Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm not sure if I have malware, but suspect that I might


  • Please log in to reply
14 replies to this topic

#1 Retvan

Retvan

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 26 December 2014 - 06:56 AM

I'm running windows 7 32 bit with malwarebytes and avast free (and windows defender, but most of the time that stays out of the way). Recently, I noticed that the amount of free space on my hard drive seemed to be dropping quite remarkably (-6 GB per boot until I got down to about 11 GB free). The odd bit is that the total space taken up by files on the drive (including hidden and system files) if I select all of them is around 293 GB, but the system claims that 361 GB are being used. I thought this might be due to an issue with how I deleted some old virtual machine files, but the disk manager shows all the space as being properly part of the drive. So I suspect that some hidden thing has claimed around 68 GB of my hard drive. I also ran chkdsk and sfc in safe mode, and neither found any problems.

 

I went ahead and ran a MBAM threat scan, and it found a registry key for freeze.exe (which is odd in itself, since I've never visited that site and haven't noticed any screensaver malware, but I quarantined the key anyhow). The reason I'm asking for help is that MBAM has this nasty tendency to crash most of, but not all the time when it tries to scan my email appData folder in a custom scan with rootkit scanning enabled (with Exception code: 0xc0000005), and has for pretty much the entire year (without rootkit scanning, it works fine and finds nothing). I've also noticed quite a few failed logon audits in the event viewer of logon type 4 (since 7/9 of this year), trying to log into my account while I'm logged in (always with a NULL SID). Any idea what's going on?



BC AdBot (Login to Remove)

 


m

#2 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 26 December 2014 - 09:16 AM

Hello there     :welcome:
 
Welcome to Bleeping Computer, I'm LighthouseParty. Let's run a couple of scans to see what could be causing this.

:step1: Please download MiniToolBox to your desktop

  • Double click MiniToolBox.
  • Select the following and then press go.
  • Post the log in your next reply.

Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Installed Programs
List Restore Points

:step2: Please download Malwarebytes Anti-Malware to your desktop

  • Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  • On the dashboard, click update now.
  • After that, click scan now - the scan will now begin.
  • When the scan's completed, select apply actions - make sure the action is quarantine.
  • Restart your computer.

How to get the log.

  • On the dashboard, select the history tab and click application logs.
  • Select the log which has the time and date of when you did the scan.
  • Click copy to clipboard and paste it into your reply.

Please also include your previous Malwarebytes Anti-Malware log.

 

:step3: Please download Security Check to your desktop

  • Double click SecurityCheck and follow the on-screen instructions.
  • A log should open, called checkup.txt.
  • Please post the contents of it in your next reply.

:step4: Please download Malwarebytes Anti-Rootkit to your desktop

  • Double click it and click ok (Make sure to extract it to your desktop)
  • When it opens, click next and then update.
  • After it's updated, click next and then scan.
  • If malware is detected, select clean, then restart your computer.
  • Open 'MBAR' on your desktop and paste the contens in your reply of the following logs:
  • mbar-log-xx.xx.xx.txt and system-log.txt.

:step5: Non-malware removal steps

Run System File Checker - http://support.microsoft.com/KB/929833
Run Disk Check - http://support.microsoft.com/kb/2641432
Run Disk Cleanup - http://windows.microsoft.com/en-gb/windows/delete-files-using-disk-cleanup

Thanks and good luck!



#3 Retvan

Retvan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  

Posted 27 December 2014 - 01:13 AM

I ran minitoolbox from another location than my desktop, but it seems to have worked (the log is rather long, so I would attach it but the attach functionality seems to be not avaliable in this thread? Just a my media link which shows older attachments without an option to upload new ones). Securitycheck claims firefox is out of date, but according to firefox itself it's the current version, so I'm not sure what's going on there. MBAR did find something (not sure if Trojan.Poweliks.B is a rootkit or not) and said it removed it. And finally, both MBAR and securitycheck say that there's 4 partitions on my drive, 3 of which are empty (the space issue is probably related to that). So, I guess I'll paste in all the logs in order.

 

Minitoolbox

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Ra (administrator) on 26-12-2014 at 12:52:14
Running from "C:\Users\Ra\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.



=========================== Installed Programs ============================
32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden
3DMark 11 (HKLM\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.3 - Futuremark Corporation)
7 Grand Steps, Step 1: What Ancients Begat (HKLM\...\Steam App 238930) (Version:  - Mousechief)
7-Zip 9.32 alpha (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe AIR (Version: 15.0.0.356 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Refresh Manager (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Age of Empires III: Complete Collection (HKLM\...\GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}) (Version: 1.0.0000.1 - Microsoft Game Studios)
Age of Empires III: Complete Collection (Version: 1.0.0000.1 - Microsoft Game Studios) Hidden
Age of Wonders (HKLM\...\GOGPACKAOM1_is1) (Version: 2.0.0.13 - GOG.com)
AI Suite (HKLM\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 2.00.02 - )
AI War - Ancient Shadows (HKLM\...\AI War - Ancient Shadows 6.000) (Version: 6.000 - Arcen Games, LLC)
AMD Accelerated Video Transcoding (Version: 13.30.100.41120 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{DE7D695C-2EC7-AFDF-F786-6E938DE83175}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Analogue: A Hate Story (HKLM\...\Steam App 209370) (Version:  - Christine Love)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
applicationupdater (HKCU\...\SOE-C:/Users/Ra/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version:  - Sony Online Entertainment)
Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ArmageddonEmpiresDemo (HKLM\...\{FB0E849E-3D36-461C-BE6A-ED8F23A6DAD7}) (Version:  - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
ASUSUpdate (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
Aurora (HKLM\...\ST6UNST #1) (Version:  - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bastion (HKLM\...\Steam App 107100) (Version:  - Supergiant Games)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Build Your Own Net Dream (remove only) (HKLM\...\Build Your Own Net Dream) (Version:  - )
CamStudio Lossless Codec v1.5 (HKLM\...\camcodec) (Version: 1.5 - CamStudio)
CamStudio version 2.7 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
Cities in Motion (HKLM\...\Steam App 73010) (Version:  - Colossal Order Ltd.)
Core FTP LE (HKLM\...\CoreFTP) (Version:  - )
Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Crusader Kings II (HKLM\...\Steam App 203770) (Version:  - Paradox)
Defender's Quest: Valley of the Forgotten (HKLM\...\Steam App 218410) (Version:  - Level Up Labs, LLC)
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{C8358E8D-6C89-41B3-8439-FEFBC0353D81}) (Version:  - Microsoft)
Divine Wind version 5.0 (HKLM\...\{FCBC2F99-5AB2-4461-9C52-B7353FF68D58}_is1) (Version: 5.0 - GamersGate)
Divine Wind version 5.2 (HKLM\...\Divine Wind_is1) (Version: 5.2 - Paradox Interactive)
Download Manager 2.3.10 (HKLM\...\Download Manager) (Version: 2.3.10 - IGN Entertainment, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
Droplitz (HKLM\...\Steam App 23120) (Version:  - Blitz Games Studio, Ltd.)
Endless Space (HKLM\...\Steam App 208140) (Version:  - Amplitude Studios)
Eufloria (HKLM\...\Steam App 41210) (Version:  - Rudolf Kremers & Alex May)
EVE Isk per Hour (HKLM\...\{61A1A5A8-2835-46CD-9429-A8F4CFEE6657}) (Version: 2.2 - EVE IPH)
EVEMon (HKLM\...\EVEMon) (Version: 1.9.0 - battleclinic.com)
Evil Genius (HKLM\...\Steam App 3720) (Version:  - Elixir Studios)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
Foldit (HKLM\...\Foldit) (Version:  - )
Fraps (HKLM\...\Fraps) (Version:  - )
Freedom Force (HKLM\...\Steam App 8880) (Version:  - Irrational Games)
FreeUndelete 2.1.36867.1 (HKLM\...\{0F5ADA2F-C0B2-4AD6-8FF7-7DFA9D6B4CBA}) (Version: 2.1.36867.1 - Recoveronix)
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version:  - )
Futuremark SystemInfo (HKLM\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.9.0 - Futuremark Corporation)
GameFly (HKLM\...\GameFly) (Version: 1.2.378 - GameFly, Inc.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GnuCash 2.4.11 (HKLM\...\GnuCash_is1) (Version:  - GnuCash Development Team)
GOG.com Downloader version 3.6.0 (HKLM\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
GOG.com Planescape Torment (HKLM\...\{8f376ce2-c213-4a6c-a329-0b2a7eb2bad8}.sdb) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Greed Corp (HKLM\...\Steam App 48950) (Version:  - )
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hate Plus (HKLM\...\Steam App 239700) (Version:  - Christine Love)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hegemony: Philip of Macedon (HKLM\...\Steam App 90100) (Version:  - Longbow Games)
Heir to the Throne (HKLM\...\Heir to the Throne_is1) (Version:  - GamersGate)
Heritage of Kings The Settlers (HKLM\...\Heritage of Kings The Settlers) (Version: 1.6.217.0 - Ubisoft)
Heroine's Quest version 1.0 (HKLM\...\{204D4EF9-7415-4927-8B42-99D2F88F1149}_is1) (Version: 1.0 - Crystal Shard)
HEX (HKLM\...\{E31B651A-B48C-423C-8D0D-855756C8B7E8}_is1) (Version:  - HEX Entertainment)
Hinterland (HKLM\...\Steam App 17140) (Version:  - Tilted Mill Entertainment, Inc.)
HP Photosmart Prem C410 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}) (Version: 14.0 - HP)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Imperialism (HKLM\...\GOGPACKIMPERIALISM_is1) (Version: 2.0.0.7 - GOG.com)
Imperialism II - Age of Exploration (HKLM\...\GOGPACKIMPERIALISM2_is1) (Version: 2.0.0.4 - GOG.com)
In Nomine 1.0 (HKLM\...\In Nomine_is1) (Version:  - Paradox Interactive)
Infinit (remove only) (HKLM\...\Infinit) (Version:  - )
Infinity Wars - Animated Trading Card Game (HKLM\...\Steam App 257730) (Version:  - Lightmare Studios)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (Version: 2.8.25.18 - Oracle Corporation) Hidden
Kingdoms of Amalur: Reckoning™ (HKLM\...\Steam App 102500) (Version:  - Big Huge Games)
King's Bounty: The Legend (HKLM\...\Steam App 25900) (Version:  - Katauri)
LibreOffice 4.2 Help Pack (English (United States)) (HKLM\...\{AF26349C-D126-4AAE-AF6B-D9D160B8E6E0}) (Version: 4.2.8.2 - The Document Foundation)
LibreOffice 4.2.8.2 (HKLM\...\{2D3234B2-FC7B-41CD-9FC8-4F9C2C20C131}) (Version: 4.2.8.2 - The Document Foundation)
Linksys Wireless-N USB Network Adapter Driver - WUSB300N (HKLM\...\{DCD3471D-4DDA-4DC2-8B9F-A662D0C362AC}) (Version: 1.0 - Linksys, A Division of Cisco Systems, Inc.)
LOLReplay (HKLM\...\LOLReplay) (Version: 0.8.3.0 - www.leaguereplays.com)
LuaEdit 2010 (x86 - 3.0.10.0) (HKLM\...\LuaEdit 2010_is1) (Version:  - Open Source)
Lumines (HKLM\...\Steam App 11900) (Version:  - Q Entertainment)
Magicka (HKLM\...\Steam App 42910) (Version:  - Arrowhead Game Studios AB)
Majesty 2 Collection (HKLM\...\Steam App 73020) (Version:  - 1C:InoCo)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Master of Mana 1.42 (HKLM\...\{CB5CB8BF-D93F-4CCD-9D87-29368010DB2A}_is1) (Version:  - )
MathGV 4.1 (HKLM\...\{D30F78E6-2A82-48E5-94A9-D295D64501BF}) (Version: 4.1.0 - MathGV)
Memoir'44 Online 1.2.0 (HKLM\...\3939-6471-8727-9409) (Version: 1.2.0 - Days of Wonder)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 (HKLM\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office SharePoint Designer 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version:  - Microsoft)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office SharePoint Designer 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SharePoint Designer 2010 (HKLM\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 12.0 (x86 en-US) (HKLM\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla)
Mozilla Firefox 34.0 (x86 en-US) (HKCU\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKCU\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
Mumble 1.2.6 (HKLM\...\{461A5021-EE14-4E57-9A06-8ABCE9C38FE4}) (Version: 1.2.6 - Thorvald Natvig)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Napoleon's Ambition (HKLM\...\Napoleon's Ambition_is1) (Version:  - Paradox Interactive)
NCsoft Launcher (HKLM\...\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}) (Version: 1.5.25.1 - NCsoft)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA Install Application (Version: 2.1002.66.342 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 4.3.16 (HKLM\...\{346795FE-9B53-48C0-A8E7-CC54B7EF7C1F}) (Version: 4.3.16 - Oracle Corporation)
Origin (HKLM\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
Papers, Please (HKLM\...\Steam App 239030) (Version:  - 3909)
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.92 - ASUSTeK Computer Inc.)
Peggle Deluxe (HKLM\...\Peggle Deluxe) (Version:  - PopCap Games)
Pidgin (HKLM\...\Pidgin) (Version: 2.10.9 - )
pidgin-otr 4.0.0-1 (HKLM\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Planescape Torment (HKLM\...\GOGPACKPLANESCAPETORMENT_is1) (Version: 2.0.0.8 - GOG.com)
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
Platform (Version: 1.39 - VIA Technologies, Inc.) Hidden
Poker Night at the Inventory (HKLM\...\Steam App 31280) (Version:  - Telltale Games)
POWERPREP II (HKLM\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 1.00.0000 - ETS)
PS_AIO_07_C410_SW_Min (Version: 140.0.273.000 - Hewlett-Packard) Hidden
Puzzle Quest (HKLM\...\Steam App 12500) (Version:  - Infinite Interactive)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAD Video Tools (HKLM\...\RADVideo) (Version:  - )
Rails (HKLM\...\{99623818-2B55-4EF7-9329-6BF385986163}) (Version: 1.0.0 - Pluto Scarab Software)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.19.0 - Ralink)
Raptr (HKLM\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
Samsung SideSync 3.0 (HKLM\...\Samsung SideSync) (Version: 3.1.4.827 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Scrivener (HKLM\...\Scrivener 1610) (Version: 1610 - Literature and Latte)
Scrolls (HKLM\...\{AA53ACF4-5893-4F7C-8589-32F6A4266125}) (Version: 1.0.0.0 - Mojang)
SeaMonkey 2.26 (x86 en-US) (HKLM\...\SeaMonkey 2.26 (x86 en-US)) (Version: 2.26 - Mozilla)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{8B883A57-E4BC-4745-8E6C-68168850F9DD}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Settlers 2 GOLD (HKLM\...\Settlers 2 GOLD_is1) (Version:  - GOG.com)
Shadowrun Returns (HKLM\...\Steam App 234650) (Version:  - Harebrained Schemes)
Sid Meier's Civilization IV (HKLM\...\Steam App 3900) (Version:  - Firaxis Games)
Sid Meier's Civilization IV: Beyond the Sword (HKLM\...\Steam App 8800) (Version:  - Firaxis Games)
Sid Meier's Civilization IV: Warlords (HKLM\...\Steam App 3990) (Version:  - Firaxis Games)
Sid Meier's Civilization V (HKLM\...\Civilization V) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization V SDK (HKLM\...\Steam App 16830) (Version:  - Firaxis Games)
Sid Meier's Railroad Tycoon (HKLM\...\Sid Meier's Railroad Tycoon) (Version: 1.0 - 2K Games)
Sid Meier's Railroads! (HKLM\...\{141154CC-B23D-40E0-8242-1A747CA9B482}) (Version: 1.10 - Firaxis Games)
SimCity 2000 Special Edition (HKLM\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.80.4.50 - Conexant Systems)
SolForge (HKLM\...\Steam App 232450) (Version:  - Stone Blade Entertainment)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
StarCraft II (HKLM\...\StarCraft II) (Version:  - Blizzard Entertainment)
StarTopia (HKLM\...\GOGPACKANSTARTOPIA_is1) (Version: 2.0.0.17 - GOG.com)
Ticket to Ride (HKLM\...\Steam App 108200) (Version:  - )
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Torchlight II (HKLM\...\Steam App 200710) (Version:  - Runic Games)
Tribler (HKLM\...\Tribler) (Version: 6.4.0 - The Tribler Team)
Underlord 1.5 (HKLM\...\Underlord15) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{8BEEA2FC-D416-428A-B52A-A3ED45921151}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{A12F43A5-CF0B-44E3-942F-2441CD442F0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{D1C4AD0B-CC79-41D2-8D6A-571E7B30658C}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition (HKLM\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{CFB80344-FCBA-4C03-AD77-D49E82F14C3E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SharePointDesigner_{C1954E2B-1672-4E5C-B564-F8CB2D08345B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{E762A933-274B-4860-B066-A39FAB0838FD}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SharePointDesigner_{A7AA9E77-A9F4-4596-8AFD-4910FF258C3D}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675) (HKLM\...\{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{9A9DF47B-DB4B-485D-8211-7430ABEC5259}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinSCP 5.1.1 (HKLM\...\winscp3_is1) (Version: 5.1.1 - Martin Prikryl)
Wise Disk Cleaner 7.67 (HKLM\...\Wise Disk Cleaner_is1) (Version:  - WiseCleaner.com, Inc.)
Wise Registry Cleaner 7.52 (HKLM\...\Wise Registry Cleaner_is1) (Version:  - WiseCleaner.com, Inc.)
Wizardry 8 (HKLM\...\Wizardry 8) (Version:  - )
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM\...\x264vfw) (Version:  - )
Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.3.2011.2 - URSoft, Inc.)
========================= Restore Points ==================================

09-12-2014 21:59:39 Windows Update
09-12-2014 23:15:46 Windows Update
12-12-2014 01:50:49 Windows Update
14-12-2014 13:26:32 Installed Scrolls
16-12-2014 09:23:38 Windows Update
18-12-2014 14:16:11 Windows Update
21-12-2014 21:58:44 Installed LibreOffice 4.2.8.2
21-12-2014 22:06:13 Installed LibreOffice 4.2 Help Pack (English (United States))
23-12-2014 16:53:19 Windows Update
26-12-2014 20:37:14 Windows Update

**** End of log ****
 MBAM Log 1

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/26/2014
Scan Time: 2:28:08 AM
Logfile: MBAM log 12-26-2014.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.26.06
Rootkit Database: v2014.12.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Ra

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359281
Time Elapsed: 22 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.MyFreeze.A, HKLM\SOFTWARE\Freeze.com, Quarantined, [ff6f96d1aad277bfd22a3b21976c7987],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

MBAM Log 2

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/26/2014
Scan Time: 12:56:55 PM
Logfile: MBAM log 2.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.26.11
Rootkit Database: v2014.12.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Ra

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359447
Time Elapsed: 23 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Security Check

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Wise Disk Cleaner 7.67  
 Wise Registry Cleaner 7.52  
 Java 8 Update 20  
 Java 8 Update 25  
 Java version 32-bit out of Date!
 Adobe Flash Player     16.0.0.235  
 Adobe Reader XI  
 Mozilla Firefox 12.0 Firefox out of Date!  
 Google Chrome (39.0.2171.71)
 Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

MBAR

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.12.27.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
Ra :: RA-PC [administrator]

12/26/2014 4:46:13 PM
mbar-log-2014-12-26 (16-46-13).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 378144
Time elapsed: 34 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKU\S-1-5-21-3335109581-3980037853-3234743988-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} (Trojan.Poweliks. B) -> Delete on reboot. [27a60661116b5cda18523cc6a7593cc4]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.515000 GHz
Memory total: 3487686656, free: 1889390592

Downloaded database version: v2014.12.27.01
Downloaded database version: v2014.12.23.02
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
     12/26/2014 16:46:01
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\giveio.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\AsUpIO.sys
\SystemRoot\system32\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\drivers\iviaspi.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW73.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\??\C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\system32\DRIVERS\XAudio32.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\lpk.dll
\Windows\System32\clbcatq.dll
\Windows\System32\normaliz.dll
\Windows\System32\shlwapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\sechost.dll
\Windows\System32\oleaut32.dll
\Windows\System32\gdi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shell32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\difxapi.dll
\Windows\System32\user32.dll
\Windows\System32\nsi.dll
\Windows\System32\urlmon.dll
\Windows\System32\ole32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\advapi32.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\Wldap32.dll
\Windows\System32\imm32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\psapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\iertutil.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86e0f860
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-4\
Lower Device Object: 0xffffffff86cae908
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86e0f860, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86e0f498, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86e0f860, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86c76918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86cae908, DeviceName: \Device\Ide\IdeDeviceP3T1L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1158040A

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 781420544
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 400088457216 bytes
Sector size: 512 bytes

Done!
Infected: HKU\S-1-5-21-3335109581-3980037853-3234743988-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Removal successful. No system shutdown is required.
=======================================

 



#4 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 27 December 2014 - 05:23 AM

Quote

Registry Keys Detected: 1
HKU\S-1-5-21-3335109581-3980037853-3234743988-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} (Trojan.Poweliks. B) -> Delete on reboot. [27a60661116b5cda18523cc6a7593cc4]


ESET Poweliks Cleaner

  • Please click here to download ESET Poweliks Cleaner to your desktop.
  • Double-click ESETPoweliksCleaner.exe.
  • Read through the licence agreements and then click agree.
  • The scan will now begin.

If the scanner detects a powelik detection, it will notify you. Press Y to remove it - it should then say the following: Win32/Poweliks was successfully removed from your system. Press any key and reboot your system. A log will be created on the desktop, please paste the contents of it into your next reply.
 
Alternatively, if it doesn't detect a powelik, please let me know!



#5 Retvan

Retvan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 27 December 2014 - 06:06 AM

 

Quote

Registry Keys Detected: 1
HKU\S-1-5-21-3335109581-3980037853-3234743988-1000_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} (Trojan.Poweliks. B) -> Delete on reboot. [27a60661116b5cda18523cc6a7593cc4]


ESET Poweliks Cleaner

  • Please click here to download ESET Poweliks Cleaner to your desktop.
  • Double-click ESETPoweliksCleaner.exe.
  • Read through the licence agreements and then click agree.
  • The scan will now begin.

If the scanner detects a powelik detection, it will notify you. Press Y to remove it - it should then say the following: Win32/Poweliks was successfully removed from your system. Press any key and reboot your system. A log will be created on the desktop, please paste the contents of it into your next reply.
 
Alternatively, if it doesn't detect a powelik, please let me know!

 

It didn't find anything (so I assume when MBAR said it was able to kill it without requiring a reboot it worked even though I rebooted).


Edited by Retvan, 27 December 2014 - 06:07 AM.


#6 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 27 December 2014 - 06:45 AM

Hello there,

:step1: Please uninstall some programs
 
There's currently some programs on your PC that we need to remove, for the time-being at least. Press the Windows + R key on your keyboard and type in appwiz.cpl and press enter. Navigate to each of the following below one-by-one and click uninstall:

  • Your Uninstaller! 7
  • Wise Registry Cleaner 7.52
  • Wise Disk Cleaner 7.67
  • Java 8 Update 25
  • Java 8 Update 20

If any programs listed above aren't in Programs and Features, you can just skip them. Please download JavaRa from here and once opened it, select 'remove JRE' (If that's not there, select remove Java Runtime). Make sure you skip the re-install Java option!

:step2: Please download rKill to your desktop

  • Double click it (Win 7, 8 and Vista users, right-click and select run as admin)
  • The tool will run and then a log file should open.
  • Please post the contents of it in your next reply.

Please don't restart your computer before running the next step.

:step3: Please download AdwCleaner to your desktop

  • Double click adwcleaner_x.xxx.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • If prompted, click I agree.
  • Click scan. When it's finished, select clean.
  • Allow AdwCleaner to restart your computer.
  • Once your computer's restarted, a log should appear.
  • Please post this in your next reply.

:step4: Please download Junkware Removal Tool to your desktop

  • Double click JRT.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • Press any key and the scan will begin.
  • At the end, a log will open. Please post this in your next reply.

:step5: Please visit the ESET Online Scanner webpage
:exclame: Internet Explorer MUST be used for this step.  :exclame:

  • Click the checkbox next to 'Yes, I accept the Terms of Use' and click start.
  • Select the checkboxes which are displayed in the picture below.

jqnp8z.png

  • Press start and the scan will now begin - this scan will take a long time.
  • When the scand finished, select list threats and then export.
  • Choose a name for the log (e.g ESET) and click save (to your desktop)
  • Press the back button and then click finish. Please include the contents of the log in your reply.


#7 Retvan

Retvan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  

Posted 28 December 2014 - 12:17 AM

I think most of the things ESET found were innocuous (except for the yu2011 cnet thing- I'm not entirely sure what that was), but none of them were really necessary either. RKill's first log appears to have vanished, but from what I can recall it reset @ to ! and shifted some other .exe stuff, but didn't find anything else. I ran it again on the desktop and it didn't find anything. I'm somewhat curious as to why both adware cleaner and jrt felt the need to alter social fixer's preferences.

 

RKill (second run)

Rkill 2.6.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/27/2014 01:40:18 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 12/27/2014 01:40:26 PM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)
 

Adware Cleaner (S0 log)

# AdwCleaner v4.106 - Report created 27/12/2014 at 13:44:09
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Ra - RA-PC
# Running from : C:\Users\Ra\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files\Uniblue
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Users\Ra\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\Ra\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Ra\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Ra\AppData\Roaming\Uniblue
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Myfree Codec

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v12.0 (en-US)

[9q7qpcdp.Ra\prefs.js] - Line Deleted : user_pref("socialfixer.558499602/cached_content/donate_pagelet", "{\"expires_on\":1365203206381,\"content\":\"<div style=\\\"background-color:#ffffcc;border:1px solid #cccc99;padding:5px;-moz-border-r[...]
[default.026\prefs.js] - Line Deleted : user_pref("adblock.patterns", "hxxp://media.fastclick.net/w/pop.cgi?sid=23377&m=2&tp=2&v=1.8&c=30 hxxp://pagead2.googlesyndication.com/pagead/show_ads.js hxxp://pagead2.googlesyndication.com/pagead/ad[...]
[default.026\prefs.js] - Line Deleted : user_pref("avg.toolbar.buttons_icon", ",,chrome://avg/skin/safesurf.png,chrome://avg/skin/safesurf.png,chrome://avg/skin/safesearch.png,chrome://avg/skin/avglinks.png,chrome://avg/skin/avglinks.png,")[...]

-\\ Google Chrome v39.0.2171.95

[C:\Users\Ra\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Ra\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\Ra\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Ra\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4338 octets] - [27/12/2014 13:41:35]
AdwCleaner[S0].txt - [4660 octets] - [27/12/2014 13:44:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4720 octets] ##########
 

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x86
Ran by Ra on Sat 12/27/2014 at 13:56:01.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AF06CF41-7B41-421A-B208-C342E8E6D4A4}



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\myfree codec"



~~~ FireFox

Successfully deleted the following from C:\Users\Ra\AppData\Roaming\mozilla\firefox\profiles\9q7qpcdp.Ra\prefs.js

user_pref("socialfixer.502223712/friendslist", "for (;;);{\"__ar\":1,\"payload\":{\"entries\":[{\"uid\":710629111,\"photo\":\"hxxps:\\/\\/fbcdn-profile-a.akamaihd.net\\/hprofi
user_pref("socialfixer.502223712/prefs", "{\"update_show_after\":1389882189053,\"friend_tracker\":{\"friends\":{\"710629111\":{\"name\":\"Ngoc Nguyen\",\"added\":1377907441983
user_pref("socialfixer.502223712/typeahead_new", "for (;;);{\"__ar\":1,\"payload\":{\"entries\":[{\"uid\":502223712,\"photo\":\"hxxps:\\/\\/fbcdn-profile-a.akamaihd.net\\/hpro
Emptied folder: C:\Users\Ra\AppData\Roaming\mozilla\firefox\profiles\9q7qpcdp.Ra\minidumps [1443 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/27/2014 at 13:58:44.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

ESET

C:\My Downloads\cnet_LuxandBlinkSetup_exe.exe    a variant of Win32/InstallCore.D potentially unwanted application    deleted - quarantined
C:\My Downloads\SetupImgBurn_2.5.7.0.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted - quarantined
C:\My Downloads\yu2011setupcnet7.3.2011.2.exe    Win32/Toolbar.Zugo potentially unwanted application    deleted - quarantined
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll    a variant of Win32/Adware.Toolbar.Visicom.AB application    cleaned by deleting - quarantined
C:\Users\Ra\AppData\Local\VirtualStore\Program Files\gPotato\AikaOnline\AIKAClientEN100211.zip    a variant of Win32/Packed.Themida potentially unwanted application    deleted - quarantined
C:\Users\Ra\Downloads\cbsidlm-tr1_13-Supreme_Commander_demo-ORG-10637347.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
C:\Users\Ra\Downloads\FreeMouseAutoClickerSetup.exe    Win32/InstallMonetizer.AF potentially unwanted application    deleted - quarantined



#8 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 28 December 2014 - 04:43 AM

How is the PC running now?



#9 Retvan

Retvan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 28 December 2014 - 05:56 AM

How is the PC running now?

It seems to be running about as well as it was previously- but looking deeper in the event logs I noticed something interesting. I'm part of a network that I have set to public, so other computers on the network shouldn't be able to see or access mine (based on my settings- network discovery set to off). But looking at the event logs, I noticed quite a few anonymous logons (as many as one every 12 minutes) from another computer on the network that shouldn't have access. They were of the form "An account was successfully logged on. Security ID NULL SID, Logon ID 0x0. Logon type 3. New Logon- Security ID anonymous logon, account name anonymous logon, account domain NT authority, logon ID some hexadecimal number, and logon GUID a bunch of zeroes. Process ID- 0x0, process name blank. Then the network name of the computer and it's IP address, and then logon process NtLmSsp, authentication package NTLM." The logons seem to happen in pairs (identical except for the logon ID and the port number) and are followed by logoffs in pairs 12 seconds later. Is there some normal windows domain process that would lead to another computer on the network constantly logging into and out of mine?

Also, something tried to login to the guest account on my computer (which is disabled) 5 times over 4 minutes while I was writing this- I don't know whether it was just regular processes doing something (since it said explorer.exe and dllhost.exe were the calling processes) or another malicious attempt. Finally, every so often there's a successful local login, seperate from mine of SYSTEM from services.exe with a special login attached, and I'm not sure whether that's normal system workings or something else going on.



#10 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 28 December 2014 - 06:12 AM

I'm not exactly sure what to advice you to do in regards to the network issue.. you may create a new thread in the Networking forum.

For one last final step, please download Delfix from here and save it to your desktop. Right-click it and select run as administrator. Select the following and press run:

  • Remove disinfection tools
  • Purge system restore

To prevent infections in the future, I recommend you install the programs below:

Please also update Firefox to the latest version, instructions can be found here.

 

Happy surfing!



#11 Retvan

Retvan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  

Posted 28 December 2014 - 08:19 AM

One other thing- MBAM still crashes when I try to have it scan thunderbird's appdata with rootkit detection enabled (although MBAR says everything's fine). Is MBAM's rootkit detection functionality just broken, or is there something else going on there that I might want to be concerned about?



#12 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 28 December 2014 - 11:14 AM

I think that's possibly just a glitch.



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:49 AM

Posted 29 December 2014 - 03:56 PM

If you have "Scan for rootkits" enabled (new MBAM 2.0 feature), it will increase the length of the average scan time from previous versions and sometimes cause the scanner to stall (hang), freeze) or become unstable. This defeats the purpose of routinely using the recommended THREAT Scan to quickly check the most prevalent places for active malware. As such, it is disabled by default and should remain disabled when perform routine THREAT Scans.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Retvan

Retvan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  

Posted 08 January 2015 - 01:52 PM

Also, what should I assume was compromised by poweliks (passwords, files ect)? I've only been able to find one article on it that wasn't very clear on its capabilities.



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:49 AM

Posted 08 January 2015 - 02:51 PM

What is Poweliks?

Poweliks has the ability to download more malicious files so systems risk being infected by other malware, causing a more damaging infection and compromising security. Once the malware compromises a machine it's able to receive commands from a remote attacker and has the capability to steal system information which may be used by cyber-criminals to launch other attacks.

Although it has the ability to download more malicious files...this does not always happen and does not appear to have happened in your case.

However IMO, anytime you encounter a malware infection on your computer or believe it has been hacked, especially if that computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities. You should consider them to be compromised and change passwords from a clean computer as a precaution, not the infected one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users