Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with -wchelper.dll


  • This topic is locked This topic is locked
14 replies to this topic

#1 lasbrief

lasbrief

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 21 February 2015 - 07:03 AM

Good day

 

Please assist me regarding the following:

 

In my c:>Users>*username*>AppData>Roaming folder is a wchelper.dll file that my Avira antivirus keeps finding. I've tried to quarantine, delete etc. but it still continues to reappear. I have also tried AdwCleaner and Junkware Removal Tool, but they don't seem to be detecting that file.

 

 

Following is the requesting information from Farbar Recovery Scan Tool:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Warren (administrator) on WARREN on 21-02-2015 13:49:41
Running from C:\Users\Warren\Desktop
Loaded Profiles: Warren (Available profiles: Warren)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Windows\SysWOW64\UMonit64.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(OSD Application) C:\Program Files (x86)\ASUS Gaming Mouse\OSD.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\Tray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3276040 2014-05-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-16] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-628702464-1964586822-241242471-1001\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-628702464-1964586822-241242471-1001\...\Run: [Java Update] => C:\Users\Warren\AppData\Roaming\install\JavaUpdate.exe [13030912 2015-02-13] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-628702464-1964586822-241242471-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-628702464-1964586822-241242471-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 213.154.64.13 213.154.95.126

FireFox:
========
FF ProfilePath: C:\Users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\ptwkv665.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Extension: Avira Browser Safety - C:\Users\Warren\AppData\Roaming\Mozilla\Firefox\Profiles\ptwkv665.default\Extensions\abs@avira.com [2015-02-09]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [102152 2014-05-09] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-01-27] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-05-09] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel® Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-30] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 ThunderboltService; C:\Program Files\Intel\Thunderbolt Software\tbtsvc.exe [1179944 2014-05-13] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-30] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [19768 2013-07-03] (ASUSTek Computer Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-16] (Disc Soft Ltd)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [107208 2014-01-17] (GenesysLogic)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [192456 2014-05-09] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2014-08-04] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-18] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2015-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 PXGX112; C:\Windows\system32\drivers\PXGX112.sys [23552 2011-07-29] ( )
S3 SaiK1708; C:\Windows\system32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek)
S3 SaiU1708; C:\Windows\System32\drivers\SaiU1708.sys [47168 2012-09-20] (Saitek)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 13:49 - 2015-02-21 13:49 - 00014891 _____ () C:\Users\Warren\Desktop\FRST.txt
2015-02-21 13:49 - 2015-02-21 13:49 - 00000000 ____D () C:\FRST
2015-02-21 13:43 - 2015-02-21 13:46 - 02086912 _____ (Farbar) C:\Users\Warren\Desktop\FRST64.exe
2015-02-21 13:17 - 2015-02-21 13:38 - 05611903 _____ (Swearware) C:\Users\Warren\Desktop\ComboFix.exe
2015-02-21 13:16 - 2015-02-21 13:16 - 00000619 _____ () C:\Users\Warren\Desktop\JRT.txt
2015-02-21 13:06 - 2015-02-21 13:12 - 01388274 _____ (Thisisu) C:\Users\Warren\Desktop\JRT.exe
2015-02-21 12:54 - 2015-02-21 12:56 - 00000000 ____D () C:\AdwCleaner
2015-02-21 12:54 - 2015-02-21 12:54 - 00154283 ____H () C:\Users\Warren\AppData\Roaming\Warren-wchelper.dll
2015-02-21 12:45 - 2015-02-21 12:49 - 02126848 _____ () C:\Users\Warren\Desktop\adwcleaner_4.111.exe
2015-02-19 13:28 - 2015-02-19 13:28 - 00000000 ____D () C:\Users\Warren\AppData\Local\Steam
2015-02-14 01:47 - 2015-02-14 01:47 - 00000000 _RSHD () C:\Users\Warren\AppData\Roaming\install
2015-02-12 12:36 - 2015-01-23 06:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 12:36 - 2015-01-23 05:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 11:26 - 2015-01-16 00:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 11:26 - 2015-01-16 00:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 11:26 - 2015-01-14 06:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 11:26 - 2015-01-14 05:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 11:26 - 2014-10-29 04:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 11:26 - 2014-10-29 04:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 11:26 - 2014-10-29 04:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 11:26 - 2014-10-29 04:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 11:26 - 2014-10-29 03:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 11:25 - 2015-01-19 20:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 11:25 - 2015-01-14 00:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 11:25 - 2015-01-14 00:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 11:25 - 2015-01-12 05:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 11:25 - 2015-01-12 04:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 11:25 - 2015-01-12 04:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 11:25 - 2015-01-12 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 11:25 - 2015-01-12 04:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 11:25 - 2015-01-12 04:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 11:25 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 11:25 - 2015-01-12 04:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 11:25 - 2015-01-12 04:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 11:25 - 2015-01-12 04:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 11:25 - 2015-01-12 04:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 11:25 - 2015-01-12 03:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 11:25 - 2015-01-12 03:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 11:25 - 2015-01-12 03:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 11:25 - 2015-01-12 03:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 11:25 - 2015-01-12 03:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 11:25 - 2015-01-12 03:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 11:25 - 2015-01-12 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 11:25 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 11:25 - 2015-01-12 03:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 11:25 - 2015-01-12 03:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 11:25 - 2015-01-12 03:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 11:25 - 2015-01-12 03:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 11:25 - 2015-01-12 03:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 11:25 - 2015-01-12 03:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 11:25 - 2015-01-12 03:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 11:25 - 2015-01-12 03:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 11:25 - 2015-01-12 03:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 11:25 - 2015-01-12 03:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 11:25 - 2015-01-12 03:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 11:25 - 2015-01-12 03:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 11:25 - 2015-01-12 03:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 11:25 - 2015-01-12 02:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 11:25 - 2015-01-12 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 11:25 - 2015-01-10 11:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 11:25 - 2015-01-10 11:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 11:25 - 2015-01-10 10:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 11:25 - 2015-01-10 10:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 11:25 - 2015-01-10 09:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 11:25 - 2015-01-10 08:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 11:25 - 2014-12-19 10:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 11:25 - 2014-12-19 10:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 11:25 - 2014-12-09 05:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 11:25 - 2014-12-09 03:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 11:25 - 2014-12-09 01:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 11:25 - 2014-10-29 04:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 11:25 - 2014-10-29 04:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 11:25 - 2014-10-29 03:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 11:25 - 2014-10-29 03:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 11:25 - 2014-10-29 03:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 11:25 - 2014-10-29 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 11:25 - 2014-10-29 03:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 11:25 - 2014-10-29 03:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-10 09:02 - 2014-11-10 04:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2015-02-10 09:02 - 2014-11-10 03:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2015-02-10 08:54 - 2014-10-31 00:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-02-10 08:54 - 2014-10-31 00:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-02-09 14:08 - 2015-02-09 14:08 - 00000000 ____D () C:\ProgramData\Orbit
2015-02-09 13:27 - 2015-02-09 13:27 - 00000000 ____H () C:\Users\Warren\Documents\Default.rdp
2015-02-09 13:20 - 2015-02-09 13:20 - 00000000 ____D () C:\Users\Warren\AppData\Roaming\Avira
2015-02-09 13:18 - 2015-02-09 13:15 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-02-09 13:14 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-02-09 13:14 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-02-09 13:14 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-02-09 13:00 - 2015-02-09 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-09 13:00 - 2015-02-09 13:14 - 00000000 ____D () C:\ProgramData\Avira
2015-02-09 13:00 - 2015-02-09 13:14 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-09 13:00 - 2015-02-09 13:00 - 00001151 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-02-09 12:59 - 2015-02-09 13:00 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Warren\Downloads\avira_en_av___ws.exe
2015-02-06 20:49 - 2015-02-06 20:49 - 00414800 _____ () C:\Windows\Minidump\020615-19906-01.dmp
2015-02-04 17:35 - 2015-02-15 01:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-02-02 04:18 - 2015-02-02 04:18 - 00000000 ____D () C:\Users\Warren\AppData\Local\Eraser 6
2015-02-01 10:38 - 2015-02-01 10:38 - 03915081 _____ () C:\Users\Warren\Downloads\rcsetup151.zip
2015-02-01 10:35 - 2015-02-01 10:35 - 00001773 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
2015-02-01 10:35 - 2015-02-01 10:35 - 00001761 _____ () C:\Users\Public\Desktop\Eraser.lnk
2015-02-01 10:35 - 2015-02-01 10:35 - 00000000 ____D () C:\Program Files\Eraser
2015-02-01 10:34 - 2015-02-01 10:34 - 09110456 _____ (The Eraser Project) C:\Users\Warren\Downloads\Eraser 6.0.10.2620.exe
2015-01-31 12:55 - 2015-01-31 12:55 - 00077233 _____ () C:\Users\Warren\Downloads\[kickass.so]american.sniper.2014.dvdscr.x264.playnow.torrent
2015-01-28 19:16 - 2015-01-28 19:16 - 00000000 ____D () C:\ProgramData\Gaming Laptop
2015-01-27 17:32 - 2015-01-27 17:32 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-01-27 17:31 - 2015-01-27 17:31 - 00000000 ____D () C:\Users\Warren\AppData\Roaming\WildTangent
2015-01-27 00:23 - 2015-01-27 00:23 - 00014464 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys
2015-01-26 23:43 - 2015-01-26 23:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 00:04 - 2015-02-09 15:22 - 00000837 _____ () C:\Users\Warren\Desktop\visit www.nosteam.ro.lnk
2015-01-23 13:50 - 2015-01-10 00:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-23 13:49 - 2015-01-13 06:15 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-23 13:49 - 2015-01-13 06:15 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-23 13:49 - 2015-01-10 10:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 00833864 _____ () C:\Windows\system32\nvmcumd.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 00100496 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-01-23 13:49 - 2015-01-10 10:07 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-01-22 07:46 - 2015-01-22 07:46 - 00003180 _____ () C:\Windows\System32\Tasks\{AE3759E4-94EA-4299-B8EF-215E4604E5FE}
2015-01-22 07:45 - 2015-01-22 07:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SaiK1708_01009.Wdf
2015-01-22 07:42 - 2015-01-22 07:43 - 13229920 _____ (Mad catz ) C:\Users\Warren\Downloads\Range_RAT7_SD7_0_20_0_64Bit_Drivers.exe
2015-01-22 07:35 - 2014-11-22 12:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-22 07:35 - 2014-11-22 12:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-22 07:23 - 2015-01-22 07:23 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll
2015-01-22 07:22 - 2015-01-22 07:22 - 00001769 _____ () C:\Windows\Language_trs.ini
2015-01-22 07:21 - 2015-01-22 07:21 - 00003400 _____ () C:\Windows\System32\Tasks\ASUS Live Update1
2015-01-22 07:21 - 2015-01-22 07:21 - 00003390 _____ () C:\Windows\System32\Tasks\ASUS Live Update2
2015-01-22 07:21 - 2015-01-22 07:21 - 00000000 ____D () C:\Users\Warren\AppData\Roaming\InstallShield
2015-01-22 07:16 - 2015-01-22 07:16 - 00001956 _____ () C:\Users\Public\Desktop\ASUS Gaming Center.lnk
2015-01-22 07:08 - 2015-01-22 07:08 - 00003016 _____ () C:\Windows\System32\Tasks\UMonitor Task
2015-01-22 07:08 - 2014-01-17 15:43 - 00107208 _____ (GenesysLogic) C:\Windows\system32\Drivers\GeneStor.sys
2015-01-22 07:07 - 2014-02-26 11:13 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2015-01-22 07:07 - 2014-01-07 16:43 - 00000233 _____ () C:\Windows\system32\IconCfg0.ini
2015-01-22 07:07 - 2012-11-29 11:26 - 05623808 _____ (Genesys) C:\Windows\system32\GeneIcon.dll
2015-01-22 06:34 - 2015-02-12 13:19 - 00011264 ___SH () C:\Users\Warren\Downloads\Thumbs.db
2015-01-22 06:33 - 2015-01-22 06:36 - 119863942 _____ () C:\Users\Warren\Downloads\MEI_Intel_15M_Win81_64_VER9601038.zip
2015-01-22 06:33 - 2015-01-22 06:33 - 05016152 _____ () C:\Users\Warren\Downloads\ThunderBolt_Intel_G751JM_Win81_64_VER204250.zip
2015-01-22 06:33 - 2015-01-22 06:33 - 02130189 _____ () C:\Users\Warren\Downloads\IRST_Intel_Win81_64_VER13101058.zip
2015-01-22 06:33 - 2015-01-22 06:33 - 01424175 _____ () C:\Users\Warren\Downloads\CPPC_Intel_Win81_64_VER1001016.zip
2015-01-22 06:32 - 2015-01-22 06:32 - 11472296 _____ () C:\Users\Warren\Downloads\USBChargerPlus_Win81_64_VER401.zip
2015-01-22 06:32 - 2015-01-22 06:32 - 10303221 _____ () C:\Users\Warren\Downloads\LiveUpdate_Win81_64_VER329.zip
2015-01-22 06:32 - 2015-01-22 06:32 - 07075980 _____ () C:\Users\Warren\Downloads\Splendid_Win81_64_VER3020001.zip
2015-01-22 06:32 - 2015-01-22 06:32 - 05811211 _____ () C:\Users\Warren\Downloads\GamingCenter_Win81_64_VER102.zip
2015-01-22 06:32 - 2015-01-22 06:32 - 04139426 _____ () C:\Users\Warren\Downloads\ROG_Game_First_Win81_64_VER10016.zip
2015-01-22 06:32 - 2015-01-22 06:32 - 02773478 _____ () C:\Users\Warren\Downloads\ROG_Macrokey_Win81_64_VER10028.zip
2015-01-22 06:32 - 2015-01-22 06:32 - 00160580 _____ () C:\Users\Warren\Downloads\KBFilter_Win81_64_VER1005.zip
2015-01-22 06:31 - 2015-01-22 06:39 - 407226081 _____ () C:\Users\Warren\Downloads\VGA_nVidia_Win81_64_VER918134400.zip
2015-01-22 06:31 - 2015-01-22 06:34 - 129349752 _____ () C:\Users\Warren\Downloads\Audio_Realtek_Win81_64_VER6017335.zip
2015-01-22 06:31 - 2015-01-22 06:32 - 27237843 _____ () C:\Users\Warren\Downloads\Touchpad_Elantech_Win81_64_VER115139.zip
2015-01-22 06:31 - 2015-01-22 06:32 - 19959061 _____ () C:\Users\Warren\Downloads\CardReader_Genesys_Win81_64_VER4311.zip
2015-01-22 06:31 - 2015-01-22 06:31 - 06113241 _____ () C:\Users\Warren\Downloads\LAN_Realtek_Win81_64_VER803406172014.zip
2015-01-22 06:29 - 2015-01-22 06:30 - 13105628 _____ () C:\Users\Warren\Downloads\ATKPackage_Win81_64_VER100037.zip
2015-01-22 06:28 - 2015-01-22 07:17 - 00000000 ____D () C:\Users\Warren\Desktop\Driver Updates

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 13:09 - 2014-12-11 17:24 - 01960986 _____ () C:\Windows\WindowsUpdate.log
2015-02-21 13:03 - 2014-05-24 02:13 - 00802212 _____ () C:\Windows\system32\prfh0816.dat
2015-02-21 13:03 - 2014-05-24 02:13 - 00168052 _____ () C:\Windows\system32\prfc0816.dat
2015-02-21 13:03 - 2014-05-24 02:03 - 00813276 _____ () C:\Windows\system32\perfh00A.dat
2015-02-21 13:03 - 2014-05-24 02:03 - 00170436 _____ () C:\Windows\system32\perfc00A.dat
2015-02-21 13:03 - 2014-05-24 01:44 - 00728270 _____ () C:\Windows\system32\perfh01F.dat
2015-02-21 13:03 - 2014-05-24 01:44 - 00154184 _____ () C:\Windows\system32\perfc01F.dat
2015-02-21 13:03 - 2014-03-18 12:04 - 03647518 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-21 13:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-21 12:59 - 2015-01-16 18:36 - 00000000 __RDO () C:\Users\Warren\OneDrive
2015-02-21 12:57 - 2015-01-16 18:33 - 00000093 _____ () C:\Users\Warren\AppData\Roaming\sp_data.sys
2015-02-21 12:57 - 2014-12-11 17:29 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-21 12:57 - 2013-08-22 16:46 - 00039142 _____ () C:\Windows\setupact.log
2015-02-21 12:57 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-21 12:57 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-21 06:19 - 2015-01-17 04:39 - 00000000 ____D () C:\Users\Warren\AppData\Roaming\vlc
2015-02-20 12:48 - 2014-12-11 17:43 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-17 16:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-17 15:08 - 2015-01-17 22:36 - 00000000 ____D () C:\Users\Warren\AppData\Roaming\uTorrent
2015-02-15 13:20 - 2015-01-16 18:57 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-628702464-1964586822-241242471-1001
2015-02-12 20:28 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-12 14:35 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-02-12 04:12 - 2013-08-22 16:44 - 00337808 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 21:01 - 2015-01-18 13:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 21:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-02-11 21:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-02-11 21:00 - 2015-01-18 13:48 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 21:00 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-11 18:37 - 2015-01-16 18:32 - 00000000 ____D () C:\Users\Warren
2015-02-11 16:36 - 2014-03-18 11:54 - 00143026 _____ () C:\Windows\PFRO.log
2015-02-10 13:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2015-02-10 13:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-02-10 03:17 - 2015-01-17 13:58 - 00000000 ____D () C:\Users\Warren\Desktop\Games
2015-02-09 13:27 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-09 13:00 - 2014-12-11 17:26 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-09 12:57 - 2014-12-11 17:41 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-09 12:57 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-09 12:44 - 2015-01-18 19:59 - 00000073 _____ () C:\Users\Warren\AppData\Local\X-Plane_drm.prf
2015-02-06 20:49 - 2015-01-19 17:17 - 911551425 ____N () C:\Windows\MEMORY.DMP
2015-02-06 20:49 - 2015-01-19 17:17 - 00000000 ____D () C:\Windows\Minidump
2015-02-06 20:07 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-02-06 10:32 - 2015-01-16 23:04 - 00000000 ____D () C:\Users\Warren\AppData\Local\Adobe
2015-02-03 21:31 - 2013-08-22 17:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 21:31 - 2013-08-22 17:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-01 20:32 - 2015-01-16 18:32 - 00000000 ____D () C:\Users\Warren\AppData\Local\Packages
2015-01-30 12:44 - 2015-01-17 02:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 17:32 - 2014-05-24 02:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-27 17:32 - 2014-05-24 02:01 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-01-27 17:31 - 2014-05-24 02:01 - 00002460 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - asus.lnk
2015-01-27 17:31 - 2014-05-24 02:01 - 00000000 ____D () C:\ProgramData\WildTangent
2015-01-22 07:33 - 2015-01-16 18:32 - 00000000 ____D () C:\Users\Warren\AppData\Local\NVIDIA Corporation
2015-01-22 07:33 - 2015-01-16 18:32 - 00000000 ____D () C:\Users\Warren\AppData\Local\NVIDIA
2015-01-22 07:29 - 2014-05-24 01:43 - 00000000 ____D () C:\Windows\system32\Drivers\tr-TR
2015-01-22 07:29 - 2014-03-18 11:46 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-22 07:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2015-01-22 07:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-01-22 07:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-22 07:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-22 07:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-22 07:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-22 07:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-01-22 07:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod
2015-01-22 07:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\setup
2015-01-22 07:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-22 07:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-22 07:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-22 07:29 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\oobe
2015-01-22 07:27 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-22 07:26 - 2014-12-11 17:29 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-22 07:25 - 2014-12-11 17:40 - 00003026 _____ () C:\Windows\System32\Tasks\ASUS USB Charger Plus
2015-01-22 07:25 - 2014-05-24 01:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-01-22 07:25 - 2014-05-24 01:59 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-01-22 07:23 - 2014-12-11 17:44 - 00000000 ____D () C:\ProgramData\ASUS
2015-01-22 07:21 - 2014-12-11 17:39 - 00003382 _____ () C:\Windows\System32\Tasks\Update Checker
2015-01-22 07:21 - 2014-12-11 17:26 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-22 07:20 - 2014-12-11 17:26 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-01-22 07:16 - 2014-12-11 17:43 - 00003138 _____ () C:\Windows\System32\Tasks\Gaming Center
2015-01-22 06:58 - 2014-12-11 17:26 - 00023882 _____ () C:\Windows\DPINST.LOG
2015-01-22 06:44 - 2014-05-24 01:34 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-01-22 06:44 - 2014-03-18 11:32 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2015-01-22 06:44 - 2014-03-18 11:32 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2015-01-22 06:44 - 2014-03-18 11:32 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2015-01-22 06:44 - 2014-03-18 11:32 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-01-22 06:44 - 2014-03-18 11:32 - 00000000 ____D () C:\Windows\system32\winrm
2015-01-22 06:44 - 2014-03-18 11:32 - 00000000 ____D () C:\Windows\system32\WCN
2015-01-22 06:44 - 2014-03-18 11:32 - 00000000 ____D () C:\Windows\system32\slmgr
2015-01-22 06:44 - 2014-03-18 11:32 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2015-01-22 06:44 - 2013-08-22 17:36 - 00000000 ___SD () C:\Windows\system32\dsc
2015-01-22 06:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2015-01-22 06:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-01-22 06:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2015-01-22 06:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2015-01-22 06:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2015-01-22 06:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\MUI
2015-01-22 06:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\migwiz
2015-01-22 06:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\Com
2015-01-22 06:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-01-22 06:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-01-22 06:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\IME
2015-01-22 06:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Help
2015-01-22 06:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager
2015-01-22 06:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2015-01-22 06:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-01-22 06:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-22 06:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-01-22 06:44 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-01-22 06:44 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-01-22 06:44 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-01-22 06:44 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\Dism

==================== Files in the root of some directories =======

2015-01-16 18:33 - 2015-02-21 12:57 - 0000093 _____ () C:\Users\Warren\AppData\Roaming\sp_data.sys
2015-02-21 12:54 - 2015-02-21 12:54 - 0154283 ____H () C:\Users\Warren\AppData\Roaming\Warren-wchelper.dll
2015-01-18 17:04 - 2015-01-18 19:59 - 0000080 _____ () C:\Users\Warren\AppData\Local\X-Plane Installer.prf
2015-01-18 19:59 - 2015-02-09 12:44 - 0000073 _____ () C:\Users\Warren\AppData\Local\X-Plane_drm.prf
2015-01-18 13:43 - 2015-01-18 13:43 - 0000016 _____ () C:\Users\Warren\AppData\Local\x-plane_install_10.txt
2014-12-11 17:34 - 2014-12-11 17:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-24 01:59 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-05-24 01:59 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-24 01:59 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\Warren\AppData\Local\Temp\avgnt.exe
C:\Users\Warren\AppData\Local\Temp\Installer_Windows.exe
C:\Users\Warren\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Warren\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Warren\AppData\Local\Temp\nvStInst.exe
C:\Users\Warren\AppData\Local\Temp\Quarantine.exe
C:\Users\Warren\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 17:17

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,787 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 AM

Posted 21 February 2015 - 12:06 PM

Hello lasbrief and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
:hello:
 
Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,787 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 AM

Posted 21 February 2015 - 12:56 PM

Hi lasbrief,

Step 1:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.07.0.1009.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt
 
Step 2:
 
Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)
 
Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 olgun52

olgun52

  • Malware Response Team
  • 3,787 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 AM

Posted 24 February 2015 - 05:33 PM

Hello,

 

4 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 lasbrief

lasbrief
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 25 February 2015 - 08:27 AM

Good day

 

Mbar doesn't seem to be working, I downloaded it to the desktop, extracted it to the desktop, but when I try to run it it gives an error stating "mbar is not found"

 

Regards



#6 olgun52

olgun52

  • Malware Response Team
  • 3,787 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 AM

Posted 25 February 2015 - 08:01 PM

OK. Please try run RogueKiller.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 lasbrief

lasbrief
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 26 February 2015 - 05:47 AM

Here it is

 

RogueKiller V10.4.3.0 [Feb 23 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Warren [Administrator]
Mode : Scan -- Date : 02/26/2015  12:45:09

¤¤¤ Processes : 2 ¤¤¤
[Proc.Injected] explorer.exe(4184) -- C:\Windows\SysWOW64\explorer.exe[7] -> Killed [TermProc]
[Proc.Injected] explorer.exe(6940) -- C:\Windows\SysWOW64\explorer.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 8 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-628702464-1964586822-241242471-1001\Software\Microsoft\Windows\CurrentVersion\Run | Java Update : C:\Users\Warren\AppData\Roaming\install\JavaUpdate.exe  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-628702464-1964586822-241242471-1001\Software\Microsoft\Windows\CurrentVersion\Run | Java Update : C:\Users\Warren\AppData\Roaming\install\JavaUpdate.exe  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CC377E71-9356-4B81-A9DD-E9AFA1F39E74} | DhcpNameServer : 192.11.128.24 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CC377E71-9356-4B81-A9DD-E9AFA1F39E74} | DhcpNameServer : 192.11.128.24 [UNITED STATES (US)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZHPU256HCGL-00005 +++++
--- User ---
[MBR] cc534cf3aa97f36a347b7abf572d2f37
[BSP] 4f3fe9932d19cf3fedb4e45137bc522a : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 97676 MB
3 - Basic data partition | Offset (sectors): 200509440 | Size: 134003 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 474947584 | Size: 12290 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST2000LM003 HN-M201RAD +++++
--- User ---
[MBR] aec7eb05a761c1215b0f9eda8b0f5a72
[BSP] cef215b68b97e82f1982428032cc2057 : Empty MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 953863 MB
1 - Basic data partition | Offset (sectors): 1953513472 | Size: 953865 MB
User = LL1 ... OK
User = LL2 ... OK
 



#8 lasbrief

lasbrief
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 26 February 2015 - 05:48 AM

Also, I can't seem to delete the mbar folder, it says I need admin's permission, but I am the admin.

 

Thank you



#9 olgun52

olgun52

  • Malware Response Team
  • 3,787 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 AM

Posted 26 February 2015 - 11:41 AM

Also, I can't seem to delete the mbar folder, it says I need admin's permission, but I am the admin.
 
Thank you

Yes, correct.

----------------------

 

Step 1:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:
 
Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Have a nice great.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 lasbrief

lasbrief
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 26 February 2015 - 04:59 PM

Here it is

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-02-26
Scan Time: 23:03:03
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.26.05
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Warren

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329012
Time Elapsed: 3 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Trojan.Agent.Gen, HKU\S-1-5-21-628702464-1964586822-241242471-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Java Update, C:\Users\Warren\AppData\Roaming\install\JavaUpdate.exe, Delete-on-Reboot, [78959a893159fb3b965e7e14f311bd43]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Trojan.Agent.Gen, C:\Users\Warren\AppData\Roaming\Warren-wchelper.dll, Quarantined, [75981c07aae0e155e7673aa259abb44c],
Trojan.Agent.Gen, C:\Users\Warren\AppData\Roaming\install\JavaUpdate.exe, Quarantined, [78959a893159fb3b965e7e14f311bd43],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

From ESET:

E:\Games\Far Cry 4\bin\steam_api.dll    a variant of Win32/HackTool.Crack.CS potentially unsafe application
E:\Games\Far Cry 4\bin\bin\steam_api.dll    a variant of Win32/HackTool.Crack.CS potentially unsafe application
E:\Games\Far Cry 4\bin\bin\bin\steam_api.dll    a variant of Win32/HackTool.Crack.CS potentially unsafe application
 

 

Thank you



#11 olgun52

olgun52

  • Malware Response Team
  • 3,787 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 AM

Posted 26 February 2015 - 06:05 PM

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
E:\Games\Far Cry 4\bin\steam_api.dll   
E:\Games\Far Cry 4\bin\bin\steam_api.dll   
E:\Games\Far Cry 4\bin\bin\bin\steam_api.dll  


Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 lasbrief

lasbrief
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 27 February 2015 - 06:20 AM

Here are the links:

 

https://www.virustotal.com/en/file/bfde51fa42f04548e194ad52fd0aa5d472b567c0c790c59e278fdff84735998a/analysis/1425035784/

https://www.virustotal.com/en/file/bfde51fa42f04548e194ad52fd0aa5d472b567c0c790c59e278fdff84735998a/analysis/1425035784/

https://www.virustotal.com/en/file/bfde51fa42f04548e194ad52fd0aa5d472b567c0c790c59e278fdff84735998a/analysis/1425035784/

 

They all look the same to me

 

Thank you



#13 olgun52

olgun52

  • Malware Response Team
  • 3,787 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 AM

Posted 27 February 2015 - 07:32 AM

Yes. but they are risky. We need to delete. Please delete them.

 

Next >>>

 

Please post a fresh FRST Logs. (FRST.txt and Additional.txt)

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 olgun52

olgun52

  • Malware Response Team
  • 3,787 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 AM

Posted 01 March 2015 - 05:37 PM

Hello,

 

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 olgun52

olgun52

  • Malware Response Team
  • 3,787 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 AM

Posted 05 March 2015 - 05:52 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users