointroll.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:advertising.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:apmebf.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:at.atwola.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:atdmt.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:c.atdmt.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:casalemedia.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:collective-media.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:doubleclick.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:h.atdmt.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:intelligentbeauty.122.2o7.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:interclick.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:invitemedia.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:kontera.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:media6degrees.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:mediaplex.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:pointroll.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:questionmarket.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:revsci.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:ru4.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:server.cpmstar.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:serving-sys.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:specificclick.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:statcounter.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:track.adform.net
   C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\m8qy3a9t.default\cookies.sqlite:tribalfusion.com


#8 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 16 November 2014 - 10:53 PM

I wanted to run first Delfix.This Punkbuster you need for Battlefield 3 and Far Cry 3?

 

Thank you!



#9 4p3x90

4p3x90
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern California
  • Local time:03:32 AM

Posted 17 November 2014 - 02:38 AM

Oh sorry, I forgot to write that... but I did run delfix first. Yea I need Punkbuster for BF3 and Far Cry 3



#10 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 17 November 2014 - 02:55 PM

Stalker CoP MODS - This you need also maybe so delete only Cookies with Hitman.

 

This Trojan invasion and because not sure for Backdoor but want to say if your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc).

 

The following programmes come highly recommended in the security community.

 

xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdblock  is a browser add-on that blocks annoying banners, pop-ups and video ads.
E8I37RF.pngCryptoPreventplaces policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
EG85Vjt.pngMalwarebytes Anti-ExploitMBAE is designed to prevent zero-day malware from exploiting vulnerable software.
xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.pngNoScriptis a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
3O8r9Uq.pngSandboxieisolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.pngSecuina PSIwill scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpgSpywareBlasteris a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust(WOT)is a browser add-on designed to alert you before interacting with a potentially malicious website.

 

Now:

 

icon1341514754.jpgPlease download Emsisoft Emergency Kit HERE
Double click on downloaded file..It will be extracted in C:\EEK
Double click the icon on the desktop.Click Yes to update.When is over click back and then Scan.Choose Yes to detect PUP`s.After that press Full Scan.At the end from above choose LOGS, tab Scan log and under there is an Export button.Post it here.
 

drweb.jpgAgree and download Dr.WEB CureIt HERE on your desktop.
Start the application.
Choose objects for scan.
Set ticks in all checkboxes
Below choose files and folders for scan.
Set ticks in checkboxes in all your drives/C,D,E etc./
Do a scan and post the result as screenshot.
Take-a-Screenshot
Upload snapshot here - http://tinypic.com/Paste the last link/Direct links for Layouts/ using picture icon under emoticons here
 

Thank you!



#11 4p3x90

4p3x90
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern California
  • Local time:03:32 AM

Posted 19 November 2014 - 06:07 PM

Stalker CoP MODS, is a folder full of Modifications for a PC game, nothing more, I guess the name makes it suspicious if you don't know the game. I'll be posting the other logs in a while, I had a family emergency this weekend and have not been able to do them yet, so I apologize, I'll get to them tonight.



#12 4p3x90

4p3x90
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern California
  • Local time:03:32 AM

Posted 21 November 2014 - 05:09 AM

Here is the Emsisoft scan report:

 

 

Emsisoft Emergency Kit - Version 9.0
Last update: 11/21/2014 1:25:39 AM
User account: Rig\Kevin

Scan settings:

Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 11/21/2014 1:25:57 AM

Scanned 194671
Found 0

Scan end: 11/21/2014 2:08:34 AM
Scan time: 0:42:37



#13 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 21 November 2014 - 03:44 PM

What is situation now compare to your first post?Is Microsoft Security Essentials alerting anything?



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 AM

Posted 15 December 2014 - 09:53 PM

Has this issued been resolved?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users