Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COM Surrogate virus / also csrss.exe


  • This topic is locked This topic is locked
10 replies to this topic

#1 theyreinmycomputeryo

theyreinmycomputeryo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 13 January 2015 - 05:49 PM

Please help me remove this! Also seem to have csrss.exe? How do I know if this is normal or the Sober.Trojan?

SLOW COMPUTER ONLY AS OF LATELY. Memory completely taken up. Feels like someone else is roaming around with me? HELP please! :)

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.71.2
Run by Admin at 16:34:45 on 2015-01-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4086.1011 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: AVG Internet Security 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG Internet Security 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2015 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\ProgramData\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\SoulseekNS\slsk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Users\Admin\AppData\Roaming\Spotify\spotify.exe
C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [uTorrent] "C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Spotify Web Helper] "C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Admin\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRunOnce: [Adobe Speed Launcher] 1421149531
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 24.220.0.10 24.220.0.11
TCP: Interfaces\{07B811AE-3569-437C-A4CA-A92CB783B8A2} : DHCPNameServer = 24.220.0.10 24.220.0.11
TCP: Interfaces\{07B811AE-3569-437C-A4CA-A92CB783B8A2}\133393F513434786 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{07B811AE-3569-437C-A4CA-A92CB783B8A2}\2556460225F6F6660294E6E6 : DHCPNameServer = 24.220.0.10 24.220.0.11
TCP: Interfaces\{07B811AE-3569-437C-A4CA-A92CB783B8A2}\355707562702830275966496 : DHCPNameServer = 192.168.96.1
TCP: Interfaces\{07B811AE-3569-437C-A4CA-A92CB783B8A2}\542796367237F2B497C65672370275966496 : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{07B811AE-3569-437C-A4CA-A92CB783B8A2}\D457666696E6370214275602451637475697 : DHCPNameServer = 68.87.66.249 162.150.8.28
TCP: Interfaces\{07B811AE-3569-437C-A4CA-A92CB783B8A2}\F475E45425D20534F5E4564777F627B6 : DHCPNameServer = 192.168.0.1 205.171.3.25
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2014-11-18 203544]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2014-10-5 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 Avgfwfd;AVG network filter service;C:\windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2014-12-8 260888]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2014-8-28 243480]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2014-10-10 274200]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [2014-12-18 1486664]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-12-18 3432976]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-12-18 298080]
R2 hmpalert;HitmanPro.Alert Support Driver;C:\windows\System32\drivers\hmpalert.sys [2014-8-18 93144]
R2 hmpalertsvc;HitmanPro.Alert Service;C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2014-8-18 1876816]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-18 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-18 969016]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-9-27 125584]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-11-26 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-11-26 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-11-26 171928]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-8-18 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-11-26 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-8-18 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 androidusb;ADB Interface Driver;C:\windows\System32\drivers\androidusb.sys [2010-10-18 38424]
S3 aswTap;avast! SecureLine TAP Adapter v3;C:\windows\System32\drivers\aswTap.sys [2014-8-18 44640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-3-15 19456]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\windows\System32\drivers\terminpt.sys [2014-3-15 29696]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-3-16 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-3-16 29696]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2014-3-16 1255736]
.
=============== Created Last 30 ================
.
2015-01-13 22:18:17 -------- d-----w- C:\Users\Admin\AppData\Roaming\Uniblue
2015-01-13 22:18:17 -------- d-----w- C:\Program Files (x86)\Uniblue
2015-01-12 18:55:56 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{277C85E2-A5BA-4AA8-9003-FC924F18D378}\gapaengine.dll
2015-01-12 18:50:47 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7C567DB-45F2-4044-82FC-E4252DE58431}\mpengine.dll
2015-01-11 06:22:28 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-10 07:13:05 -------- d-----w- C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2014-12-25 19:39:34 129752 ----a-w- C:\windows\System32\drivers\5E0B45D0.sys
2014-12-22 18:02:51 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-12-22 06:29:37 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-12-21 23:59:40 -------- d-----w- C:\Music
2014-12-18 10:20:08 129752 ----a-w- C:\windows\System32\drivers\732376B5.sys
2014-12-18 06:23:22 -------- d-----w- C:\Users\Admin\AppData\Local\AVG
2014-12-14 23:49:28 -------- d-----w- C:\Users\Admin\AppData\Roaming\AVG
2014-12-14 23:42:35 -------- d-----w- C:\ProgramData\AVG
2014-12-14 23:42:20 -------- d-sh--w- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-12-14 22:53:30 -------- d-----w- C:\ProgramData\Avg_Update_1014avt
2014-12-14 22:43:45 -------- d-----w- C:\Users\Admin\AppData\Roaming\AVG2015
2014-12-14 22:42:33 -------- d-----w- C:\Users\Admin\AppData\Roaming\TuneUp Software
2014-12-14 22:40:17 -------- d--h--w- C:\$AVG
2014-12-14 22:40:15 -------- d-----w- C:\ProgramData\AVG2015
2014-12-14 22:39:22 -------- d-----w- C:\Program Files (x86)\AVG
.
==================== Find3M  ====================
.
2015-01-13 22:26:48 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2015-01-13 18:53:56 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-13 18:53:56 701616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-12-31 11:14:31 298120 ------w- C:\windows\System32\MpSigStub.exe
2014-12-09 03:24:26 260888 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2014-12-04 02:50:55 413184 ----a-w- C:\windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-22 02:35:43 144384 ----a-w- C:\windows\System32\ieUnatt(11).exe
2014-11-22 02:35:29 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-21 12:14:22 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-11-21 12:14:12 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-11-21 12:14:08 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-11-19 03:42:04 203544 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\windows\SysWow64\packager.dll
2014-10-23 00:53:14 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-18 02:05:23 861696 ----a-w- C:\windows\System32\oleaut32.dll
2014-10-18 02:05:21 4121600 ----a-w- C:\windows\System32\mf.dll
2014-10-18 01:33:18 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2014-10-18 01:33:13 3209728 ----a-w- C:\windows\SysWow64\mf.dll
.
============= FINISH: 16:36:42.29 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:49 PM

Posted 13 January 2015 - 05:55 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Step 3

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    process;
    services-list;
    systemspecs;
    startupall;
    filesrcm;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 theyreinmycomputeryo

theyreinmycomputeryo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 13 January 2015 - 06:22 PM

Step 2 Logs (Sorry I take so long) :

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by Admin (administrator) on ADMIN-PC on 13-01-2015 17:19:04
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4104249316-3790325129-3515374297-1000\...\Run: [uTorrent] => C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe [1378640 2014-12-14] (BitTorrent Inc.)
HKU\S-1-5-21-4104249316-3790325129-3515374297-1000\...\Run: [Spotify Web Helper] => C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-09] (Spotify Ltd)
HKU\S-1-5-21-4104249316-3790325129-3515374297-1000\...\Run: [Spotify] => C:\Users\Admin\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-09] (Spotify Ltd)
HKU\S-1-5-21-4104249316-3790325129-3515374297-1000\...\MountPoints2: {2cababe8-33a2-11e4-9a83-00219bcc1b74} - E:\VZW_Software_upgrade_assistant.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4104249316-3790325129-3515374297-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4104249316-3790325129-3515374297-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\S-1-5-21-4104249316-3790325129-3515374297-1000 -> DefaultScope {0A9BBBB5-6EFE-4BB8-B0A7-EC0C546D933F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4104249316-3790325129-3515374297-1000 -> {0A9BBBB5-6EFE-4BB8-B0A7-EC0C546D933F} URL = https://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (Clipboard Sync) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapdfappilfdiljfpjcbkmkblldaemjg [2014-11-11]
CHR Extension: (Wheretoget) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlcbagiiepbjgkfjhakhilgeikkoapem [2014-10-07]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-03]
CHR Extension: (LivePage) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilnojpmdoofaelbinaeodfpjheijkbh [2014-10-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-12-18] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-28] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-08-18] (The OpenVPN Project)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-08-18] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 17:19 - 2015-01-13 17:19 - 00012220 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-01-13 17:18 - 2015-01-13 17:19 - 00000000 ____D () C:\FRST
2015-01-13 17:18 - 2015-01-13 17:18 - 02124288 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-01-13 17:17 - 2015-01-13 17:17 - 01115648 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2015-01-13 17:16 - 2015-01-13 17:16 - 00611568 _____ () C:\Users\Admin\Desktop\ESETPoweliksCleaner.exe_20150113.171650.29836.log
2015-01-13 17:02 - 2015-01-13 17:15 - 00000000 ___SD () C:\ComboFix
2015-01-13 17:02 - 2011-06-26 00:45 - 00256000 _____ () C:\windows\PEV.exe
2015-01-13 17:02 - 2010-11-07 11:20 - 00208896 _____ () C:\windows\MBR.exe
2015-01-13 17:02 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-01-13 17:02 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-01-13 17:02 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-01-13 17:02 - 2000-08-30 18:00 - 00098816 _____ () C:\windows\sed.exe
2015-01-13 17:02 - 2000-08-30 18:00 - 00080412 _____ () C:\windows\grep.exe
2015-01-13 17:02 - 2000-08-30 18:00 - 00068096 _____ () C:\windows\zip.exe
2015-01-13 16:56 - 2015-01-13 17:02 - 00000000 ____D () C:\Qoobox
2015-01-13 16:55 - 2015-01-13 16:55 - 00000000 ____D () C:\windows\erdnt
2015-01-13 16:53 - 2015-01-13 16:55 - 00000000 ____D () C:\AdwCleaner
2015-01-13 16:18 - 2015-01-13 17:18 - 00000278 _____ () C:\windows\Tasks\PC-Mechanic Maintenance.job
2015-01-13 16:18 - 2015-01-13 16:18 - 00003216 _____ () C:\windows\System32\Tasks\PC-Mechanic Maintenance
2015-01-13 16:18 - 2015-01-13 16:18 - 00002504 _____ () C:\windows\System32\Tasks\PC-Mechanic Startup
2015-01-13 16:18 - 2015-01-13 16:18 - 00000272 _____ () C:\windows\Tasks\PC-Mechanic Startup.job
2015-01-13 16:18 - 2015-01-13 16:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Uniblue
2015-01-13 16:18 - 2015-01-13 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2015-01-13 16:18 - 2015-01-13 16:18 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2015-01-13 15:55 - 2015-01-13 16:25 - 170369574 _____ () C:\Users\Admin\Downloads\THAT-THERE.zip
2015-01-12 16:26 - 2015-01-12 16:31 - 00000000 ____D () C:\Users\Admin\Downloads\Natural Born Killers (1994)
2015-01-12 16:25 - 2015-01-12 16:33 - 00000000 ____D () C:\Users\Admin\Downloads\Death Proof (2007)
2015-01-12 16:20 - 2015-01-12 16:31 - 00000000 ____D () C:\Users\Admin\Downloads\Reservoir Dogs (1992)
2015-01-12 16:19 - 2015-01-12 16:31 - 00000000 ____D () C:\Users\Admin\Downloads\Django Unchained (2012)
2015-01-11 22:04 - 2015-01-11 22:05 - 00000000 ____D () C:\Users\Admin\Downloads\Cruising (1980)
2015-01-11 22:04 - 2015-01-11 22:04 - 00000000 ____D () C:\Users\Admin\Downloads\Pump Up The Volume
2015-01-11 21:18 - 2015-01-11 21:57 - 00000000 ____D () C:\Users\Admin\Downloads\The Double (2014)  BRRiP 1080p x264 DD5.1 EN  Subs
2015-01-11 21:17 - 2015-01-12 13:35 - 00000000 ____D () C:\Users\Admin\Downloads\Whiplash.2014.HDRiP.XVID.AC3-MAJESTIC
2015-01-10 18:26 - 2015-01-10 18:28 - 00000000 ____D () C:\Users\Admin\Downloads\The essential films of Alejandro Jodorowsky
2015-01-10 15:47 - 2015-01-10 15:48 - 00000000 ____D () C:\Users\Admin\Downloads\Inside Llewyn Davis (2013) 720p BRrip.x264 SUJAIDR
2015-01-10 00:58 - 2015-01-10 01:03 - 00000000 ____D () C:\Users\Admin\Downloads\Stalker
2015-01-10 00:43 - 2015-01-10 01:16 - 00000000 ____D () C:\Users\Admin\Downloads\Easy.Rider.1969.1080p.BluRay.x264.anoXmous
2015-01-10 00:40 - 2015-01-10 03:20 - 00000000 ____D () C:\Users\Admin\Downloads\3 Women 1977 720p BRRip x264 AAC-KiNGDOM
2015-01-09 23:30 - 2015-01-09 23:33 - 00270028 _____ () C:\Users\Admin\Downloads\Pynchon, Thomas - The Crying of Lot 49.txt
2015-01-09 23:24 - 2015-01-09 23:24 - 00000000 ____D () C:\Users\Admin\Downloads\Wallace, David Foster
2015-01-09 16:51 - 2015-01-09 16:51 - 00000000 ____D () C:\Users\Admin\Downloads\River's Edge DVDRip 1986
2015-01-09 16:35 - 2015-01-09 16:36 - 00000000 ____D () C:\Users\Admin\Downloads\Inherent.Vice.2014.DVDSCR.XviD.AC3-EVO
2015-01-09 01:50 - 2015-01-12 14:29 - 00000000 ____D () C:\Users\Admin\Desktop\MIXEs
2015-01-08 19:38 - 2015-01-08 19:39 - 00000000 ____D () C:\Users\Admin\Downloads\50 50
2015-01-08 19:37 - 2015-01-08 19:38 - 00000000 ____D () C:\Users\Admin\Downloads\50 First Dates (2004)
2015-01-08 18:13 - 2015-01-08 23:26 - 00000000 ____D () C:\Users\Admin\Desktop\Modest Mouse Rarities, Demos, Sessions
2015-01-05 22:41 - 2015-01-05 22:41 - 00000000 ____D () C:\Users\Admin\Downloads\Jean-Michel Basquiat - The Radiant Child [2010]
2015-01-05 22:10 - 2015-01-06 01:32 - 00000000 ____D () C:\Users\Admin\Downloads\Gainsbourg 2010 [DVDRip.XviD-miguel]
2015-01-05 20:45 - 2015-01-05 21:01 - 00000000 ____D () C:\Users\Admin\Downloads\Men.Women.&.Children.2014.HDRip.XviD-SaM[ETRG]
2015-01-01 20:42 - 2015-01-01 20:56 - 00000000 ____D () C:\Users\Admin\Downloads\Gone Girl (2014)
2015-01-01 20:41 - 2015-01-01 21:52 - 00000000 ____D () C:\Users\Admin\Downloads\Magnolia (1999)
2015-01-01 19:15 - 2015-01-01 20:24 - 00000000 ____D () C:\Users\Admin\Downloads\I Melt with You (2011) BRRip Xvid AC3-Anarchy
2015-01-01 19:07 - 2015-01-01 19:11 - 00000000 ____D () C:\Users\Admin\Downloads\The.Drop.2014.WEB-DL.x264-RARBG
2015-01-01 18:57 - 2015-01-01 18:58 - 00000000 ____D () C:\Users\Admin\Downloads\Interstellar (2014) 720p BrRip x264 YIFY
2014-12-30 18:40 - 2014-12-31 00:59 - 00000000 ____D () C:\Users\Admin\Downloads\Bully (2001)
2014-12-30 17:38 - 2014-12-30 17:41 - 00000000 ____D () C:\Users\Admin\Downloads\True.Detective.S01.BDRip.x264-DEMAND
2014-12-29 19:42 - 2014-12-29 19:42 - 00000000 ____D () C:\Users\Admin\Downloads\Picnic At Hanging Rock [Director's Cut].1975.BRRip.XviD.AC3-VLiS
2014-12-29 19:40 - 2014-12-30 13:31 - 00000000 ____D () C:\Users\Admin\Downloads\Jackie Brown (1997)
2014-12-28 23:56 - 2014-12-29 18:51 - 00000000 ____D () C:\Users\Admin\Downloads\Sans soleil (Chris Marker, 1983)
2014-12-28 23:51 - 2014-12-28 23:54 - 00000000 ____D () C:\Users\Admin\Downloads\Persona (1966) 720p.BRrip.Sujaidr (criterion)
2014-12-28 23:42 - 2014-12-29 15:06 - 00000000 ____D () C:\Users\Admin\Downloads\Eight And A Half (1963) 720p BRrip_sujaidr (pimprg)
2014-12-28 23:40 - 2014-12-29 19:06 - 00000000 ____D () C:\Users\Admin\Downloads\Breathless.1960.BDRip.H264.AAC.Gopo
2014-12-28 23:14 - 2014-12-30 13:12 - 00000000 ____D () C:\Users\Admin\Downloads\Badlands 1973 720p BRRip x264 MP4 AAC-CC
2014-12-28 22:54 - 2014-12-28 23:19 - 00000000 ____D () C:\Users\Admin\Downloads\The 400 Blows (1959) 720p BRrip_sujaidr
2014-12-27 20:36 - 2014-12-27 21:28 - 00000000 ____D () C:\Users\Admin\Downloads\Boogie Nights (1997)
2014-12-27 19:17 - 2015-01-13 06:47 - 00000226 _____ () C:\Users\Admin\Desktop\Movies DOCS to watch.txt
2014-12-27 18:49 - 2014-12-27 19:04 - 00000000 ____D () C:\Users\Admin\Downloads\The Sopranos 480p Bluray x264 Complete Season 1
2014-12-25 13:39 - 2014-12-25 13:39 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\5E0B45D0.sys
2014-12-24 16:19 - 2014-12-24 16:20 - 00276952 _____ () C:\windows\Minidump\122414-54225-01.dmp
2014-12-24 16:19 - 2014-12-24 16:19 - 467529284 _____ () C:\windows\MEMORY.DMP
2014-12-24 16:19 - 2014-12-24 16:19 - 00000000 ____D () C:\windows\Minidump
2014-12-22 12:02 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-22 00:29 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-21 21:56 - 2014-12-22 00:26 - 00000000 ____D () C:\Users\Admin\Downloads\The Dreamers (2003)
2014-12-21 21:54 - 2014-12-21 21:54 - 00000000 ____D () C:\Users\Admin\Downloads\Eyes Wide Shut.1999.UNRATED.BRRip.x264-VLiS
2014-12-21 21:49 - 2014-12-21 21:49 - 00000000 ____D () C:\Users\Admin\Downloads\The.Master 2012 DVDRiP XVID - RiSES
2014-12-21 21:48 - 2014-12-22 11:35 - 00000000 ____D () C:\Users\Admin\Downloads\There Will Be Blood 2007 BRRip 720p x264 AAC - PRiSTiNE [P2PDL]
2014-12-18 06:35 - 2014-12-21 09:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\dvdcss
2014-12-18 04:20 - 2014-12-21 07:32 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\732376B5.sys
2014-12-18 00:23 - 2014-12-18 00:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\AVG
2014-12-15 15:38 - 2014-12-15 16:10 - 00000000 ____D () C:\Users\Admin\Downloads\Bottle.Rocket.1996.Criterion.720p.BluRay.x264.anoXmous
2014-12-15 15:17 - 2014-12-15 16:20 - 00000000 ____D () C:\Users\Admin\Downloads\Crumb (1994)
2014-12-15 10:18 - 2014-12-15 11:06 - 00000000 ____D () C:\Users\Admin\Downloads\Down.By.Law.1986.720p.BluRay.x264.anoXmous
2014-12-15 10:18 - 2014-12-15 10:18 - 00000000 ____D () C:\Users\Admin\Downloads\Withnail and I (1987) [1080p]
2014-12-15 09:05 - 2014-12-15 09:37 - 00000000 ____D () C:\Users\Admin\Downloads\Performance (1970)
2014-12-15 09:00 - 2014-12-15 09:00 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-12-15 09:00 - 2014-12-15 09:00 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-12-15 07:49 - 2014-12-15 07:51 - 00000000 ____D () C:\Users\Admin\Downloads\True Romance (1993) [1080p]
2014-12-15 07:49 - 2014-12-15 07:49 - 00000000 ____D () C:\Users\Admin\Downloads\Martha Marcy May Marlene 2011 LIMITED BDRip XviD-Counterfeit
2014-12-15 07:39 - 2014-12-15 07:39 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_androidusb_01005.Wdf
2014-12-15 04:04 - 2014-12-15 04:06 - 00000000 ____D () C:\Users\Admin\Downloads\On The Road 2012 DVDrip Xvid Ac3-MiLLENiUM
2014-12-15 04:00 - 2014-12-15 05:53 - 00000000 ____D () C:\Users\Admin\Downloads\Dark.Horse.2011.LIMITED.DVDRip.XviD-MARGiN
2014-12-15 03:58 - 2014-12-15 06:27 - 00000000 ____D () C:\Users\Admin\Downloads\Kill Your Darlings 2013 720p BluRay x264 AAC - Ozlem
2014-12-15 03:48 - 2014-12-15 03:51 - 00000000 ____D () C:\Users\Admin\Downloads\St.Vincent.2014.WEBRip.XviD.MP3-RARBG
2014-12-14 21:37 - 2014-12-15 00:23 - 00000000 ____D () C:\Users\Admin\Downloads\Manhunter 1986 720p BRRip x264-MgB
2014-12-14 20:23 - 2014-12-14 20:58 - 00000000 ____D () C:\Users\Admin\Downloads\Under the Skin (2013) [1080p]
2014-12-14 18:27 - 2014-12-14 18:27 - 00003694 _____ () C:\windows\System32\Tasks\Adobe online update program
2014-12-14 17:49 - 2014-12-14 17:49 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVG
2014-12-14 17:42 - 2014-12-14 18:16 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-12-14 17:42 - 2014-12-14 17:55 - 00000000 ____D () C:\ProgramData\AVG
2014-12-14 16:43 - 2014-12-14 16:43 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVG2015
2014-12-14 16:42 - 2015-01-12 12:49 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-12-14 16:42 - 2015-01-12 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-14 16:42 - 2014-12-14 16:42 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TuneUp Software
2014-12-14 16:40 - 2014-12-14 16:43 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-14 16:40 - 2014-12-14 16:40 - 00000000 ___HD () C:\$AVG
2014-12-14 16:39 - 2015-01-09 17:07 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-12-14 16:34 - 2014-12-14 19:06 - 00000000 ____D () C:\Users\Admin\Downloads\The Skeleton Twins (2014)
2014-12-14 16:33 - 2014-12-15 01:25 - 00000000 ____D () C:\Users\Admin\Downloads\The.Color.Wheel.2011.720p.WEB-RE.X264-WEBiOS [PublicHD]
2014-12-14 16:32 - 2014-12-14 17:52 - 00000000 ____D () C:\Users\Admin\Downloads\Drinking.Buddies.2013.BRRip.XviD.MP3-RARBG
2014-12-14 16:17 - 2014-12-14 16:18 - 00000000 ____D () C:\Users\Admin\Downloads\Nightcrawler 2014 DVDscr XVID AC3 ACAB
2014-12-14 16:02 - 2014-12-14 16:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WinRAR
2014-12-14 15:57 - 2014-12-14 15:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-14 15:57 - 2014-12-14 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-14 15:57 - 2014-12-14 15:57 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-14 15:15 - 2015-01-13 15:51 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-14 15:15 - 2014-12-14 17:14 - 00000000 ____D () C:\Users\Admin\AppData\Local\Avg2015
2014-12-14 15:15 - 2014-12-14 15:15 - 00000000 ____D () C:\Users\Admin\AppData\Local\MFAData

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 17:11 - 2014-07-31 15:47 - 01279233 _____ () C:\windows\WindowsUpdate.log
2015-01-13 17:08 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF
2015-01-13 16:55 - 2014-09-03 14:06 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Spotify
2015-01-13 16:53 - 2014-08-18 10:18 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-13 16:52 - 2014-08-18 10:17 - 00000000 ____D () C:\windows\CryptoGuard
2015-01-13 16:35 - 2014-08-18 10:30 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 16:26 - 2014-11-26 10:20 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-13 15:28 - 2014-09-03 14:14 - 00000000 ____D () C:\Users\Admin\AppData\Local\Spotify
2015-01-13 14:46 - 2014-10-02 12:55 - 00000000 ____D () C:\Program Files\PeerBlock
2015-01-13 12:54 - 2014-08-18 10:18 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 12:53 - 2014-08-18 10:18 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 12:53 - 2014-08-18 10:18 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 12:23 - 2014-08-18 10:30 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 00:53 - 2009-07-13 22:45 - 00032416 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 00:53 - 2009-07-13 22:45 - 00032416 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 00:46 - 2014-09-03 14:08 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2015-01-13 00:44 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-13 00:44 - 2009-07-13 22:51 - 00073541 _____ () C:\windows\setupact.log
2015-01-11 23:04 - 2014-09-03 21:54 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-01-11 10:18 - 2010-11-20 21:47 - 00476080 _____ () C:\windows\PFRO.log
2015-01-09 23:32 - 2014-11-04 12:36 - 00000000 ____D () C:\Users\Admin\Documents\Calibre Library
2015-01-09 01:52 - 2009-07-13 23:13 - 00781298 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-02 03:45 - 2010-11-21 01:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-31 05:14 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-12-26 05:08 - 2014-11-26 08:40 - 00013806 _____ () C:\windows\wininit.ini
2014-12-26 05:08 - 2014-11-26 07:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-22 11:36 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\registration
2014-12-22 09:56 - 2014-07-31 13:51 - 00000000 ____D () C:\Users\Admin
2014-12-16 03:06 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\L2Schemas
2014-12-15 21:11 - 2014-07-31 13:51 - 00000000 ____D () C:\Users\Admin\AppData\Local\VirtualStore
2014-12-15 19:32 - 2009-07-13 23:08 - 00032542 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-15 02:04 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
2014-12-14 18:16 - 2014-07-31 15:42 - 00000000 ____D () C:\Intel
2014-12-14 17:35 - 2014-10-23 15:07 - 00000000 ____D () C:\ProgramData\BettterPriiceCChEc
2014-12-14 16:55 - 2009-07-13 22:45 - 00294496 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-14 15:58 - 2014-07-31 13:55 - 00064024 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-14 15:51 - 2014-08-18 10:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-14 15:47 - 2014-08-18 10:22 - 00000000 ____D () C:\ProgramData\AVAST Software

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Admin\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Admin\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-04 20:23

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by Admin at 2015-01-13 17:19:47
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: AVG Internet Security 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG Internet Security 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2015 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4104249316-3790325129-3515374297-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4260 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
calibre (HKLM-x32\...\{7C79A0FB-4C96-4538-B443-D99BDBA34995}) (Version: 2.8.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.115.102 - ALPS ELECTRIC CO., LTD.)
Google Chrome (HKLM-x32\...\{E2FA067B-11BC-318B-B325-31127E6243F5}) (Version: 65.240.16527 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
PC Mechanic (HKLM-x32\...\{1F88FC5D-4D46-448A-AF59-7061FFC6ABBF}_is1) (Version: 1.0.2.1 - Uniblue Systems Limited)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Skype™ 6.18 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.18.106 - Skype Technologies S.A.)
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
Spotify (HKU\S-1-5-21-4104249316-3790325129-3515374297-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

03-01-2015 16:51:22 Windows Update
07-01-2015 12:45:21 Windows Update
09-01-2015 17:05:50 Removed AVG PC TuneUp 2014
09-01-2015 17:08:06 Removed AVG PC TuneUp 2014 (en-US)
11-01-2015 00:21:43 Windows Update
13-01-2015 16:14:55 Uniblue PC Mechanic installation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-11-26 08:45 - 00450771 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06405942-45C7-49BB-BE2C-1827681C9A56} - System32\Tasks\PC-Mechanic Maintenance => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [2014-12-17] (Uniblue Systems Limited)
Task: {0D44F7DF-B071-4634-BE1A-D653AA181402} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {17796159-57DA-426F-BF19-BEE154E518F8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {43710252-3160-4706-BCD2-B82F9B517FD7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {4BF51BC7-6BFF-4A2F-8CDE-27F97ED54119} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.)
Task: {75C12A94-E0AA-4460-A5BE-98098AC58277} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {8F900A54-5781-40FB-9BE9-CD11B652AE27} - System32\Tasks\PC-Mechanic Startup => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [2014-12-17] (Uniblue Systems Limited)
Task: {A12CE13D-E772-448C-83BA-AFEAA043D3D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {B10CF53E-0223-4FDB-BDFE-1717C9AEE637} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {DC5DA403-F4DF-465A-9F3C-D42D07BE72E0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {EE90E806-2063-46D0-98E5-C16CE44F9666} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\PC-Mechanic Maintenance.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: C:\windows\Tasks\PC-Mechanic Startup.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe

==================== Loaded Modules (whitelisted) =============

2014-11-26 07:51 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-26 07:51 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-26 07:51 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-26 07:51 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-26 07:51 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

========================= Accounts: ==========================

Admin (S-1-5-21-4104249316-3790325129-3515374297-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-4104249316-3790325129-3515374297-500 - Administrator - Disabled)
Guest (S-1-5-21-4104249316-3790325129-3515374297-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2015 03:07:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SpotifyWebHelper.exe, version: 0.9.15.27, time stamp: 0x54803b75
Faulting module name: SpotifyWebHelper.exe, version: 0.9.15.27, time stamp: 0x54803b75
Exception code: 0xc0000005
Fault offset: 0x000063c3
Faulting process id: 0xfb4
Faulting application start time: 0xSpotifyWebHelper.exe0
Faulting application path: SpotifyWebHelper.exe1
Faulting module path: SpotifyWebHelper.exe2
Report Id: SpotifyWebHelper.exe3

Error: (01/13/2015 10:25:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3e30

Start Time: 01d02f4d785a28c3

Termination Time: 216

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/13/2015 10:24:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6e7c

Start Time: 01d02f4c52739bed

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: ac07da0f-9b40-11e4-b4c7-00219bcc1b74

Error: (01/13/2015 00:46:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 04:31:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 04:01:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SpotifyWebHelper.exe, version: 0.9.15.27, time stamp: 0x54803b75
Faulting module name: SpotifyWebHelper.exe, version: 0.9.15.27, time stamp: 0x54803b75
Exception code: 0xc0000005
Fault offset: 0x00012397
Faulting process id: 0xd44
Faulting application start time: 0xSpotifyWebHelper.exe0
Faulting application path: SpotifyWebHelper.exe1
Faulting module path: SpotifyWebHelper.exe2
Report Id: SpotifyWebHelper.exe3

Error: (01/12/2015 02:42:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 01:27:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.2.36802 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a00

Start Time: 01d02e9c7720b0ed

Termination Time: 60000

Application Path: C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe

Report Id: d803abc6-9a90-11e4-9bca-00219bcc1b74

Error: (01/12/2015 01:18:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 06:56:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (01/13/2015 03:57:12 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (01/13/2015 00:45:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (01/13/2015 00:45:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (01/13/2015 00:44:46 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:41:47 AM on ‎1/‎13/‎2015 was unexpected.

Error: (01/12/2015 04:31:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (01/12/2015 04:31:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (01/12/2015 04:30:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (01/12/2015 04:30:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (01/12/2015 02:42:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (01/12/2015 02:42:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Microsoft Office Sessions:
=========================
Error: (01/13/2015 03:07:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SpotifyWebHelper.exe0.9.15.2754803b75SpotifyWebHelper.exe0.9.15.2754803b75c0000005000063c3fb401d02efc8e4f36a6C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe2e442c70-9b68-11e4-b4c7-00219bcc1b74

Error: (01/13/2015 10:25:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174963e3001d02f4d785a28c3216C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (01/13/2015 10:24:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.174966e7c01d02f4c52739bed0C:\Program Files\Internet Explorer\iexplore.exeac07da0f-9b40-11e4-b4c7-00219bcc1b74

Error: (01/13/2015 00:46:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 04:31:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 04:01:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SpotifyWebHelper.exe0.9.15.2754803b75SpotifyWebHelper.exe0.9.15.2754803b75c000000500012397d4401d02ea842d76b41C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe94ad0ea1-9aa6-11e4-9ba8-00219bcc1b74

Error: (01/12/2015 02:42:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 01:27:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: uTorrent.exe3.4.2.36802a0001d02e9c7720b0ed60000C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exed803abc6-9a90-11e4-9bca-00219bcc1b74

Error: (01/12/2015 01:18:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 06:56:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2015-01-13 00:44:46.604
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-12 16:51:00.159
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-12 16:30:02.069
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-12 14:41:37.484
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-12 13:28:23.001
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-12 13:17:23.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-11 18:55:12.206
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-11 14:41:44.325
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-11 11:18:24.551
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-11 10:18:32.727
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T8300 @ 2.40GHz
Percentage of memory in use: 48%
Total physical RAM: 4086.04 MB
Available physical RAM: 2091.96 MB
Total Pagefile: 8170.27 MB
Available Pagefile: 5614.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:459.41 GB) (Free:182.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7F002F7A)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5.9 GB) - (Type=27)
Partition 3: (Not Active) - (Size=459.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 theyreinmycomputeryo

theyreinmycomputeryo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 13 January 2015 - 06:25 PM

Also Step 1 didn't find that virus.



#5 theyreinmycomputeryo

theyreinmycomputeryo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 13 January 2015 - 06:31 PM

Step 3 log:

 

 

 

Zoek.exe v5.0.0.0 Updated 13-01-2015
Tool run by Admin on Tue 01/13/2015 at 17:24:51.55.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Admin\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

1/13/2015 5:26:33 PM Zoek.exe System Restore Point Created Succesfully.

==== Running Processes ======================

C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Admin\Desktop\zoek.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4087 MB
CPU Info: Intel® Core™2 Duo CPU     T8300  @ 2.40GHz
CPU Speed: 2089.3 MHz
Sound Card: Speakers (2- High Definition Au |
Digital Audio (S/PDIF) (2- High |
Display Adapters: Mobile Intel® 965 Express Chipset Family | Mobile Intel® 965 Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1280 X 800 - 32 bit
Network: Network Present
Network Adapters: Dell Wireless 1395 WLAN Mini-Card | Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
CD / DVD Drives: 1x (D: | ) D: TSSTcorpDVD+-RW TS-L632H
Ports: COM3 LPT Port NOT Present.
Mouse: 2 Button Wheel Mouse Present
Hard Disks: C:  459.4GB
Hard Disks - Free: C:  182.3GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 10/27/09 | DELL   - 27d90a1b
Time Zone: Central Standard Time
Motherboard *: Dell Inc. 0U990C
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Virus: AVG Internet Security 2015 On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Spybot - Search and Destroy disabled (Outdated)
Anti-Spyware: AVG Internet Security 2015 disabled (Outdated)
Firewall: AVG Internet Security 2015 disabled
Default Browser: Google Chrome 38.0.2125.104
Internet Explorer Version: 11.0.9600.17501
Google Chrome version: 38.0.2125.104
Adobe Reader version: 11.0.10.32
Sun Java version: 1.7.0_71 (32-bit)
Sun Java version: 1.7.0_67 (64-bit)
Shockwave Player version: 12.1.3r153

==== Files Recently Created / Modified ======================

====== C:\windows ====
2015-01-13 23:02:52 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\windows\PEV.exe
2015-01-13 23:02:52 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\windows\grep.exe
2015-01-13 23:02:52 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\windows\zip.exe
2015-01-13 23:02:52 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\windows\SWSC.exe
2015-01-13 23:02:52 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\windows\MBR.exe
2014-12-24 22:19:39 3DA74D84C1887E663B8B692DC2411AFD 467529284 ----a-w- C:\windows\MEMORY.DMP
====== C:\Users\Admin\AppData\Local\Temp ====
====== Java Cache =====
====== C:\windows\SysWOW64 =====
====== C:\windows\SysWOW64\drivers =====
====== C:\windows\Sysnative =====
====== C:\windows\Sysnative\drivers =====
2014-12-25 19:39:34 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\windows\Sysnative\drivers\5E0B45D0.sys
2014-12-18 10:20:08 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\windows\Sysnative\drivers\732376B5.sys
2014-12-15 13:39:21 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\windows\Sysnative\drivers\Msft_Kernel_androidusb_01005.Wdf
====== C:\windows\Tasks ======
2015-01-13 22:18:32 0A691D0899BE4F58466BF6D6389E8E54 3216 ----a-w- C:\windows\Sysnative\Tasks\PC-Mechanic Maintenance
2015-01-13 22:18:32 05D5316F9C7AFC95FCD55A3EC35F99FB 278 ----a-w- C:\windows\Tasks\PC-Mechanic Maintenance.job
2015-01-13 22:18:31 A46EC27E2E66C1AF8BD0659630CE8732 272 ----a-w- C:\windows\Tasks\PC-Mechanic Startup.job
2015-01-13 22:18:31 798BC97DE6174EEDA2FBE33719903111 2504 ----a-w- C:\windows\Sysnative\Tasks\PC-Mechanic Startup
2014-12-15 00:27:30 772096B1533565D97B73C65131B7AA23 3694 ----a-w- C:\windows\Sysnative\Tasks\Adobe online update program
====== C:\windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-01-13 22:18:17 -------- d-----w- C:\PROGRA~2\Uniblue
======= C: =====
====== C:\Users\Admin\AppData\Roaming ======
2015-01-13 22:18:17 -------- d-----w- C:\Users\Admin\AppData\Roaming\Uniblue
2015-01-10 07:13:05 -------- d-----w- C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2014-12-20 06:33:21 -------- d-----w- C:\windows\sysWoW64\config\systemprofile\AppData\Local\AVG
2014-12-18 12:35:38 -------- d-----w- C:\Users\Admin\AppData\Roaming\dvdcss
2014-12-18 06:23:22 -------- d-----w- C:\Users\Admin\AppData\Local\AVG
2014-12-16 00:01:29 -------- d-----w- C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG
2014-12-15 15:00:03 -------- d-----w- C:\Users\Default\AppData\Roaming\TuneUp Software
2014-12-15 15:00:03 -------- d-----w- C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-12-14 23:49:28 -------- d-----w- C:\Users\Admin\AppData\Roaming\AVG
====== C:\Users\Admin ======
2015-01-13 23:18:03 63BC47D1184B92BBAE42654E355E8DF7 2124288 ----a-w- C:\Users\Admin\Desktop\FRST64.exe
2015-01-13 23:17:22 AD63F7359ED74F4282D0B8ABA394224E 1115648 ----a-w- C:\Users\Admin\Desktop\FRST.exe
2015-01-13 22:18:22 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2014-12-14 23:42:35 -------- d-----w- C:\ProgramData\AVG
2014-12-14 23:42:20 -------- d-sh--w- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

====== C: exe-files ==
2015-01-13 23:18:03 63BC47D1184B92BBAE42654E355E8DF7 2124288 ----a-w- C:\Users\Admin\Desktop\FRST64.exe
2015-01-13 23:17:22 AD63F7359ED74F4282D0B8ABA394224E 1115648 ----a-w- C:\Users\Admin\Desktop\FRST.exe
2015-01-13 23:04:33 7650EF7FFE338A50ADE28288FB601B7A 186568 ----a-w- C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FFWSPCN8\ESETPoweliksCleaner.exe
2015-01-13 23:02:52 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2015-01-13 23:02:52 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2015-01-13 23:02:52 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2015-01-13 23:02:52 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2015-01-13 23:02:52 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2015-01-13 22:51:08 61CA40317EBF1254770BF8B495B3F8DA 2191360 ----a-w- C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NP8A6H6Y\AdwCleaner.exe
2015-01-13 22:18:22 0CB30F42EA8F4937E39535700AFCB64F 94720 ----a-w- C:\Program Files (x86)\Uniblue\PC-Mechanic\thirdpartyinstaller.exe
2015-01-13 22:18:18 F8597C2ABFCFDF16C9E561DCDE4BC5D1 3870040 ----a-w- C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
2015-01-13 22:18:17 8ABA13B86A85A76F8621CDC3C3E41A80 1373056 ----a-w- C:\Program Files (x86)\Uniblue\PC-Mechanic\unins000.exe
2015-01-13 22:14:56 E6DEF9D9A02C5A0E8E66739E5AE6634B 18766128 ----a-w- C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0N1I9DB9\pcmechanicpm-standalone-setup[1].exe
2015-01-13 22:14:16 EAF84019A4632203C0D4F75FB53FEF8F 1060728 ----a-w- C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGD2OWHK\pcmechanicpm.exe
2015-01-12 18:44:07 5EFF0106585DE382D7E5CFAF2B1FA49F 320528 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgndisa.exe
2015-01-12 18:38:55 EA2ED5D61F1BBBABAF78EC93CD873352 6134048 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
2015-01-12 18:38:55 5E079E70C9C64583C5B4A329D86CA44E 15888 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgrdtestx.exe
2015-01-12 18:38:55 5C8D8F0B17EDBD8E2945BE17C5132643 16912 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgrdtesta.exe
2015-01-12 18:38:55 0C64EECF88C5818A0F6DE724876B3812 62992 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avguirux.exe
2015-01-09 01:03:26 2FD35DCCA646260316B87FF62539E886 3538 ----a-w- C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ITUU58QJ\java_setup[1].exe
=== C: other files ==
2015-01-13 23:04:15 C6534D15222D7B61C98275A1855A9B45 5996 ----a-w- C:\Qoobox\BackEnv\SetPath.bat
2015-01-13 22:34:19 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KK7T5WIF\dds.com
2015-01-13 21:55:35 20514162D1025D18EAAB8B54337B3BFA 170369574 ----a-w- C:\Users\Admin\Downloads\THAT-THERE.zip
2015-01-12 20:21:25 0CA0D68819FB38694398535C5F624F89 69262635 ----a-w- C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KK7T5WIF\Ashley Bar PLPP mp.zip
2015-01-10 04:55:35 6FD61E82F71F6C59007216BE38235BA3 53410603 ----a-w- C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9Q2R5L8B\Rupert Angeleyes - Young Sunset.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-4104249316-3790325129-3515374297-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe  /MINIMIZED"
"Spotify Web Helper"="C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Spotify"="C:\Users\Admin\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe  /MINIMIZED"
"Spotify Web Helper"="C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Spotify"="C:\Users\Admin\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"IgfxTray"="C:\windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\windows\system32\hkcmd.exe"
"Persistence"="C:\windows\system32\igfxpers.exe"
"Apoint"="C:\Program Files\DellTPad\Apoint.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

==== Task Scheduler Jobs ======================

C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [01/13/2015 12:53 PM]
C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/18/2014 10:30 AM]
C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/18/2014 10:30 AM]
C:\windows\tasks\PC-Mechanic Maintenance.job --a------ C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [12/17/2014 12:19 PM]
C:\windows\tasks\PC-Mechanic Startup.job --a------ C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [12/17/2014 12:19 PM]

==== Other Scheduled Tasks ======================

"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\SysNative\tasks\Adobe online update program" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\Optimizer Pro Schedule" ["C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe"]
"C:\windows\SysNative\tasks\PC-Mechanic Maintenance" [C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe]
"C:\windows\SysNative\tasks\PC-Mechanic Startup" [C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe]
"C:\windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe"]
"C:\windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe"]
"C:\windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe"]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Tue 01/13/2015 at 17:30:29.49 ======================



#6 theyreinmycomputeryo

theyreinmycomputeryo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 13 January 2015 - 06:47 PM

I just realized one of the first rules is to NOT RUN ComboFix unless asked to. I definitely downloaded this and the other Top Downloaded Program..... Don't think that one is spoken against though. What happens now? Sorry!!!



#7 theyreinmycomputeryo

theyreinmycomputeryo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 13 January 2015 - 07:15 PM

Did I do something (else besides...) wrong?


Edited by theyreinmycomputeryo, 13 January 2015 - 07:15 PM.


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:49 PM

Posted 14 January 2015 - 07:56 AM

Hi,
 

Did I do something (else besides...) wrong?

 
What's the problem? :)
 
Let's go:
AV: Microsoft Security Essentials 
AV: AVG Internet Security 2015 
warning.gif Multiple Anti-Virus Software

I see that you're running more than one antivirus program at the same time.
This is a bad idea.
Using more than one AV will not give you any better protection, but may cause interferences between them, slow your machine or even completely block your OS. You should choose only one to stay, and remove any others. Think carefully and stay with only one AV. It should be done before any other steps in malware removal will be taken.

Please uninstall all but one using the tools you may find in the following link: Uninstallers (removal tools) for common Windows antivirus software.

warning.gif SpyBot S&D Warning

MVPS.org is no longer recommending SpyBot S&D due to very poor testing results (scroll down and read under Freeware Antispyware Products).
My advice is to get rid of this program. To do so:
  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for SpyBot, right-click the entry and click Uninstall.
This is optional, but please consider it.
 
 
warning.gif P2P warning

Going over your logs I noticed that you have µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via  hidden2.png > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. (After that let the tool complete its run.)
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   556bytes   3 downloads


Step 2


Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:49 PM

Posted 14 January 2015 - 07:57 AM

Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 4

 

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?


Edited by deeprybka, 14 January 2015 - 07:57 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:49 PM

Posted 17 January 2015 - 06:49 AM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:49 PM

Posted 19 January 2015 - 05:12 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users