Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MoneyPak browser virus help! (Common problem?)


  • Please log in to reply
29 replies to this topic

#1 damagedfile

damagedfile

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 19 January 2015 - 05:04 PM

Rant below, yes I actually have a problem.

 

A year or two ago, a laptop of mine got infected by the "You have been looking at child porn and the US government wants $300 in MoneyPak credit otherwise they'll imprison you" virus. I had no security on that computer, so I'm surprised it lasted as long as it did. Anyway, it locked up. Ctrl+alt+del didn't work, it took over everything. The only way I could do anything was to quickly restart the computer, and within maybe a three or four minute window to wipe the computer clean. I did that, but it was so broken by that point that, even though the virus was kicked out, the computer broke.

 

Now I have a new computer. I've had it for a little over a year, and the first thing I did was download Avira Free Antivirus, and later Avira Browser Safety, both from TuCows. I asked numerous people at Fry's, my local computer repair shop, and various internet forums, and reddit. I'm fairly poor, and Avira was free. Also, it claimed to protect against 97% of viruses, which sounded great to me. Just because I'm paranoid I even got AdBlock Plus.

 

Of course the virus is back, that's the point of this post. Sorry for rambling. Luckily, this time, it isn't computer-wide just yet. I was, admittedly, looking at porn (hey, I'm a guy), and browser safety said the site had no trackers. I try to do an Avira scan few days, and I had done one then. Anyway, I was just surfing and a new tab opened, exactly the same as the last time, but, obviously, contained in my browser. The pop up message appeared telling me to go buy MoneyPak and all that. I clicked one of the options (I believe they were "Ok" and "Enter code" or something like that), and it beeped and popped up the same message, telling me I couldn't leave until I payed or something. Point is, the pop-ups were perpetual. I couldn't get rid of them, so I hit ctrl+alt+del, went to task manager, and ended process on Google Chrome, which is what I use. I have IE as a backup. That was yesterday, and it seemed to work. It hasn't bothered me again, thank god. I don't know, maybe it was nothing and it just slipped past AdBlock and Browser Safety. I doubt it. I looked up how to combat these things (using Chrome, like I am now) and SpyHunter was a big suggestion. Downloaded it, ran it, only to discover it was a paid service. 65 threats detected, most dealing with adware or wanting to know what I search for, 20,000 odd items scanned. All I ever get on an Avira search are 4 warnings from it thinking my Steam games and files in them are possible archive bombs. They aren't, to my knowledge. Anyway, now SpyHunter is sitting in an open window, useless, I have task manager open just in case, and my computer seems to working normally. I am not going to visit that site again as long as I live, if that's what it takes. I also did an Avira scan along with the SpyHunter scan, and the same thing. 4 warnings, all related to Steam games. No virus detections. Currently, I tried to expand this window I'm typing in, but every time I try it doesn't expand it. It just highlights everything on the page and scrolls me to the top. Same thing happened on Reddit a few minutes ago when I tried to click on something. I don't care how paranoid I sound, but it's freaking me out.

 

What I'd like is for someone to assess my situation. Is it nothing, or is it a huge threat? Do I need to do something, because if I do, I'm going to bleep do it. I'd prefer if it's a free solution, but if I have to pay I will. Even if this is safe and everything's fine, I want to make my computer even safer. I do NOT want a repeat of what happened last time. If Avira is bleep horrible, tell me so.

 

Any help is appreciated. Thanks, really.



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 PM

Posted 19 January 2015 - 05:10 PM

Step 1: Minitoolbox.
 
Please download MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.
 
Step 2: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 3: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 4: Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.
 
Step 5: Malwarebytes AntiRootkit
 
 
Download Malwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt

[/*]

Step 6: Security Check Log.
 
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 
Step 7: Report
 
Tell me how the machine is performing, and if you need help performing any steps. Also post all requested logs.



#3 damagedfile

damagedfile
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 19 January 2015 - 05:13 PM

Christ. Doing it now. Also, forgot to mention that completely removing SpyHunter would be ideal, but I'm betting one of those programs does that.

 

I'll get back to you, thanks!

 

EDIT: MiniToolBox doesn't have an event viewer log option, but it does have an event viewer error option. I'm assuming that's what you meant? Sorry.


Edited by damagedfile, 19 January 2015 - 05:18 PM.


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 PM

Posted 19 January 2015 - 05:23 PM

Removing SpyHunter would be ideal:

 

Download Revo Uninstaller Get the portable version.

 

 

It does have an event viewer error option. I'm assuming that's what you meant:

 

Yes Indeed.



#5 damagedfile

damagedfile
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 19 January 2015 - 05:25 PM

MINITOOLBOX LOG:
 
MiniToolBox by Farbar  Version: 30-11-2014
Ran by File (administrator) on 19-01-2015 at 16:22:56
Running from "C:\Users\File\Downloads"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Dell Wireless 1506 802.11b/g/n (2.4GHz) = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : FilesPC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 5A-5A-B6-57-10-1A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : A4-1F-72-FE-FA-10
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Dell Wireless 1506 802.11b/g/n (2.4GHz)
   Physical Address. . . . . . . . . : 48-5A-B6-57-10-1A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fd1a:5cf5:456b:0:dc18:dfc:2118:b013(Preferred) 
   Temporary IPv6 Address. . . . . . : fd1a:5cf5:456b:0:8c50:b388:4bcb:62f2(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::dc18:dfc:2118:b013%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.112(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, January 19, 2015 2:55:53 PM
   Lease Expires . . . . . . . . . . : Tuesday, January 20, 2015 2:55:52 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 256400054
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-68-2F-BF-48-5A-B6-57-10-1A
   DNS Servers . . . . . . . . . . . : 38.65.70.4
                                       38.65.70.5
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  dns1.solbroadband.com
Address:  38.65.70.4
 
Name:    google.com
Addresses:  2607:f8b0:4000:80b::200e
 216.58.218.206
 
 
Pinging google.com [216.58.218.206] with 32 bytes of data:
Reply from 216.58.218.206: bytes=32 time=60ms TTL=49
Reply from 216.58.218.206: bytes=32 time=57ms TTL=49
 
Ping statistics for 216.58.218.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 57ms, Maximum = 60ms, Average = 58ms
Server:  dns1.solbroadband.com
Address:  38.65.70.4
 
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Request timed out.
Reply from 206.190.36.45: bytes=32 time=75ms TTL=48
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 75ms, Maximum = 75ms, Average = 75ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...5a 5a b6 57 10 1a ......Microsoft Wi-Fi Direct Virtual Adapter
 13...a4 1f 72 fe fa 10 ......Realtek PCIe GBE Family Controller
 12...48 5a b6 57 10 1a ......Dell Wireless 1506 802.11b/g/n (2.4GHz)
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.112     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.112    281
    192.168.1.112  255.255.255.255         On-link     192.168.1.112    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.112    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.112    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.112    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    281 fd1a:5cf5:456b::/64      On-link
 12    281 fd1a:5cf5:456b:0:8c50:b388:4bcb:62f2/128
                                    On-link
 12    281 fd1a:5cf5:456b:0:dc18:dfc:2118:b013/128
                                    On-link
 12    281 fe80::/64                On-link
 12    281 fe80::dc18:dfc:2118:b013/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/19/2015 04:11:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: HotlineGL.exe, version: 0.0.0.0, time stamp: 0x53037002
Faulting module name: OpenAL32.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4
Exception code: 0xc0000135
Fault offset: 0x00078c9e
Faulting process id: 0x54ec
Faulting application start time: 0xHotlineGL.exe0
Faulting application path: HotlineGL.exe1
Faulting module path: HotlineGL.exe2
Report Id: HotlineGL.exe3
Faulting package full name: HotlineGL.exe4
Faulting package-relative application ID: HotlineGL.exe5
 
Error: (01/18/2015 11:22:17 PM) (Source: ESENT) (User: )
Description: msiexec (7212) Instance: Error -1032 (0xfffffbf8) occurred while opening logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log.
 
Error: (01/18/2015 11:22:17 PM) (Source: ESENT) (User: )
Description: msiexec (7212) Instance: An attempt to open the file "C:\ProgramData\Microsoft\Windows\AppRepository\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/18/2015 11:22:07 PM) (Source: ESENT) (User: )
Description: msiexec (7212) Instance: An attempt to open the file "C:\ProgramData\Microsoft\Windows\AppRepository\edb.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/18/2015 11:21:56 PM) (Source: ESENT) (User: )
Description: msiexec (7212) Instance: Error -1032 (0xfffffbf8) occurred while opening logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log.
 
Error: (01/18/2015 11:21:56 PM) (Source: ESENT) (User: )
Description: msiexec (7212) Instance: An attempt to open the file "C:\ProgramData\Microsoft\Windows\AppRepository\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/18/2015 11:21:46 PM) (Source: ESENT) (User: )
Description: msiexec (7212) Instance: An attempt to open the file "C:\ProgramData\Microsoft\Windows\AppRepository\edb.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/18/2015 11:21:36 PM) (Source: ESENT) (User: )
Description: msiexec (7212) Instance: Error -1032 (0xfffffbf8) occurred while opening logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log.
 
Error: (01/18/2015 11:21:36 PM) (Source: ESENT) (User: )
Description: msiexec (7212) Instance: An attempt to open the file "C:\ProgramData\Microsoft\Windows\AppRepository\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/18/2015 11:21:26 PM) (Source: ESENT) (User: )
Description: msiexec (7212) Instance: An attempt to open the file "C:\ProgramData\Microsoft\Windows\AppRepository\edb.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (01/19/2015 04:03:52 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (01/19/2015 04:03:52 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (01/17/2015 08:29:16 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (01/17/2015 08:29:16 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (01/16/2015 07:43:41 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (01/16/2015 07:43:41 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (01/16/2015 05:03:29 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
 
Error: (01/10/2015 02:00:00 AM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (01/10/2015 01:59:59 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (01/09/2015 06:15:34 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (01/19/2015 04:11:21 PM) (Source: Application Error)(User: )
Description: HotlineGL.exe0.0.0.053037002OpenAL32.dll6.2.9200.1704653b485c4c000013500078c9e54ec01d03434d590803fC:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineGL.exeOpenAL32.dll18edff52-a028-11e4-be88-a41f72fefa10
 
Error: (01/18/2015 11:22:17 PM) (Source: ESENT)(User: )
Description: msiexec7212Instance: C:\ProgramData\Microsoft\Windows\AppRepository\edb.log-1032 (0xfffffbf8)
 
Error: (01/18/2015 11:22:17 PM) (Source: ESENT)(User: )
Description: msiexec7212Instance: C:\ProgramData\Microsoft\Windows\AppRepository\edb.log-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.
 
Error: (01/18/2015 11:22:07 PM) (Source: ESENT)(User: )
Description: msiexec7212Instance: C:\ProgramData\Microsoft\Windows\AppRepository\edb.chk-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.
 
Error: (01/18/2015 11:21:56 PM) (Source: ESENT)(User: )
Description: msiexec7212Instance: C:\ProgramData\Microsoft\Windows\AppRepository\edb.log-1032 (0xfffffbf8)
 
Error: (01/18/2015 11:21:56 PM) (Source: ESENT)(User: )
Description: msiexec7212Instance: C:\ProgramData\Microsoft\Windows\AppRepository\edb.log-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.
 
Error: (01/18/2015 11:21:46 PM) (Source: ESENT)(User: )
Description: msiexec7212Instance: C:\ProgramData\Microsoft\Windows\AppRepository\edb.chk-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.
 
Error: (01/18/2015 11:21:36 PM) (Source: ESENT)(User: )
Description: msiexec7212Instance: C:\ProgramData\Microsoft\Windows\AppRepository\edb.log-1032 (0xfffffbf8)
 
Error: (01/18/2015 11:21:36 PM) (Source: ESENT)(User: )
Description: msiexec7212Instance: C:\ProgramData\Microsoft\Windows\AppRepository\edb.log-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.
 
Error: (01/18/2015 11:21:26 PM) (Source: ESENT)(User: )
Description: msiexec7212Instance: C:\ProgramData\Microsoft\Windows\AppRepository\edb.chk-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.
 
 
 
=========================== Installed Programs ============================
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Evolve [Closed Beta] (HKLM-x32\...\Steam App 203190) (Version:  - Turtle Rock Studios)
Fallout (HKLM-x32\...\Steam App 38400) (Version:  - Interplay Inc.)
Fallout 2 (HKLM-x32\...\Steam App 38410) (Version:  - Black Isle Studios)
Fallout 3 (HKLM-x32\...\Steam App 22300) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
HyperRogue (HKLM-x32\...\Steam App 342610) (Version:  - Zeno Rogue)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
LISA (HKLM-x32\...\Steam App 335670) (Version:  - Dingaling)
METAL SLUG 3 (HKLM-x32\...\Steam App 250180) (Version:  - DotEmu)
Metro 2033 Redux (HKLM-x32\...\Steam App 286690) (Version:  - 4A GAMES)
Metro: Last Light Redux (HKLM-x32\...\Steam App 287390) (Version:  - 4A Games)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mumble 1.2.7 (HKLM-x32\...\{CF8BBFA2-5502-4904-A9E9-8D5CAA8DF785}) (Version: 1.2.7 - Thorvald Natvig)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.1 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA Control Panel 347.09 (Version: 347.09 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.18.9 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.172.1357 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.1 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.18.9 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.27 (Version: 1.2.27 - NVIDIA Corporation) Hidden
One Day For Ched (HKLM-x32\...\Steam App 321030) (Version:  - BS1 &amp; BSL Team)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Quake Live (HKLM-x32\...\Steam App 282440) (Version:  - id Software)
resident evil 4 / biohazard 4 (HKLM-x32\...\Steam App 254700) (Version:  - Capcom)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version:  - DoubleDutch Games)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version:  - Irrational Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Fall (HKLM-x32\...\Steam App 290770) (Version:  - Over The Moon)
The Moon Sliver (HKLM-x32\...\Steam App 329830) (Version:  - David Szymanski)
The Ultimate DOOM (HKLM-x32\...\Steam App 2280) (Version:  - id Software)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
Wasteland 1 - The Original Classic (HKLM-x32\...\Steam App 259130) (Version:  - inXile Entertainment)
Wasteland 2 (HKLM-x32\...\Steam App 240760) (Version:  - inXile Entertainment)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
========================= Devices: ================================
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 34%
Total physical RAM: 8106.96 MB
Available physical RAM: 5340.26 MB
Total Pagefile: 13141.17 MB
Available Pagefile: 8630.97 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.57 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:931 GB) (Free:737.35 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\FILESPC
 
Administrator            File                     Guest                    
 
 
**** End of log ****


#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 PM

Posted 19 January 2015 - 05:29 PM

Your Chipset driver is missing.....

 

 

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Please also provide make and model of your computer.

 

 

  • Please go here and download Speccy.
  • Install and run the program.
  • Upon Completion:
  • Hit File
  • Publish Snap Shot
  • A link will pop-up on your desktop, please post it here in your next reply.


#7 damagedfile

damagedfile
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 19 January 2015 - 05:50 PM

JRT LOG:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8 x64
Ran by File on Mon 01/19/2015 at 16:45:58.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilDealKeeper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilDealKeeper_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilDealKeeper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilDealKeeper_RASMANCS
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\File\appdata\local\google\chrome\user data\default\local storage\http_lyrics.wikia.com_0.localstorage"
Successfully deleted: [File] "C:\Users\File\appdata\local\google\chrome\user data\default\local storage\http_lyrics.wikia.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/19/2015 at 16:47:14.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
I'm going to provide the make and model, along with downloading Speccy, after I finish the other steps. Downloading Adware Cleaner now.


#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 PM

Posted 19 January 2015 - 05:52 PM

Ok, you can get me that info whenever, we will only work on that at then end of the thread anyway.



#9 damagedfile

damagedfile
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 19 January 2015 - 06:01 PM

ADWCLEANER:
 
# AdwCleaner v4.108 - Report created 19/01/2015 at 16:58:04
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 8  (64 bits)
# Username : File - FILESPC
# Running from : C:\Users\File\Desktop\adwcleaner_4.108.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\1b02ec7494cadf86
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17148
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v37.0.2062.103
 
 
*************************
 
AdwCleaner[R0].txt - [796 octets] - [19/01/2015 16:55:23]
AdwCleaner[S0].txt - [720 octets] - [19/01/2015 16:58:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [779 octets] ##########


#10 damagedfile

damagedfile
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 19 January 2015 - 06:11 PM

ADWARE REMOVAL
 
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 
 
Adware Removal Tool v3.9
Time: 2015_01_19_17_04_40
OS: Windows 8 - 64 Bit
Account Name: File
U0L0S11
 
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
 
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}
 
\\ Finished


#11 damagedfile

damagedfile
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 19 January 2015 - 06:27 PM

Malware Bytes said it found nothing, but here are the logs in case:

 

DATE LOG
 
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
 
Database version:
  main:    v2015.01.19.15
  rootkit: v2015.01.14.01
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.17148
File :: FILESPC [administrator]
 
1/19/2015 5:15:03 PM
mbar-log-2015-01-19 (17-15-03).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 320357
Time elapsed: 6 minute(s), 26 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)

 

 
SYSTEM LOG
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.2.9200 Windows 8 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.17148
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.400000 GHz
Memory total: 8500764672, free: 6848835584
 
Downloaded database version: v2015.01.19.15
Downloaded database version: v2015.01.14.01
Downloaded database version: v2014.12.06.01
Initializing...
======================
------------ Kernel report ------------
     01/19/2015 17:14:39
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2015.01.19.15
  rootkit: v2015.01.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80079a9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80079a9b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80079a9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800768fa70, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007691a80, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800768f060, DeviceName: \Device\0000003a\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2355784961
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid 33ba0cdb-c4e4-4eb6-8eb7-4f3e0dc18
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2355784961
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid 33ba0cdb-c4e4-4eb6-8eb7-4f3e0dc18
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID dce3d460-d046-4965-a9cc-a120811cbf3e
    FirstLBA 2048  Last LBA 616447
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 4a28603c-4154-47a9-b3c9-7afa8272a79c
    FirstLBA 616448  Last LBA 819199
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID ca075d54-20c5-4ea7-86fd-415aa8ab7c8
    FirstLBA 819200  Last LBA 1081343
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 6b5fc4f8-f8e3-4073-ae30-2e52cb12182d
    FirstLBA 1081344  Last LBA 1953523711
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 


#12 damagedfile

damagedfile
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 19 January 2015 - 06:29 PM

 CHECKUP LOG
 
Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Desktop      
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 65  
 Java version 32-bit out of Date! 
 Google Chrome 37.0.2062.103 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#13 damagedfile

damagedfile
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 19 January 2015 - 06:44 PM

That's those done. Thanks again, I really appreciate it!

 

It's an Alienware X51 R2, here's the snapshot:

 

http://speccy.piriform.com/results/LThj1jD6AU2DJyb5w3PUsuD

 

Oh, almost forgot. To answer how it's doing, nothing is out of the ordinary. Seems to be running normally. Thanks.


Edited by damagedfile, 19 January 2015 - 06:45 PM.


#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 PM

Posted 19 January 2015 - 06:57 PM

Logs are looking good, we will keep on trucking though...

 

 

Step 1: 9-Lab Scan

 

Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

 

Step 2: Eset Scan

 

Disable your antivirus prior to running this scan.

 

 

 esetonlinebtn.png

 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#15 damagedfile

damagedfile
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 19 January 2015 - 08:08 PM

9 LAB

 

  9-lab Removal Tool 1.0.0.25 BETA

9-lab.com
 
Database version: 93.27837
 
Windows 8 (Version 6.2, Build 0, 64-bit Edition)
Internet Explorer 9.10.9200.17148
File :: FILESPC not implemented yet
 
1/19/2015 6:13:48 PM
9lab-log-2015-01-19 (18-13-48).txt
 
Scan type: 
Objects scanned: 40855
Time Elapsed: 15 m 11 s
 
Registry Keys detected: 5
Virtool.RPL.Gen.vb [\software\classes\interface\{9b41579a-1996-42f9-8f84-7b7786818cef}]
Virtool.RPL.Gen.vb [\software\classes\interface\{9b41579a-1996-42f9-8f84-7b7786818cef}]
Virtool.RPL.Gen.vb [\software\classes\interface\{7041156a-0d2b-4dcd-a8ee-d0608bfcb2d0}]
Virtool.RPL.Gen.vb [\software\classes\interface\{7041156a-0d2b-4dcd-a8ee-d0608bfcb2d0}]
Virtool.RPL.Gen.vb [\software\classes\clsid\{d879a501-50a7-befc-a4c5-32dc6e0cb208}]
 
 
Files detected: 6
Virtool.RPL.Gen.vb [\software\classes\interface\{9b41579a-1996-42f9-8f84-7b7786818cef}]
Virtool.RPL.Gen.vb [\software\classes\interface\{9b41579a-1996-42f9-8f84-7b7786818cef}]
Virtool.RPL.Gen.vb [\software\classes\interface\{7041156a-0d2b-4dcd-a8ee-d0608bfcb2d0}]
Virtool.RPL.Gen.vb [\software\classes\interface\{7041156a-0d2b-4dcd-a8ee-d0608bfcb2d0}]
Virtool.RPL.Gen.vb [\software\classes\clsid\{d879a501-50a7-befc-a4c5-32dc6e0cb208}]
Malware.Win32.Gen.sm!s1 [C:\Program Files (x86)\Steam\SteamApps\common\hotline_miami\HotlineMiami.exe]
Malware.Win32.Gen.sm!s1 [C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\bin\witcher2.exe]
Malware.Win32.Gen.sm!s5 [C:\Program Files (x86)\Steam\uninstall.exe]
Malware.Win32.Gen.sm!s5 [C:\Users\File\Downloads\aviraantivirpersonalfreeantivirus-setup.exe]
Malware.Win32.Gen.sm!s4 [C:\Users\File\Downloads\ChromeSetup.exe]
Malware.Win32.Gen.sm!s2 [C:\Users\File\Downloads\MiniToolBox.exe]





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users