Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Positive Finds Virus, help please!


  • This topic is locked This topic is locked
45 replies to this topic

#1 kamrokid

kamrokid

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 12 February 2015 - 01:12 PM

Mod Edit: moved to Malware Removal logs ~~ boopme

Hello, my names Dana and I've been having a problem removing positive finds. 
 
I tired the default google search solutions, adw, hitmanpro, malwarebytes, nothing worked, in fact it looks like its getting worse, more ads, more redirections than earlier. 
I've already seen a few people with the same problem, but they all seem to be getting direct support so i figure i should too. 
 
thank you very much!
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by Dana (administrator) on DANA-PC on 12-02-2015 11:03:40
Running from C:\Users\Dana\Downloads
Loaded Profiles: Dana (Available profiles: Dana)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\DesktopVideoHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDStreamingServer.exe
(Blackmagic Design) C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersionPCI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Blackmagic Streaming Server] => C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDStreamingServer.exe [1035776 2014-12-04] ()
HKLM\...\Run: [Blackmagic CheckVersion PCI] => C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersionPCI.exe [54080840 2014-12-04] (Blackmagic Design)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKU\S-1-5-21-1787781365-2625283767-1572880008-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Dana\AppData\Local\Akamai\netsession_win.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1787781365-2625283767-1572880008-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ca/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1787781365-2625283767-1572880008-1000 -> {D9E92EC3-4092-4DCF-845D-934D5C9D88F8} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-01]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.ca/
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_ggbc_14_52_ch&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CyCtCtAyBtA0BtD0F0DzztN0D0Tzu0StCtDzytDtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCtA0DyDtC0EyB0CtGyCyDzytAtGtAyB0DtCtG0EyE0FtDtGyCyCzztDtB0ByB0AzyyDzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzyyB0ByByD0CyDtGzzyC0CzztGyE0AtCtCtGzztAtCtDtGyCtBtAzz0FyE0E0Dzy0C0CyC2Q&cr=1575489697&ir=", "https://www.google.ca/", "https://www.google.com/?trackid=sp-006", "https://www.google.com/?trackid=sp-006"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-01]
CHR Extension: (YouTube) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-01]
CHR Extension: (Google Search) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-01]
CHR Extension: (Google Wallet) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-01]
CHR Extension: (Adblock Pro) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-02-12]
CHR Extension: (Gmail) - C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-01] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-01] (Avast Software)
R2 dvhlp; C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\DesktopVideoHelper.exe [25088 2014-12-04] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-01] ()
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
R3 BlackmagicUsbIO; C:\Windows\System32\DRIVERS\BlackmagicUsbIO.sys [189952 2014-12-04] (Blackmagic Design)
R3 BMDDeckLinkAudio; C:\Windows\System32\DRIVERS\deckaud.sys [18432 2014-12-04] (Blackmagic Design)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
R3 deckavs; C:\Windows\System32\DRIVERS\deckavs.sys [56320 2014-12-04] (Blackmagic Design)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-02-12] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-01] (Avast Software)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 sjcst; \??\C:\AeriaGames\EdenEternal\avital\sjcsu64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-12 11:00 - 2015-02-12 11:03 - 00013803 _____ () C:\Users\Dana\Downloads\FRST.txt
2015-02-12 11:00 - 2015-02-12 11:03 - 00000000 ____D () C:\FRST
2015-02-12 11:00 - 2015-02-12 11:01 - 00026601 _____ () C:\Users\Dana\Downloads\Addition.txt
2015-02-12 10:59 - 2015-02-12 10:59 - 02134016 _____ (Farbar) C:\Users\Dana\Downloads\FRST64.exe
2015-02-12 10:40 - 2015-02-12 10:40 - 00000197 _____ () C:\Windows\system32\2015-02-12-18-40-30.003-AvastVBoxSVC.exe-2752.log
2015-02-12 10:27 - 2015-02-12 10:27 - 00000197 _____ () C:\Windows\system32\2015-02-12-18-27-09.051-AvastVBoxSVC.exe-2900.log
2015-02-12 10:26 - 2015-02-12 10:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-12 10:24 - 2015-02-12 10:24 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-02-12 09:48 - 2015-02-12 09:48 - 00000622 _____ () C:\Windows\system32\.crusader
2015-02-12 09:25 - 2015-02-12 09:25 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-12 09:24 - 2015-02-12 09:48 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-12 09:23 - 2015-02-12 09:24 - 11227888 _____ (SurfRight B.V.) C:\Users\Dana\Downloads\HitmanPro_x64.exe
2015-02-12 09:23 - 2015-02-12 09:23 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-12 09:23 - 2015-02-12 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-12 09:22 - 2015-02-12 09:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-12 09:22 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-12 09:22 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-12 09:22 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-12 09:19 - 2015-02-12 09:19 - 00000000 ____D () C:\Users\Dana\AppData\Local\VS Revo Group
2015-02-12 09:19 - 2015-02-12 09:19 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-02-12 09:19 - 2015-02-12 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-02-12 09:19 - 2015-02-12 09:19 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-02-12 09:19 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-02-12 09:18 - 2015-02-12 09:18 - 10801480 _____ (VS Revo Group ) C:\Users\Dana\Downloads\RevoUninProSetup.exe
2015-02-12 08:59 - 2015-02-12 08:59 - 00000197 _____ () C:\Windows\system32\2015-02-12-16-59-54.007-AvastVBoxSVC.exe-3408.log
2015-02-12 03:45 - 2015-01-22 20:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 03:45 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 03:45 - 2015-01-22 19:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 03:45 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 03:26 - 2015-02-12 03:26 - 00000197 _____ () C:\Windows\system32\2015-02-12-11-26-04.090-AvastVBoxSVC.exe-2700.log
2015-02-11 19:07 - 2015-02-11 19:07 - 00109657 _____ () C:\Users\Dana\Downloads\Legend of The Mystical Ninja, The [Ganbare Goemon - Yukihime Kyuushutsu Emaki].7z
2015-02-11 17:43 - 2015-02-11 17:43 - 00000197 _____ () C:\Windows\system32\2015-02-12-01-43-01.073-AvastVBoxSVC.exe-3128.log
2015-02-11 07:06 - 2015-02-03 19:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 07:06 - 2015-02-03 19:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 07:06 - 2015-02-03 19:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 07:06 - 2015-02-03 19:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 07:06 - 2015-02-03 19:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 07:06 - 2015-02-03 19:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 07:06 - 2015-02-03 19:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 07:06 - 2015-01-27 15:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 07:06 - 2015-01-15 00:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 07:06 - 2015-01-15 00:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 07:06 - 2015-01-15 00:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 07:06 - 2015-01-15 00:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 07:06 - 2015-01-15 00:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 07:06 - 2015-01-15 00:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 07:06 - 2015-01-15 00:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 07:06 - 2015-01-15 00:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 07:06 - 2015-01-15 00:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 07:06 - 2015-01-15 00:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 07:06 - 2015-01-15 00:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 07:06 - 2015-01-14 23:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 07:06 - 2015-01-14 23:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 07:06 - 2015-01-14 23:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 07:06 - 2015-01-14 23:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 07:06 - 2015-01-14 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 07:06 - 2015-01-14 23:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 07:06 - 2015-01-14 20:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 07:06 - 2015-01-13 21:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 07:06 - 2015-01-13 21:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 07:06 - 2015-01-12 19:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 07:06 - 2015-01-12 18:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 07:06 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 07:06 - 2015-01-11 19:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 07:06 - 2015-01-11 19:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 07:06 - 2015-01-11 18:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 07:06 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 07:06 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 07:06 - 2015-01-11 18:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 07:06 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 07:06 - 2015-01-11 18:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 07:06 - 2015-01-11 18:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 07:06 - 2015-01-11 18:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 07:06 - 2015-01-11 18:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 07:06 - 2015-01-11 18:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 07:06 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 07:06 - 2015-01-11 18:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 07:06 - 2015-01-11 18:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 07:06 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 07:06 - 2015-01-11 18:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 07:06 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 07:06 - 2015-01-11 18:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 07:06 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 07:06 - 2015-01-11 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 07:06 - 2015-01-11 18:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 07:06 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 07:06 - 2015-01-11 18:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 07:06 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 07:06 - 2015-01-11 18:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 07:06 - 2015-01-11 17:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 07:06 - 2015-01-11 17:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 07:06 - 2015-01-11 17:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 07:06 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 07:06 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 07:06 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 07:06 - 2015-01-11 17:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 07:06 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 07:06 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 07:06 - 2015-01-11 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 07:06 - 2015-01-11 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 07:06 - 2015-01-11 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 07:06 - 2015-01-11 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 07:06 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 07:06 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 07:06 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 07:06 - 2015-01-11 17:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 07:06 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 07:06 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 07:06 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 07:06 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 07:06 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 07:06 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 07:06 - 2015-01-09 22:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 07:06 - 2015-01-09 22:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 07:06 - 2015-01-09 22:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 07:06 - 2015-01-09 22:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 07:06 - 2015-01-09 22:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 07:06 - 2015-01-09 22:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 07:06 - 2015-01-09 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 07:06 - 2015-01-09 22:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 07:06 - 2015-01-09 22:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 07:06 - 2015-01-09 22:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 07:06 - 2015-01-09 22:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 07:06 - 2015-01-09 22:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 07:06 - 2015-01-09 22:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 07:06 - 2015-01-09 22:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 07:05 - 2015-01-13 22:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 07:05 - 2015-01-13 22:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 07:05 - 2015-01-13 22:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 07:05 - 2015-01-13 22:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 07:05 - 2015-01-13 21:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 07:05 - 2015-01-13 21:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 07:05 - 2015-01-13 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 07:05 - 2015-01-08 18:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 07:05 - 2014-12-11 21:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 07:05 - 2014-12-11 21:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 07:05 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 07:05 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 07:05 - 2014-11-25 19:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 07:05 - 2014-11-25 19:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 07:05 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 07:05 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 07:05 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 07:05 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-10 17:17 - 2015-02-10 17:17 - 00000197 _____ () C:\Windows\system32\2015-02-11-01-17-35.098-AvastVBoxSVC.exe-3092.log
2015-02-10 17:01 - 2015-02-10 17:01 - 00000197 _____ () C:\Windows\system32\2015-02-11-01-01-23.048-AvastVBoxSVC.exe-2740.log
2015-02-10 16:58 - 2015-02-10 16:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-10 16:57 - 2015-02-10 16:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Dana\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-10 16:52 - 2015-02-10 16:52 - 00000197 _____ () C:\Windows\system32\2015-02-11-00-52-45.033-AvastVBoxSVC.exe-4080.log
2015-02-10 16:45 - 2015-02-10 16:45 - 02112512 _____ () C:\Users\Dana\Downloads\adwcleaner_4.110.exe
2015-02-10 16:43 - 2015-02-10 16:43 - 00000197 _____ () C:\Windows\system32\2015-02-11-00-43-19.048-AvastVBoxSVC.exe-3128.log
2015-02-10 16:40 - 2015-02-12 10:24 - 00006662 _____ () C:\Windows\PFRO.log
2015-02-08 18:09 - 2015-02-12 10:38 - 00493195 _____ () C:\Windows\setupact.log
2015-02-08 18:09 - 2015-02-08 18:09 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-08 14:13 - 2015-02-08 14:13 - 00000052 _____ () C:\Users\Dana\Desktop\Official Nintendo Rewards Program - Club Nintendo.url
2015-02-08 05:34 - 2015-02-08 05:34 - 00000197 _____ () C:\Windows\system32\2015-02-08-13-34-29.004-AvastVBoxSVC.exe-4424.log
2015-02-08 05:30 - 2015-02-08 05:30 - 00000197 _____ () C:\Windows\system32\2015-02-08-13-30-18.037-AvastVBoxSVC.exe-5448.log
2015-02-07 16:24 - 2015-02-07 16:24 - 05131344 _____ (Piriform Ltd) C:\Users\Dana\Downloads\spsetup128.exe
2015-02-07 16:16 - 2015-02-07 16:16 - 07075640 _____ (Crystal Dew World ) C:\Users\Dana\Downloads\CrystalDiskInfo5_6_2Shizuku-en.exe
2015-02-07 16:11 - 2015-02-07 16:11 - 00000197 _____ () C:\Windows\system32\2015-02-08-00-11-06.062-AvastVBoxSVC.exe-4384.log
2015-02-07 15:27 - 2015-02-07 15:27 - 00000197 _____ () C:\Windows\system32\2015-02-07-23-27-52.079-AvastVBoxSVC.exe-4440.log
2015-02-07 15:07 - 2015-02-07 15:07 - 00000197 _____ () C:\Windows\system32\2015-02-07-23-07-08.091-AvastVBoxSVC.exe-5080.log
2015-02-07 15:00 - 2015-02-07 15:00 - 00000197 _____ () C:\Windows\system32\2015-02-07-23-00-11.075-AvastVBoxSVC.exe-4912.log
2015-02-07 14:49 - 2015-02-07 14:49 - 00000197 _____ () C:\Windows\system32\2015-02-07-22-49-04.056-AvastVBoxSVC.exe-1440.log
2015-02-07 14:04 - 2015-02-07 14:04 - 00000197 _____ () C:\Windows\system32\2015-02-07-22-04-25.085-AvastVBoxSVC.exe-3972.log
2015-02-07 12:55 - 2015-02-07 12:55 - 01839107 _____ () C:\Users\Dana\Downloads\amarectv231_en (1).zip
2015-02-07 12:53 - 2015-02-07 12:53 - 00000197 _____ () C:\Windows\system32\2015-02-07-20-53-32.029-AvastVBoxSVC.exe-3960.log
2015-02-07 12:27 - 2015-02-07 12:27 - 01839107 _____ () C:\Users\Dana\Downloads\amarectv231_en.zip
2015-02-07 12:10 - 2015-02-07 13:13 - 17935450 _____ () C:\Users\Dana\Documents\Untitled 01.avi
2015-02-07 11:46 - 2015-02-07 11:46 - 00000197 _____ () C:\Windows\system32\2015-02-07-19-46-17.008-AvastVBoxSVC.exe-6120.log
2015-02-07 08:48 - 2015-02-07 08:48 - 00000197 _____ () C:\Windows\system32\2015-02-07-16-48-51.024-AvastVBoxSVC.exe-4860.log
2015-02-07 08:39 - 2015-02-07 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2015-02-07 08:38 - 2015-02-07 08:39 - 00000000 ____D () C:\Program Files (x86)\Blackmagic Design
2015-02-06 21:40 - 2015-02-06 21:41 - 65659913 _____ () C:\Users\Dana\Downloads\shizuka - heavenly persona [lifeferocity.blogspot.com].rar
2015-02-06 20:56 - 2015-02-06 20:56 - 00000197 _____ () C:\Windows\system32\2015-02-07-04-56-48.057-AvastVBoxSVC.exe-1540.log
2015-02-06 14:16 - 2015-02-06 14:16 - 00000197 _____ () C:\Windows\system32\2015-02-06-22-16-47.037-AvastVBoxSVC.exe-4280.log
2015-02-06 11:23 - 2015-02-06 11:23 - 00000197 _____ () C:\Windows\system32\2015-02-06-19-23-59.026-AvastVBoxSVC.exe-2820.log
2015-02-05 15:42 - 2015-02-05 15:42 - 00000197 _____ () C:\Windows\system32\2015-02-05-23-42-50.069-AvastVBoxSVC.exe-4100.log
2015-02-05 15:13 - 2015-02-05 15:14 - 00000197 _____ () C:\Windows\system32\2015-02-05-23-13-27.002-AvastVBoxSVC.exe-3976.log
2015-02-05 13:56 - 2015-02-05 13:56 - 00000197 _____ () C:\Windows\system32\2015-02-05-21-56-28.002-AvastVBoxSVC.exe-3636.log
2015-02-05 13:35 - 2015-02-05 13:35 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\.Blackmagic_Design
2015-02-05 13:34 - 2015-02-05 13:34 - 00000197 _____ () C:\Windows\system32\2015-02-05-21-34-06.073-AvastVBoxSVC.exe-4588.log
2015-02-05 13:27 - 2015-02-07 08:39 - 00000000 ____D () C:\Windows\SysWOW64\QuickTime
2015-02-05 13:26 - 2015-01-22 15:47 - 123973632 ____N () C:\Users\Dana\DesktopVideo_10.3.5.msi
2015-02-05 13:24 - 2015-02-05 13:26 - 108878330 _____ () C:\Users\Dana\Downloads\Blackmagic_Desktop_Video_Windows_10.3.5.zip
2015-02-02 17:53 - 2015-02-02 17:53 - 09724718 _____ () C:\Users\Dana\Downloads\mb_bios_ga-z97x-ud5h_f8.zip
2015-02-02 16:54 - 2015-02-02 16:54 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Applied Acoustics Systems
2015-02-02 16:53 - 2015-02-02 16:53 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\SynthMaker
2015-02-02 16:52 - 2015-02-02 16:52 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Acoustica
2015-02-02 16:52 - 2015-02-02 16:52 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software
2015-02-02 16:51 - 2015-02-02 16:51 - 00000000 ____D () C:\ProgramData\Acoustica
2015-02-02 16:51 - 2015-02-02 16:51 - 00000000 ____D () C:\Program Files (x86)\VST
2015-02-02 16:50 - 2015-02-02 16:51 - 159937952 _____ (Acoustica, Inc.) C:\Users\Dana\Downloads\mixcraft7-b251-setup.exe
2015-02-02 16:48 - 2015-02-02 16:48 - 00000197 _____ () C:\Windows\system32\2015-02-03-00-48-38.067-AvastVBoxSVC.exe-2800.log
2015-02-02 09:20 - 2015-02-09 19:56 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\OBS
2015-02-02 09:20 - 2015-02-05 16:35 - 00000000 ____D () C:\Program Files\OBS
2015-02-02 09:20 - 2015-02-02 09:20 - 07516302 _____ () C:\Users\Dana\Downloads\OBS_0_64b_Installer.exe
2015-02-02 09:20 - 2015-02-02 09:20 - 00000939 _____ () C:\Users\Dana\Desktop\Open Broadcaster Software.lnk
2015-02-02 09:20 - 2015-02-02 09:20 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-02-02 09:20 - 2015-02-02 09:20 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-02-02 09:12 - 2015-02-02 09:13 - 00000197 _____ () C:\Windows\system32\2015-02-02-17-12-59.006-AvastVBoxSVC.exe-3312.log
2015-02-02 09:10 - 2015-02-07 15:22 - 00000182 _____ () C:\Users\Dana\prime.txt
2015-02-02 09:10 - 2015-02-02 09:10 - 00000148 _____ () C:\Users\Dana\local.txt
2015-02-02 09:09 - 2015-02-02 09:09 - 05378177 _____ () C:\Users\Dana\Downloads\p95v285.win64.zip
2015-02-02 09:09 - 2014-05-29 18:33 - 36363264 ____N () C:\Users\Dana\prime95.exe
2015-02-02 09:09 - 2014-04-28 12:05 - 00024263 ____N () C:\Users\Dana\readme.txt
2015-02-02 09:09 - 2014-04-16 18:42 - 00061798 ____N () C:\Users\Dana\whatsnew.txt
2015-02-02 09:09 - 2014-03-07 07:44 - 00002159 ____N () C:\Users\Dana\license.txt
2015-02-02 09:09 - 2014-03-05 16:00 - 00027915 ____N () C:\Users\Dana\undoc.txt
2015-02-02 09:09 - 2008-11-19 13:26 - 00007019 ____N () C:\Users\Dana\stress.txt
2015-02-02 09:01 - 2015-02-02 09:01 - 00000197 _____ () C:\Windows\system32\2015-02-02-17-01-06.030-AvastVBoxSVC.exe-3104.log
2015-02-02 08:42 - 2015-02-02 08:42 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\Dana\Downloads\autodetectutility.exe
2015-02-02 08:22 - 2015-02-02 08:22 - 00000197 _____ () C:\Windows\system32\2015-02-02-16-22-22.075-AvastVBoxSVC.exe-3192.log
2015-02-02 07:37 - 2015-02-02 07:37 - 01328360 _____ ( ) C:\Users\Dana\Downloads\hwmonitor-pro_1.21.exe
2015-02-02 07:16 - 2015-02-02 07:16 - 00069930 _____ () C:\Users\Dana\Documents\cc_20150202_071612.reg
2015-02-02 07:14 - 2015-02-02 07:14 - 05325208 _____ (Piriform Ltd) C:\Users\Dana\Downloads\ccsetup502.exe
2015-02-02 02:24 - 2015-02-02 02:24 - 00000197 _____ () C:\Windows\system32\2015-02-02-10-24-11.084-AvastVBoxSVC.exe-3924.log
2015-02-01 23:52 - 2015-02-01 23:52 - 00000197 _____ () C:\Windows\system32\2015-02-02-07-52-36.035-AvastVBoxSVC.exe-4712.log
2015-02-01 23:29 - 2015-02-01 23:30 - 00000197 _____ () C:\Windows\system32\2015-02-02-07-29-59.075-AvastVBoxSVC.exe-3892.log
2015-02-01 21:07 - 2015-02-01 21:07 - 00000197 _____ () C:\Windows\system32\2015-02-02-05-07-10.013-AvastVBoxSVC.exe-1520.log
2015-02-01 20:44 - 2015-02-01 20:44 - 00000197 _____ () C:\Windows\system32\2015-02-02-04-44-32.008-AvastVBoxSVC.exe-3272.log
2015-02-01 19:41 - 2015-02-01 19:41 - 00001242 _____ () C:\Users\Dana\Desktop\Paint.lnk
2015-02-01 19:41 - 2015-02-01 19:41 - 00000197 _____ () C:\Windows\system32\2015-02-02-03-41-05.078-AvastVBoxSVC.exe-4064.log
2015-02-01 19:23 - 2015-02-01 19:23 - 00000197 _____ () C:\Windows\system32\2015-02-02-03-23-51.001-AvastVBoxSVC.exe-3136.log
2015-01-31 19:07 - 2015-01-31 19:07 - 00000197 _____ () C:\Windows\system32\2015-02-01-03-07-52.097-AvastVBoxSVC.exe-3180.log
2015-01-30 15:21 - 2015-01-30 15:21 - 00000197 _____ () C:\Windows\system32\2015-01-30-23-21-24.091-AvastVBoxSVC.exe-2968.log
2015-01-29 23:40 - 2015-02-05 14:45 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Skype
2015-01-29 23:40 - 2015-01-29 23:40 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-29 23:40 - 2015-01-29 23:40 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-29 23:40 - 2015-01-29 23:40 - 00000000 ____D () C:\Users\Dana\AppData\Local\Skype
2015-01-29 23:40 - 2015-01-29 23:40 - 00000000 ____D () C:\ProgramData\Skype
2015-01-29 23:40 - 2015-01-29 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-29 16:40 - 2015-01-29 16:40 - 00000197 _____ () C:\Windows\system32\2015-01-30-00-40-29.025-AvastVBoxSVC.exe-2856.log
2015-01-28 18:13 - 2015-01-28 18:13 - 00000197 _____ () C:\Windows\system32\2015-01-29-02-13-09.049-AvastVBoxSVC.exe-2960.log
2015-01-27 18:14 - 2015-01-27 18:15 - 00000197 _____ () C:\Windows\system32\2015-01-28-02-14-59.070-AvastVBoxSVC.exe-2720.log
2015-01-26 18:42 - 2015-01-26 18:42 - 00000197 _____ () C:\Windows\system32\2015-01-27-02-42-16.075-AvastVBoxSVC.exe-4104.log
2015-01-26 18:09 - 2015-01-26 18:10 - 00000197 _____ () C:\Windows\system32\2015-01-27-02-09-55.068-AvastVBoxSVC.exe-3352.log
2015-01-24 11:12 - 2015-01-24 11:12 - 00000197 _____ () C:\Windows\system32\2015-01-24-19-12-07.067-AvastVBoxSVC.exe-1020.log
2015-01-23 23:01 - 2015-01-23 23:01 - 00000197 _____ () C:\Windows\system32\2015-01-24-07-01-37.022-AvastVBoxSVC.exe-2728.log
2015-01-22 22:27 - 2015-01-22 22:27 - 00000197 _____ () C:\Windows\system32\2015-01-23-06-27-40.090-AvastVBoxSVC.exe-4832.log
2015-01-22 18:09 - 2015-01-22 18:09 - 00000197 _____ () C:\Windows\system32\2015-01-23-02-09-22.029-AvastVBoxSVC.exe-2908.log
2015-01-21 18:09 - 2015-01-21 18:09 - 00000197 _____ () C:\Windows\system32\2015-01-22-02-09-08.002-AvastVBoxSVC.exe-2984.log
2015-01-20 18:33 - 2015-01-20 18:33 - 00000197 _____ () C:\Windows\system32\2015-01-21-02-33-03.079-AvastVBoxSVC.exe-1116.log
2015-01-20 18:18 - 2015-01-20 18:18 - 00000197 _____ () C:\Windows\system32\2015-01-21-02-18-07.029-AvastVBoxSVC.exe-2780.log
2015-01-20 03:00 - 2015-01-20 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2015-01-19 18:05 - 2015-01-19 18:05 - 00392093 _____ () C:\Users\Dana\Downloads\DSfix24.zip
2015-01-19 17:51 - 2015-01-19 17:51 - 00000197 _____ () C:\Windows\system32\2015-01-20-01-51-04.064-AvastVBoxSVC.exe-2924.log
2015-01-19 16:35 - 2015-01-19 16:35 - 00000000 ____D () C:\Users\Dana\AppData\Local\Logitech® Webcam Software
2015-01-19 16:33 - 2015-01-19 16:33 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-01-19 16:26 - 2015-01-19 16:26 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Leadertech
2015-01-19 16:26 - 2015-01-19 16:26 - 00000000 ____D () C:\ProgramData\Logitech
2015-01-19 16:25 - 2015-01-19 16:26 - 00000000 ____D () C:\Program Files (x86)\Logitech
2015-01-19 16:25 - 2015-01-19 16:25 - 00001624 _____ () C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2015-01-19 16:25 - 2015-01-19 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-01-19 16:22 - 2015-02-07 16:25 - 00008803 _____ () C:\Windows\system32\lvcoinst.log
2015-01-19 16:22 - 2015-01-19 16:26 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2015-01-19 05:29 - 2015-01-19 05:29 - 00000197 _____ () C:\Windows\system32\2015-01-19-13-29-46.008-AvastVBoxSVC.exe-2688.log
2015-01-18 15:34 - 2015-01-18 15:34 - 00512359 _____ () C:\Users\Dana\Downloads\x360ce.7z
2015-01-18 15:05 - 2015-01-18 15:05 - 00000197 _____ () C:\Windows\system32\2015-01-18-23-05-13.087-AvastVBoxSVC.exe-2876.log
2015-01-18 11:26 - 2015-01-18 11:26 - 00237007 _____ () C:\Users\Dana\Downloads\DSFix 2.3.1-19-2-3-1.zip
2015-01-17 03:27 - 2015-01-17 03:27 - 00000197 _____ () C:\Windows\system32\2015-01-17-11-27-10.020-AvastVBoxSVC.exe-2232.log
2015-01-16 16:10 - 2015-01-16 16:10 - 00000197 _____ () C:\Windows\system32\2015-01-17-00-10-20.062-AvastVBoxSVC.exe-2644.log
2015-01-15 18:12 - 2015-01-15 18:13 - 00000197 _____ () C:\Windows\system32\2015-01-16-02-12-48.095-AvastVBoxSVC.exe-2660.log
2015-01-14 18:41 - 2015-01-14 18:41 - 00000197 _____ () C:\Windows\system32\2015-01-15-02-41-12.069-AvastVBoxSVC.exe-2636.log
2015-01-14 18:12 - 2015-01-14 18:13 - 00000197 _____ () C:\Windows\system32\2015-01-15-02-12-58.089-AvastVBoxSVC.exe-2664.log
2015-01-14 03:28 - 2015-01-14 03:28 - 00000197 _____ () C:\Windows\system32\2015-01-14-11-28-28.057-AvastVBoxSVC.exe-2824.log
2015-01-14 03:23 - 2015-01-14 03:23 - 00000000 __SHD () C:\found.001
2015-01-13 23:10 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 23:10 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 23:10 - 2014-12-11 09:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 23:10 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 23:10 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 23:10 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 18:14 - 2015-01-13 18:15 - 00000197 _____ () C:\Windows\system32\2015-01-14-02-14-37.088-AvastVBoxSVC.exe-2428.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-12 10:45 - 2009-07-13 20:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 10:45 - 2009-07-13 20:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 10:44 - 2014-12-01 18:13 - 01815562 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 10:43 - 2009-07-13 21:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-12 10:39 - 2014-12-01 16:25 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 10:38 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-12 10:36 - 2014-12-01 19:14 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 10:23 - 2014-12-26 19:49 - 00000000 ____D () C:\AdwCleaner
2015-02-12 09:38 - 2014-12-01 16:25 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 08:52 - 2014-12-05 18:20 - 00000000 ____D () C:\Users\Dana\AppData\Local\Last.fm
2015-02-12 08:52 - 2014-12-02 07:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-12 03:23 - 2009-07-13 20:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:22 - 2014-12-10 06:17 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 03:22 - 2014-12-01 20:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 03:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 03:04 - 2014-12-01 20:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:01 - 2014-12-01 18:22 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-08 05:32 - 2014-12-01 18:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-07 16:19 - 2014-12-01 18:02 - 00000000 ____D () C:\Users\Dana
2015-02-07 15:31 - 2014-12-01 19:11 - 00006656 _____ () C:\Windows\system32\lpcio.dll
2015-02-07 08:31 - 2014-12-02 07:14 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-05 20:32 - 2014-12-01 16:25 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 20:32 - 2014-12-01 16:25 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 15:32 - 2014-12-01 16:26 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-02 16:53 - 2014-12-01 16:19 - 00000000 ____D () C:\Users\Dana\AppData\Local\VirtualStore
2015-02-02 07:15 - 2014-12-01 17:36 - 00000000 ____D () C:\Windows\Panther
2015-02-01 20:02 - 2014-12-02 09:38 - 00000000 ____D () C:\Users\Dana\Documents\My Games
2015-01-30 15:20 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
 
Files to move or delete:
====================
C:\Users\Dana\prime95.exe
 
 
Some content of TEMP:
====================
C:\Users\Dana\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Dana\AppData\Local\Temp\Quarantine.exe
C:\Users\Dana\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 16:00
 
==================== End Of Log ============================


Edited by boopme, 12 February 2015 - 01:27 PM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 PM

Posted 12 February 2015 - 01:53 PM

Hello kamrokid and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here
Thanks
---------------------------------------------------------------------------------------------------------
 
Addition.txt is created by default from the first run of FRST, can you check inside this folder: C:\FRST\Logs I need to see that log before we progress. If no Addition log inside the Logs folder run FRST scan one more time, ensure "Addition" is checked in the optional scan box...
Attached Images
 
Ashampoo_Snap_20140927_13h17m38s_001_Far
 
 
Have a great day. :hello:

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 kamrokid

kamrokid
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 12 February 2015 - 02:12 PM

Hi Yılmaz, thank you for helping!
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by Dana at 2015-02-12 12:06:25
Running from C:\Users\Dana\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Blackmagic Design Desktop Video (HKLM-x32\...\{C76950EF-0102-4CCB-9B99-0E5EE69A3283}) (Version: 10.3.2.0 - Blackmagic Design)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.40.836.0 - Logitech) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Dropbox (HKU\S-1-5-21-1787781365-2625283767-1572880008-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.236 - SurfRight B.V.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version:  - Kojima Productions)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
SpaceEngine version 0.9.7.2 (HKLM-x32\...\{E65FD500-9218-44EC-9586-D39FAB4DFDAF}_is1) (Version: 0.9.7.2 - SpaceEngine)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Packages (HKU\S-1-5-21-1787781365-2625283767-1572880008-1000\...\Winamp Packages) (Version:  - ) <==== ATTENTION
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1787781365-2625283767-1572880008-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1787781365-2625283767-1572880008-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1787781365-2625283767-1572880008-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1787781365-2625283767-1572880008-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1787781365-2625283767-1572880008-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1787781365-2625283767-1572880008-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1787781365-2625283767-1572880008-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1787781365-2625283767-1572880008-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1787781365-2625283767-1572880008-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
01-12-2014 18:18:57 Windows Update
01-12-2014 18:20:23 Windows Update
01-12-2014 18:35:53 avast! antivirus system restore point
01-12-2014 18:51:58 Windows Update
01-12-2014 19:13:57 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
01-12-2014 19:20:15 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
01-12-2014 20:02:34 Windows Update
02-12-2014 09:52:44 Windows Update
03-12-2014 18:20:54 Installed iTunes
08-12-2014 23:08:59 Windows Update
09-12-2014 03:00:11 Windows Update
10-12-2014 05:29:48 Windows Update
10-12-2014 06:16:18 Windows Update
12-12-2014 03:00:12 Windows Update
14-12-2014 03:00:11 Windows Update
16-12-2014 08:10:36 Installed DirectX
16-12-2014 08:12:33 Installed DirectX
16-12-2014 08:13:19 Installed DirectX
18-12-2014 03:00:12 Windows Update
23-12-2014 02:31:41 Windows Update
26-12-2014 05:11:21 Windows Update
26-12-2014 11:36:19 Installed SpyHunter
26-12-2014 12:47:51 Removed SpyHunter
30-12-2014 04:53:32 Windows Update
31-12-2014 03:00:17 Windows Update
03-01-2015 10:26:28 Removed Aeria Ignite
06-01-2015 02:24:58 Windows Update
09-01-2015 02:59:12 Windows Update
13-01-2015 04:08:05 Windows Update
14-01-2015 03:00:19 Windows Update
20-01-2015 02:10:58 Windows Update
20-01-2015 03:00:10 Windows Update
23-01-2015 03:42:40 Windows Update
27-01-2015 18:17:32 Windows Update
01-02-2015 20:01:24 Installed DirectX
01-02-2015 20:22:00 Installed DirectX
03-02-2015 02:46:14 Windows Update
05-02-2015 13:26:42 Installed Blackmagic Design Desktop Video
05-02-2015 14:52:15 Removed Blackmagic Design Desktop Video
05-02-2015 15:34:42 Installed Blackmagic Design Desktop Video
06-02-2015 06:27:54 Windows Update
07-02-2015 08:31:55 Removed Blackmagic Design Desktop Video
07-02-2015 08:36:00 Installed Blackmagic Design Desktop Video
07-02-2015 08:38:17 Installed Blackmagic Design Desktop Video
10-02-2015 10:25:12 Windows Update
12-02-2015 03:00:20 Windows Update
12-02-2015 09:20:52 Revo Uninstaller Pro's restore point - Akamai NetSession Interface
12-02-2015 09:46:38 Checkpoint by HitmanPro
12-02-2015 09:47:41 Checkpoint by HitmanPro
12-02-2015 10:35:29 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {4279AA2A-0B84-4F1D-876F-615F88EA9DF3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-01] (AVAST Software)
Task: {A6CB0F49-2DCA-4E1B-9610-68D303B3AFFA} - System32\Tasks\{5E484586-24AA-4F79-A93E-495EF9BE8C45} => pcalua.exe -a C:\Users\Dana\Downloads\Samp334.exe -d C:\Users\Dana\Downloads
Task: {F88E0813-A7B4-445D-A849-56F6B962FF83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-01] (Google Inc.)
Task: {F8F08AA2-D7E2-4788-AD1E-B9A5E5FE93CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-01] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2014-12-04 11:51 - 2014-12-04 11:51 - 00025088 _____ () C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\DesktopVideoHelper.exe
2014-12-01 18:37 - 2014-12-01 18:37 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-01 18:37 - 2014-12-01 18:37 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-04 11:50 - 2014-12-04 11:50 - 01035776 _____ () C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDStreamingServer.exe
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-08-12 12:20 - 2011-08-12 12:20 - 01260568 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\UMVPLMute.dll
2011-08-12 12:19 - 2011-08-12 12:19 - 00221208 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\FxPreview.dll
2011-08-12 12:20 - 2011-08-12 12:20 - 00053784 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\UMVPLMutePS.dll
2011-08-12 12:20 - 2011-08-12 12:20 - 01349656 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\MRSystem.dll
2011-08-12 12:19 - 2011-08-12 12:19 - 00053784 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\FxPreviewPS.dll
2011-08-12 12:20 - 2011-08-12 12:20 - 00135192 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\MapTrackData.dll
2011-08-12 12:20 - 2011-08-12 12:20 - 01323032 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\MMSystem.dll
2011-08-12 12:20 - 2011-08-12 12:20 - 00294424 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\VMSystem.dll
2015-02-12 02:16 - 2015-02-12 02:16 - 02912256 _____ () C:\Program Files\AVAST Software\Avast\defs\15021200\algo.dll
2014-12-01 18:37 - 2014-12-01 18:37 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-04 11:51 - 2014-12-04 11:51 - 00231424 _____ () C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDStreamingAPI.dll
2014-12-01 18:37 - 2014-12-01 18:37 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2015-02-05 15:32 - 2015-02-04 01:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-05 15:32 - 2015-02-04 01:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-05 15:32 - 2015-02-04 01:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-05 15:32 - 2015-02-04 01:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
2007-07-21 08:52 - 2007-07-21 08:52 - 00163840 _____ () C:\Program Files (x86)\Winamp\Plugins\unrar.dll
2013-11-25 18:17 - 2013-11-25 18:17 - 00333824 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2012-03-01 16:35 - 2012-03-01 16:35 - 00511488 _____ () C:\Program Files (x86)\Winamp\Plugins\lame_enc.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1787781365-2625283767-1572880008-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254 - 75.153.176.9
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1787781365-2625283767-1572880008-500 - Administrator - Disabled)
Dana (S-1-5-21-1787781365-2625283767-1572880008-1000 - Administrator - Enabled) => C:\Users\Dana
Guest (S-1-5-21-1787781365-2625283767-1572880008-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1787781365-2625283767-1572880008-1004 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/12/2015 10:38:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/12/2015 10:25:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/12/2015 09:48:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000252EEE0.72).  hr = 0x80070005, Access is denied.
.
 
Error: (02/12/2015 09:48:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000814,(null),0,REG_BINARY,00000000023CDDE0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {47679be0-2337-41b1-9bbd-d74cabfc5f77}
 
Error: (02/12/2015 09:48:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a20,(null),0,REG_BINARY,000000000AD8E2A0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {20452891-3484-4c13-ac51-1d405e726f5b}
 
Error: (02/12/2015 09:48:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000518,(null),0,REG_BINARY,0000000002E3E1A0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d4fb0f2f-9180-4cf5-ba26-a2713aeec409}
 
Error: (02/12/2015 09:48:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000814,(null),0,REG_BINARY,00000000023CDDE0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {47679be0-2337-41b1-9bbd-d74cabfc5f77}
 
Error: (02/12/2015 09:48:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001d8,(null),0,REG_BINARY,000000000275E7C0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {606c9fcc-9711-4d17-a32a-c779dcd654a1}
 
Error: (02/12/2015 09:48:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a20,(null),0,REG_BINARY,000000000AD8E2A0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {20452891-3484-4c13-ac51-1d405e726f5b}
 
Error: (02/12/2015 09:48:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000214,(null),0,REG_BINARY,00000000026AE890.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {575c460e-00eb-47a9-8490-dd4d21fe0e3d}
 
 
System errors:
=============
Error: (02/12/2015 10:24:46 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.
 
Error: (02/12/2015 09:04:53 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (02/12/2015 03:14:14 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Visual C++ 2012 Update 4 Redistributable Package (KB3032622).
 
Error: (02/10/2015 05:16:47 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
 
Error: (02/10/2015 05:00:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ccnfd_1_10_0_5
 
Error: (02/10/2015 04:49:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ccnfd_1_10_0_5
 
Error: (02/10/2015 04:41:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ccnfd_1_10_0_5
 
Error: (02/10/2015 04:40:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (02/08/2015 05:32:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ccnfd_1_10_0_5
 
Error: (02/08/2015 05:31:50 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:29:44 AM on ‎2/‎8/‎2015 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (02/12/2015 10:38:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/12/2015 10:25:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/12/2015 09:48:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001c8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000252EEE0.72)0x80070005, Access is denied.
 
Error: (02/12/2015 09:48:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000814,(null),0,REG_BINARY,00000000023CDDE0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {47679be0-2337-41b1-9bbd-d74cabfc5f77}
 
Error: (02/12/2015 09:48:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000a20,(null),0,REG_BINARY,000000000AD8E2A0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {20452891-3484-4c13-ac51-1d405e726f5b}
 
Error: (02/12/2015 09:48:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000518,(null),0,REG_BINARY,0000000002E3E1A0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d4fb0f2f-9180-4cf5-ba26-a2713aeec409}
 
Error: (02/12/2015 09:48:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000814,(null),0,REG_BINARY,00000000023CDDE0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {47679be0-2337-41b1-9bbd-d74cabfc5f77}
 
Error: (02/12/2015 09:48:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001d8,(null),0,REG_BINARY,000000000275E7C0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {606c9fcc-9711-4d17-a32a-c779dcd654a1}
 
Error: (02/12/2015 09:48:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000a20,(null),0,REG_BINARY,000000000AD8E2A0.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {20452891-3484-4c13-ac51-1d405e726f5b}
 
Error: (02/12/2015 09:48:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000214,(null),0,REG_BINARY,00000000026AE890.72)0x80070005, Access is denied.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {575c460e-00eb-47a9-8490-dd4d21fe0e3d}


#4 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 PM

Posted 12 February 2015 - 02:19 PM

Hi,

I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

:hello:

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 PM

Posted 12 February 2015 - 03:08 PM

Hi kamrokid,
 
Ensure your external and/or USB drives are inserted during always the scan
 
Step 1:
 
Frst Fix:

Please download this attached txt.gif  fixlist.txt   1.95KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 
ZHPcleaner information: here

icon_zps423a0d9f.jpgPlease download ZHPcleaner (by NicolasCoolman) to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 3:
 
If needed: -->   Chrome: Backup Chrome Bookmarks
Chrome reset: --> Chrome: Chrome - Reset browser settings

 

Have a nice day.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 kamrokid

kamrokid
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 12 February 2015 - 03:32 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by Dana at 2015-02-12 13:08:43 Run:1
Running from C:\Users\Dana\Downloads
Loaded Profiles: Dana (Available profiles: Dana)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
 
CloseProcesses:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1787781365-2625283767-1572880008-1000 -> {D9E92EC3-4092-4DCF-845D-934D5C9D88F8} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} ->  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_ggbc_14_52_ch&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CyCtCtAyBtA0BtD0F0DzztN0D0Tzu0StCtDzytDtN1L2XzutAtFyCtFtCyDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCtA0DyDtC0EyB0CtGyCyDzytAtGtAyB0DtCtG0EyE0FtDtGyCyCzztDtB0ByB0AzyyDzzyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzyyB0ByByD0CyDtGzzyC0CzztGyE0AtCtCtGzztAtCtDtGyCtBtAzz0FyE0E0Dzy0C0CyC2Q&cr=1575489697&ir=", "https://www.google.ca/", "https://www.google.com/?trackid=sp-006", "https://www.google.com/?trackid=sp-006"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
S3 sjcst; \??\C:\AeriaGames\EdenEternal\avital\sjcsu64.sys 
S3 VGPU; System32\drivers\rdvgkmd.sys
2015-02-07 12:55 - 2015-02-07 12:55 - 01839107 _____ () C:\Users\Dana\Downloads\amarectv231_en (1).zip
C:\Users\Dana\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Dana\AppData\Local\Temp\Quarantine.exe
C:\Users\Dana\AppData\Local\Temp\sqlite3.dll
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
*****************
 
Processes closed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1787781365-2625283767-1572880008-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D9E92EC3-4092-4DCF-845D-934D5C9D88F8}" => Key deleted successfully.
HKCR\CLSID\{D9E92EC3-4092-4DCF-845D-934D5C9D88F8} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
sjcst => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Dana\Downloads\amarectv231_en (1).zip => Moved successfully.
C:\Users\Dana\AppData\Local\Temp\AutoDetectUtilApp.exe => Moved successfully.
C:\Users\Dana\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Dana\AppData\Local\Temp\sqlite3.dll => Moved successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 454.2 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 13:08:50 ====
 
 
 

 
 
~ ZHPCleaner v2015.2.12.64 by Nicolas Coolman (12/02/2015)
~ Run by Dana (Administrator)  (12/02/2015 13:26:33)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Dana\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Dana\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Windows 7, 64-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (0)
~ No malicious items found.
 
 
---\\  Browser internet (0)
~ No malicious items found.
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (21)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious items found.
 
 
---\\  Explorer ( File, Folder) (6)
MOVED file*: C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_positivefinds-a.akamaihd.net_0.localstorage (PUP.AkamaiHD)
MOVED file*: C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_positivefinds-a.akamaihd.net_0.localstorage-journal (PUP.AkamaiHD)
MOVED file*: C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage (PUP.SpecialSavings)
MOVED file*: C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal (PUP.SpecialSavings)
MOVED file*: C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage (PUP.SpecialSavings)
MOVED file*: C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal (PUP.SpecialSavings)
 
 
---\\  Registry ( Key, Value, Data) (0)
~ No malicious items found.
 
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 58443
~ Items found : 0
~ Items repaired : 6
 
 
End of clean at 13:30:04
===================
ZHPCleaner-[R]-12022015-13_20_02.txt
ZHPCleaner-[R]-12022015-13_30_04.txt
ZHPCleaner-[S]-12022015-13_26_10.txt
 


#7 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 PM

Posted 12 February 2015 - 03:44 PM

Thanks kamrokid,

 

Step1:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step2:

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step3:

 

Please be sure to run our tools with administrator rights.

 

ComboFix run:

 

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 kamrokid

kamrokid
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 12 February 2015 - 04:16 PM

# AdwCleaner v4.110 - Logfile created 10/02/2015 at 16:47:56
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Dana - DANA-PC
# Running from : C:\Users\Dana\Downloads\adwcleaner_4.110.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Optimizer Pro 3.16
Folder Deleted : C:\Users\Dana\AppData\Roaming\OpenCandy
File Deleted : C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Dana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\PositiveFinds
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [2407 bytes] - [26/12/2014 19:49:55]
AdwCleaner[R1].txt - [1789 bytes] - [10/02/2015 16:45:49]
AdwCleaner[S0].txt - [2264 bytes] - [26/12/2014 19:51:45]
AdwCleaner[S1].txt - [1734 bytes] - [10/02/2015 16:47:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1793  bytes] ##########
 
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by Dana on 12/02/2015 at 13:55:38.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Dana\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Dana\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/02/2015 at 14:00:43.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
 
 
ComboFix 15-02-09.01 - Dana 12/02/2015  14:03:26.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16283.13754 [GMT -8:00]
Running from: c:\users\Dana\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-12 to 2015-02-12  )))))))))))))))))))))))))))))))
.
.
2015-02-12 22:09 . 2015-02-12 22:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-12 22:04 . 2015-02-12 22:04 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{078789A3-D86D-4719-B6DC-B7284DAF1A09}\offreg.dll
2015-02-12 21:15 . 2015-02-12 21:30 -------- d-----w- c:\users\Dana\AppData\Roaming\ZHP
2015-02-12 19:00 . 2015-02-12 21:08 -------- d-----w- C:\FRST
2015-02-12 18:26 . 2015-02-12 21:54 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-12 18:24 . 2015-02-12 18:24 43664 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2015-02-12 17:25 . 2015-02-12 17:25 -------- d-----w- c:\program files\HitmanPro
2015-02-12 17:24 . 2015-02-12 17:48 -------- d-----w- c:\programdata\HitmanPro
2015-02-12 17:22 . 2015-02-12 17:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-12 17:22 . 2014-11-21 14:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-12 17:22 . 2014-11-21 14:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-12 17:22 . 2014-11-21 14:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-12 17:19 . 2015-02-12 17:19 -------- d-----w- c:\users\Dana\AppData\Local\VS Revo Group
2015-02-12 17:19 . 2015-02-12 17:19 -------- d-----w- c:\programdata\VS Revo Group
2015-02-12 17:19 . 2009-12-30 18:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2015-02-12 17:19 . 2015-02-12 17:19 -------- d-----w- c:\program files\VS Revo Group
2015-02-12 11:45 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-12 11:45 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-12 11:45 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 11:45 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-11 15:05 . 2014-12-12 05:31 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-11 00:58 . 2015-02-11 00:58 -------- d-----w- c:\programdata\Malwarebytes
2015-02-10 18:25 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{078789A3-D86D-4719-B6DC-B7284DAF1A09}\mpengine.dll
2015-02-07 16:38 . 2015-02-07 16:39 -------- d-----w- c:\program files (x86)\Blackmagic Design
2015-02-05 21:35 . 2015-02-05 21:35 -------- d-----w- c:\users\Dana\AppData\Roaming\.Blackmagic_Design
2015-02-05 21:27 . 2015-02-07 16:39 -------- d-----w- c:\windows\SysWow64\QuickTime
2015-02-05 21:26 . 2015-01-22 23:47 123973632 ------w- c:\users\Dana\DesktopVideo_10.3.5.msi
2015-02-03 00:54 . 2015-02-03 00:54 -------- d-----w- c:\users\Dana\AppData\Roaming\Applied Acoustics Systems
2015-02-03 00:53 . 2015-02-03 00:53 -------- d-----w- c:\users\Dana\AppData\Roaming\SynthMaker
2015-02-03 00:52 . 2015-02-03 00:52 -------- d-----w- c:\users\Dana\AppData\Roaming\Acoustica
2015-02-03 00:52 . 2015-02-03 00:52 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2015-02-03 00:51 . 2015-02-03 00:51 -------- d-----w- c:\program files (x86)\VST
2015-02-03 00:51 . 2015-02-03 00:51 -------- d-----w- c:\programdata\Acoustica
2015-02-02 17:20 . 2015-02-10 03:56 -------- d-----w- c:\users\Dana\AppData\Roaming\OBS
2015-02-02 17:20 . 2015-02-06 00:35 -------- d-----w- c:\program files\OBS
2015-02-02 17:20 . 2015-02-02 17:20 -------- d-----w- c:\program files (x86)\OBS
2015-02-02 17:09 . 2014-05-30 02:33 36363264 ------w- c:\users\Dana\prime95.exe
2015-01-30 07:40 . 2015-01-30 07:40 -------- d-----w- c:\users\Dana\AppData\Local\Skype
2015-01-30 07:40 . 2015-02-05 22:45 -------- d-----w- c:\users\Dana\AppData\Roaming\Skype
2015-01-30 07:40 . 2015-01-30 07:40 -------- d-----r- c:\program files (x86)\Skype
2015-01-30 07:40 . 2015-01-30 07:40 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-01-30 07:40 . 2015-01-30 07:40 -------- d-----w- c:\programdata\Skype
2015-01-20 11:00 . 2015-01-20 11:00 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2015-01-20 00:35 . 2015-01-20 00:35 -------- d-----w- c:\users\Dana\AppData\Local\Logitech® Webcam Software
2015-01-20 00:33 . 2015-01-20 00:33 -------- d-----w- c:\programdata\LogiShrd
2015-01-20 00:26 . 2015-01-20 00:26 -------- d-----w- c:\users\Dana\AppData\Roaming\Leadertech
2015-01-20 00:26 . 2015-01-20 00:26 53248 ----a-r- c:\users\Dana\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2015-01-20 00:26 . 2015-01-20 00:26 -------- d-----w- c:\programdata\Logitech
2015-01-20 00:26 . 2015-01-20 00:26 -------- d-----w- c:\program files (x86)\Common Files\LWS
2015-01-20 00:25 . 2015-01-20 00:26 -------- d-----w- c:\program files (x86)\Logitech
2015-01-20 00:23 . 2015-01-20 00:27 -------- d-----w- c:\program files (x86)\Common Files\logishrd
2015-01-20 00:22 . 2015-01-20 00:26 -------- d-----w- c:\program files\Common Files\logishrd
2015-01-14 11:23 . 2015-01-14 11:23 -------- d-----w- C:\found.001
2015-01-14 07:10 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-14 07:10 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-14 07:10 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-14 07:10 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-14 07:10 . 2014-12-11 17:47 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-14 07:10 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-12 11:01 . 2014-12-02 02:22 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-07 23:31 . 2014-12-02 03:11 6656 ----a-w- c:\windows\system32\lpcio.dll
2015-01-06 12:36 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-16 16:50 . 2009-08-18 20:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2014-12-16 16:50 . 2009-08-18 19:24 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-12-04 19:52 . 2014-12-04 19:52 18432 ----a-w- c:\windows\system32\drivers\deckaud.sys
2014-12-04 19:51 . 2014-12-04 19:51 56320 ----a-w- c:\windows\system32\drivers\deckavs.sys
2014-12-04 19:51 . 2014-12-04 19:51 189952 ----a-w- c:\windows\system32\drivers\BlackmagicUsbIO.sys
2014-12-02 04:32 . 2014-12-02 04:32 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-12-02 04:32 . 2014-12-02 04:32 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-12-02 04:32 . 2014-12-02 04:32 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-12-02 04:32 . 2014-12-02 04:32 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-12-02 04:32 . 2014-12-02 04:32 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-12-02 04:32 . 2014-12-02 04:32 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-12-02 04:32 . 2014-12-02 04:32 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-12-02 04:32 . 2014-12-02 04:32 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-12-02 04:32 . 2014-12-02 04:32 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-12-02 04:32 . 2014-12-02 04:32 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-12-02 04:32 . 2014-12-02 04:32 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-12-02 04:32 . 2014-12-02 04:32 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-12-02 04:32 . 2014-12-02 04:32 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-12-02 04:32 . 2014-12-02 04:32 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-12-02 04:32 . 2014-12-02 04:32 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-12-02 04:32 . 2014-12-02 04:32 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-12-02 04:32 . 2014-12-02 04:32 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-12-02 04:32 . 2014-12-02 04:32 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-12-02 04:32 . 2014-12-02 04:32 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-12-02 04:32 . 2014-12-02 04:32 81408 ----a-w- c:\windows\system32\icardie.dll
2014-12-02 04:32 . 2014-12-02 04:32 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-12-02 04:32 . 2014-12-02 04:32 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-12-02 04:32 . 2014-12-02 04:32 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-12-02 04:32 . 2014-12-02 04:32 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-12-02 04:32 . 2014-12-02 04:32 413696 ----a-w- c:\windows\system32\html.iec
2014-12-02 04:32 . 2014-12-02 04:32 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-12-02 04:32 . 2014-12-02 04:32 247808 ----a-w- c:\windows\system32\msls31.dll
2014-12-02 04:32 . 2014-12-02 04:32 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-12-02 04:32 . 2014-12-02 04:32 235520 ----a-w- c:\windows\system32\url.dll
2014-12-02 04:32 . 2014-12-02 04:32 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-12-02 04:32 . 2014-12-02 04:32 143872 ----a-w- c:\windows\system32\wextract.exe
2014-12-02 04:32 . 2014-12-02 04:32 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-12-02 04:32 . 2014-12-02 04:32 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-12-02 04:32 . 2014-12-02 04:32 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-12-02 04:32 . 2014-12-02 04:32 101376 ----a-w- c:\windows\system32\inseng.dll
2014-12-02 04:32 . 2014-12-02 04:32 774144 ----a-w- c:\windows\system32\jscript.dll
2014-12-02 04:32 . 2014-12-02 04:32 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-12-02 04:32 . 2014-12-02 04:32 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-12-02 04:32 . 2014-12-02 04:32 147968 ----a-w- c:\windows\system32\occache.dll
2014-12-02 04:32 . 2014-12-02 04:32 13824 ----a-w- c:\windows\system32\mshta.exe
2014-12-02 04:32 . 2014-12-02 04:32 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-12-02 02:38 . 2014-12-02 02:37 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-02 02:37 . 2014-12-02 02:37 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-12-02 02:37 . 2014-12-02 02:37 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-02 02:37 . 2014-12-02 02:37 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-12-02 02:37 . 2014-12-02 02:37 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-02 02:37 . 2014-12-02 02:37 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-02 02:37 . 2014-12-02 02:37 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-12-02 02:37 . 2014-12-02 02:37 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-12-02 02:37 . 2014-12-02 02:37 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-02 02:37 . 2014-12-02 02:37 43152 ----a-w- c:\windows\avastSS.scr
2014-11-21 05:36 . 2014-11-21 05:36 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-11-21 05:35 . 2014-11-21 05:35 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-11-21 02:44 . 2014-11-21 02:44 128384 ----a-w- c:\windows\system32\amdhcp64.dll
2014-11-21 02:44 . 2014-11-21 02:44 118096 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2014-11-21 02:44 . 2014-11-21 02:44 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-11-21 02:44 . 2014-11-21 02:44 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-11-21 02:44 . 2014-11-21 02:44 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-11-21 02:44 . 2014-11-21 02:44 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-11-21 02:44 . 2014-09-15 22:31 144328 ----a-w- c:\windows\system32\atiuxp64.dll
2014-11-21 02:44 . 2014-09-15 22:31 126848 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-11-21 02:44 . 2014-11-21 02:44 118096 ----a-w- c:\windows\system32\atiu9p64.dll
2014-11-21 02:44 . 2014-11-21 02:44 100032 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-11-21 02:44 . 2014-09-15 22:31 1348928 ----a-w- c:\windows\system32\aticfx64.dll
2014-11-21 02:44 . 2014-09-15 22:31 1127496 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-11-21 02:44 . 2014-09-15 22:31 11076784 ----a-w- c:\windows\system32\atidxx64.dll
2014-11-21 02:44 . 2014-09-15 22:31 9401480 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-11-21 02:43 . 2014-11-21 02:43 7558816 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-11-21 02:43 . 2014-11-21 02:43 7077776 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-11-21 02:43 . 2014-11-21 02:43 8379720 ----a-w- c:\windows\system32\atiumd6a.dll
2014-11-21 02:43 . 2014-11-21 02:43 8369408 ----a-w- c:\windows\system32\atiumd64.dll
2014-11-21 02:41 . 2014-11-21 02:41 294600 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-11-21 02:40 . 2014-11-21 02:40 18959360 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-11-21 02:33 . 2014-11-21 02:33 235008 ----a-w- c:\windows\system32\clinfo.exe
2014-11-21 02:33 . 2014-11-21 02:33 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-11-21 02:33 . 2014-11-21 02:33 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-11-21 02:33 . 2014-11-21 02:33 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-11-21 02:33 . 2014-11-21 02:33 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-11-21 02:33 . 2014-11-21 02:33 47899136 ----a-w- c:\windows\system32\amdocl64.dll
2014-11-21 02:32 . 2014-11-21 02:32 40987136 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-11-21 02:31 . 2014-11-21 02:31 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-11-21 02:31 . 2014-11-21 02:31 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-11-21 02:24 . 2014-11-21 02:24 28354560 ----a-w- c:\windows\system32\atio6axx.dll
2014-11-21 02:19 . 2014-11-21 02:19 23621632 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-11-21 02:19 . 2014-11-21 02:19 49664 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-11-21 02:19 . 2014-11-21 02:19 38912 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-11-21 02:18 . 2014-11-21 02:18 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-11-21 02:18 . 2014-11-21 02:18 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-11-21 02:18 . 2014-11-21 02:18 5837312 ----a-w- c:\windows\system32\amdmantle64.dll
2014-11-21 02:17 . 2014-11-21 02:17 367104 ----a-w- c:\windows\system32\atiapfxx.exe
2014-11-21 02:17 . 2014-11-21 02:17 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-11-21 02:17 . 2014-11-21 02:17 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-27 5227112]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-21 767176]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dvhlp;Desktop Video Helper Service;c:\program files (x86)\Blackmagic Design\Blackmagic Desktop Video\DesktopVideoHelper.exe;c:\program files (x86)\Blackmagic Design\Blackmagic Desktop Video\DesktopVideoHelper.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiaga.sys;c:\windows\SYSNATIVE\drivers\bxdiaga.sys [x]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x64.sys;c:\windows\SYSNATIVE\drivers\Xeno7x64.sys [x]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys;c:\windows\SYSNATIVE\drivers\bxfcoe.sys [x]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys;c:\windows\SYSNATIVE\drivers\bxois.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys;c:\windows\SYSNATIVE\Drivers\EtronSTOR.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 BlackmagicUsbIO;Blackmagic USB IO Driver;c:\windows\system32\DRIVERS\BlackmagicUsbIO.sys;c:\windows\SYSNATIVE\DRIVERS\BlackmagicUsbIO.sys [x]
S3 BMDDeckLinkAudio;BMDDeckLinkAudio;c:\windows\system32\DRIVERS\deckaud.sys;c:\windows\SYSNATIVE\DRIVERS\deckaud.sys [x]
S3 deckavs;Blackmagic DeckLink WDM Streaming;c:\windows\system32\DRIVERS\deckavs.sys;c:\windows\SYSNATIVE\DRIVERS\deckavs.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-05 23:31 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-02 00:25]
.
2015-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-02 00:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-02 02:37 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Blackmagic Streaming Server"="c:\program files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDStreamingServer.exe" [2014-12-04 1035776]
"Blackmagic CheckVersion PCI"="c:\program files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersionPCI.exe" [2014-12-04 54080840]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.1.254 75.153.176.9
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Dana\AppData\Local\Akamai\netsession_win.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Winamp Packages - c:\users\Dana\AppData\Roaming\1H1Q1V1N1N1S1R\Winamp Packages\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-12  14:11:31
ComboFix-quarantined-files.txt  2015-02-12 22:11
.
Pre-Run: 399,244,570,624 bytes free
Post-Run: 399,079,018,496 bytes free
.
- - End Of File - - 764B9A6C8936ABF339AD6EBACDA71A81
A36C5E4F47E84449FF07ED3517B43A31
 


#9 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 PM

Posted 12 February 2015 - 04:40 PM

Step 1:

 

Malwarebytes Anti-Rootkit scan:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.07.0.1009.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

Step 2:

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 kamrokid

kamrokid
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 12 February 2015 - 05:23 PM

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dana [Administrator]
Mode : Scan -- Date : 02/12/2015  15:22:35
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 20 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1787781365-2625283767-1572880008-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1787781365-2625283767-1572880008-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 75.153.176.9 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 75.153.176.9 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 75.153.176.9 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{72AE0939-44F8-4083-8ECF-025F7ADC2620} | DhcpNameServer : 192.168.1.254 75.153.176.9 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{72AE0939-44F8-4083-8ECF-025F7ADC2620} | DhcpNameServer : 192.168.1.254 75.153.176.9 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{72AE0939-44F8-4083-8ECF-025F7ADC2620} | DhcpNameServer : 192.168.1.254 75.153.176.9 [UNITED STATES (US)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++
--- User ---
[MBR] dc1a78707ad14a435cf229e25e8735f5
[BSP] 2ba1e1714bf990bd8f414ba2baa41b1b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ACER Hard Drive USB Device +++++
--- User ---
[MBR] 09d37dd2d3c99d8c7c1df76358c8f892
[BSP] 8b7bb72ca9ef8d16194a35329b309c70 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_SCN_02122015_150310.log

Attached Files



#11 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 PM

Posted 13 February 2015 - 03:05 PM

Hi kamrokid,

 

Step 1:

 

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 kamrokid

kamrokid
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 14 February 2015 - 12:38 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 13/02/2015
Scan Time: 1:40:16 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.13.07
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dana
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340417
Time Elapsed: 7 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
C:\Users\Dana\Downloads\ccsetup502.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Dana\Downloads\CrystalDiskInfo5_6_2Shizuku-en.exe Win32/OpenCandy potentially unsafe application
C:\Users\Dana\Downloads\spsetup128.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows.old\Documents and Settings\Dana\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe Win32/Wajam.K potentially unwanted application
C:\Windows.old\Documents and Settings\Dana\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe Win32/Conduit.SearchProtect.Q potentially unwanted application
C:\Windows.old\Documents and Settings\Dana\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe Win32/Wajam.K potentially unwanted application
C:\Windows.old\Documents and Settings\Dana\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe Win32/Conduit.SearchProtect.Q potentially unwanted application
C:\Windows.old\Documents and Settings\Dana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe Win32/Wajam.K potentially unwanted application
C:\Windows.old\Documents and Settings\Dana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe Win32/Conduit.SearchProtect.Q potentially unwanted application
C:\Windows.old\Documents and Settings\Dana\AppData\Local\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe Win32/Wajam.K potentially unwanted application
C:\Windows.old\Documents and Settings\Dana\AppData\Local\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe Win32/Conduit.SearchProtect.Q potentially unwanted application
C:\Windows.old\Documents and Settings\Dana\Downloads\WinRAR_TSV38HDLO.exe Win32/Toolbar.Conduit.AE potentially unwanted application
C:\Windows.old\Documents and Settings\Dana\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe Win32/Wajam.K potentially unwanted application
C:\Windows.old\Documents and Settings\Dana\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe Win32/Conduit.SearchProtect.Q potentially unwanted application
C:\Windows.old\Documents and Settings\Dana\Local Settings\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe Win32/Wajam.K potentially unwanted application
C:\Windows.old\Documents and Settings\Dana\Local Settings\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe Win32/Conduit.SearchProtect.Q potentially unwanted application
C:\Windows.old\Program Files\Common Files\Microsoft\ART\Backup\Google Chrome\Default\Cache\f_0006f8 Win32/InstalleRex.M potentially unwanted application
C:\Windows.old\Program Files\Common Files\Microsoft\ART\Backup\Google Chrome\Default\File System\001\t\00\00000000 Win32/InstalleRex.M potentially unwanted application
C:\Windows.old\Program Files (x86)\Wajam\uninstall.exe Win32/Wajam.K potentially unwanted application
C:\Windows.old\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe a variant of MSIL/Wajam.A potentially unwanted application
C:\Windows.old\Users\Dana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe Win32/Wajam.K potentially unwanted application
C:\Windows.old\Users\Dana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe Win32/Conduit.SearchProtect.Q potentially unwanted application
C:\Windows.old\Users\Dana\AppData\Local\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe Win32/Wajam.K potentially unwanted application
C:\Windows.old\Users\Dana\AppData\Local\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe Win32/Conduit.SearchProtect.Q potentially unwanted application
C:\Windows.old\Users\Dana\Downloads\WinRAR_TSV38HDLO.exe Win32/Toolbar.Conduit.AE potentially unwanted application
C:\Windows.old\Users\Dana\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe Win32/Wajam.K potentially unwanted application
C:\Windows.old\Users\Dana\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe Win32/Conduit.SearchProtect.Q potentially unwanted application
C:\Windows.old\Users\Dana\Local Settings\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe Win32/Wajam.K potentially unwanted application
C:\Windows.old\Users\Dana\Local Settings\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe Win32/Conduit.SearchProtect.Q potentially unwanted application
E:\Torrents\Sony Vegas Pro 9.0 64-bit +Keygen+patch (as usual) [ContagiuosSF]\Keygen\Keygen.exe a variant of Win32/Keygen.AR potentially unsafe application
E:\Cave Story\Cave Story+.exe Win32/HackTool.Crack.B potentially unsafe application
 

 


Edited by kamrokid, 14 February 2015 - 04:51 AM.


#13 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 PM

Posted 14 February 2015 - 05:04 PM

Hi kamrokid,
 

 

E:\Torrents\Sony Vegas Pro 9.0 64-bit +Keygen+patch (as usual) [ContagiuosSF]\Keygen\Keygen.exe a variant of Win32/Keygen.AR potentially unsafe application
E:\Cave Story\Cave Story+.exe Win32/HackTool.Crack.B potentially unsafe application

 

This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, we ask that you uninstall any such applications, as indicated in this sticky topic.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

--------------------------------------------------------------------------------------------

Please do the following.

 

 

Please do a Right click on the Fix.bat icon and select Run as Administrator)

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\Dana\Downloads\CrystalDiskInfo5_6_2Shizuku-en.exe"
"C:\Users\Dana\Downloads\spsetup128.exe"
"C:\Windows.old\Documents and Settings\Dana\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe"
"C:\Windows.old\Documents and Settings\Dana\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe"
"C:\Windows.old\Documents and Settings\Dana\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe"
"C:\Windows.old\Documents and Settings\Dana\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe"
"C:\Windows.old\Documents and Settings\Dana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe"
"C:\Windows.old\Documents and Settings\Dana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe"
"C:\Windows.old\Documents and Settings\Dana\AppData\Local\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe"
"C:\Windows.old\Documents and Settings\Dana\AppData\Local\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe"
"C:\Windows.old\Documents and Settings\Dana\Downloads\WinRAR_TSV38HDLO.exe"
"C:\Windows.old\Documents and Settings\Dana\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe"
"C:\Windows.old\Documents and Settings\Dana\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe"
"C:\Windows.old\Documents and Settings\Dana\Local Settings\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe"
"C:\Windows.old\Documents and Settings\Dana\Local Settings\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe"
"C:\Windows.old\Program Files\Common Files\Microsoft\ART\Backup\Google Chrome\Default\Cache\f_0006f8"
"C:\Windows.old\Program Files\Common Files\Microsoft\ART\Backup\Google Chrome\Default\File System\001\t\00\00000000"
"C:\Windows.old\Program Files (x86)\Wajam\uninstall.exe"
"C:\Windows.old\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe"
"C:\Windows.old\Users\Dana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe"
"C:\Windows.old\Users\Dana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe"
"C:\Windows.old\Users\Dana\AppData\Local\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe"
"C:\Windows.old\Users\Dana\AppData\Local\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe"
"C:\Windows.old\Users\Dana\Downloads\WinRAR_TSV38HDLO.exe"
"C:\Windows.old\Users\Dana\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe"
"C:\Windows.old\Users\Dana\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe"
"C:\Windows.old\Users\Dana\Local Settings\Temporary Internet Files\Content.IE5\JW3W0VXQ\WIE_2.6.2[1].exe"
"C:\Windows.old\Users\Dana\Local Settings\Temporary Internet Files\Content.IE5\W4SV7IVY\SPSetup[1].exe"
"E:\Torrents\Sony Vegas Pro 9.0 64-bit +Keygen+patch (as usual) [ContagiuosSF]\Keygen\Keygen.exe"
"E:\Cave Story\Cave Story+.exe"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0

Save this Notepad file as fix.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this: Clipboard01command.gif

Double-click on fix.bat to run it.

Tell me what it says in your next reply. Press any key to continue.

-------------------------

Let me know when you get that done

      

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 kamrokid

kamrokid
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 14 February 2015 - 08:44 PM

It just said "Deleted successfully!" then removed itself. 



#15 olgun52

olgun52

  • Malware Response Team
  • 3,783 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 PM

Posted 15 February 2015 - 04:43 PM

How is it now browsers and the system ? Any issues ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users