Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus warning with every restart


  • This topic is locked This topic is locked
19 replies to this topic

#1 Joplinfmz

Joplinfmz

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 02 March 2015 - 08:15 PM

Hi, I hope im going about this in the correct location of the forum. I am getting a virus warning from Avast that says  HTTP://blackfightinfo/333livereader_1482753320. It is URL:Mal2

I have done a virus scan with Avast and it finds nothing. I have done a scan with Malwarebyts  and that also found nothing. Scanned and cleaned everything found with

superantispyware. But on every restart of the computer i get the warning. I did a hijackthis scan and hope im posting the results in the proper place. I thank you all in

advance for any help you can give.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:19:31 PM, on 3/2/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)

Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Users\Gjob\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-3104191088-1198645538-407198213-1000\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {BD596A5F-C74E-4E08-8249-E17A1C14589A} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_8/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8867 bytes


Edited by Joplinfmz, 03 March 2015 - 01:10 PM.


BC AdBot (Login to Remove)

 


m

#2 Joplinfmz

Joplinfmz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 05 March 2015 - 06:15 AM

Wanted to update this with the fact that it is attached to the svchost.exe. At computer start Avast gives a warning and shows a few different HTTP://websites with the warning.  Also says  URL:Mal2



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 PM

Posted 06 March 2015 - 09:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?

#4 Joplinfmz

Joplinfmz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 06 March 2015 - 05:45 PM

Thanks for the reply. Here are the logs you requested.

 

 

# AdwCleaner v4.111 - Logfile created 06/03/2015 at 17:32:50
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Gjob - GJOB
# Running from : C:\Users\Gjob\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END
Folder Found : C:\Program Files (x86)\Play
Folder Found : C:\ProgramData\1eb5cb1800000d54
Folder Found : C:\ProgramData\81b9113c02af2af4
Folder Found : C:\ProgramData\9347521451024919284

***** [ Scheduled tasks ] *****

Task Found : Dealply
Task Found : PC Optimizer Pro Updates
Task Found : Rocket Updater
Task Found : PC Optimizer Pro Idle
Task Found : PC Optimizer Pro Startups
Task Found : pcreg
Task Found : ProPCCleaner_Start
Task Found : ProPCCleaner_Popup

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Key Found : HKCU\Software\Bitberry
Key Found : HKCU\Software\Bitberry Software
Key Found : HKCU\Software\CoinisRS
Key Found : HKCU\Software\DriverTuner
Key Found : HKCU\Software\DriverTuner_Init
Key Found : HKCU\Software\ProPCCleanerConfig
Key Found : [x64] HKCU\Software\Bitberry
Key Found : [x64] HKCU\Software\Bitberry Software
Key Found : [x64] HKCU\Software\CoinisRS
Key Found : [x64] HKCU\Software\DriverTuner
Key Found : [x64] HKCU\Software\DriverTuner_Init
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\ProPCCleanerConfig
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Comodo Dragon v

-\\ Chrome Canary v

*************************

AdwCleaner[R1].txt - [2693 bytes] - [06/03/2015 17:32:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2752 bytes] ##########

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by Gjob (administrator) on GJOB on 06-03-2015 17:40:24
Running from C:\Users\Gjob\Desktop
Loaded Profiles: Gjob (Available profiles: Gjob)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3104191088-1198645538-407198213-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-27] (SUPERAntiSpyware)
HKU\S-1-5-21-3104191088-1198645538-407198213-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-18\...\Run: [CtxfiReg] => CTXFIREG.exe /FAIL2
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-19] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3104191088-1198645538-407198213-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3104191088-1198645538-407198213-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
HKU\S-1-5-21-3104191088-1198645538-407198213-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_coinis_14_49_ie_na01&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CyCtAtC0DzytCtA0AzzzytN0D0Tzu0StCtDyBtDtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyC0F0CyBzzyC0DyDtG0FyCtA0FtG0EtDyCyEtG0C0D0C0CtGtAzyyBtAtByD0F0CtByDyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAtCyBtA0EzytAtG0CtCyD0DtGyEtCyC0FtGzztAtDtBtGzzyDyCtByEtC0DzytC0ByBzy2Q&cr=64824244&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_idaddy_15_01&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CyCtAtC0DzytCtA0AzzzytN0D0Tzu0StCtDzyzztN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1L1Q1T1Q1Q2UtN1L1G1B1V1N2Y1L1Qzu2StBtA0EyByC0DyC0EtG0C0E0C0BtG0B0Azy0EtGtD0DyBtDtGyB0DyEzzzy0FtCtAtDtBtB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAtCyBtA0EzytAtG0CtCyD0DtGyEtCyC0FtGzztAtDtBtGzzyDyCtByEtC0DzytC0ByBzy2Q&cr=122124356&ir=
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3104191088-1198645538-407198213-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3104191088-1198645538-407198213-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-3104191088-1198645538-407198213-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-3104191088-1198645538-407198213-1000 -> No Name - {57434C32-2D53-5000-76A7-7A786E7484D7} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {BD596A5F-C74E-4E08-8249-E17A1C14589A} http://www.cvsphoto.com/upload/activex/v3_0_0_8/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-02]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-10]
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-10] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-10] (Avast Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-10-26] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-09-28] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2013-10-26] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-30] (EasyAntiCheat Ltd)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-13] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-10] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-10] ()
R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-03] (Emsisoft GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-10-14] (Duplex Secure Ltd.)
U5 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [37624 2015-03-03] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-10] (Avast Software)
S3 cpuz134; \??\C:\Users\Gjob\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 17:40 - 2015-03-06 17:40 - 00012829 _____ () C:\Users\Gjob\Desktop\FRST.txt
2015-03-06 17:40 - 2015-03-06 17:40 - 00000000 ____D () C:\FRST
2015-03-06 17:34 - 2015-03-06 17:34 - 00002883 _____ () C:\Users\Gjob\Desktop\AdwCleaner[R1].txt
2015-03-06 17:32 - 2015-03-06 17:39 - 00000000 ____D () C:\AdwCleaner
2015-03-06 17:30 - 2015-03-06 17:30 - 02126848 _____ () C:\Users\Gjob\Desktop\AdwCleaner.exe
2015-03-06 17:29 - 2015-03-06 17:29 - 02092544 _____ (Farbar) C:\Users\Gjob\Desktop\FRST64.exe
2015-03-05 17:49 - 2015-03-05 17:49 - 09166239 _____ () C:\Users\Gjob\Desktop\OxideRust.zip
2015-03-03 18:39 - 2015-03-03 18:39 - 00000000 ____D () C:\Users\Gjob\AppData\Local\CrashDumps
2015-03-03 14:37 - 2015-03-06 05:58 - 00000000 ____D () C:\EEK
2015-03-03 14:30 - 2015-03-03 14:30 - 00002620 _____ () C:\Windows\System32\Tasks\SparkTrust Registration3
2015-03-03 14:30 - 2015-03-03 14:30 - 00002582 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce
2015-03-03 14:30 - 2015-03-03 14:30 - 00002582 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3
2015-03-03 14:30 - 2015-03-03 14:30 - 00002492 _____ () C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus Startup
2015-03-03 14:25 - 2015-03-03 14:31 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-03 14:25 - 2015-03-03 14:30 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-03 14:20 - 2015-03-03 14:20 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-03-03 14:15 - 2015-03-03 14:15 - 00013544 _____ () C:\Windows\system32\.crusader
2015-03-03 14:12 - 2015-03-03 14:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-02 19:12 - 2015-03-02 19:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gjob\Desktop\HijackThis.exe
2015-02-22 11:59 - 2015-02-22 11:59 - 00000000 ____D () C:\Program Files (x86)\Play
2015-02-22 11:39 - 2015-02-22 11:39 - 00000000 ____D () C:\Program Files (x86)\Netflix Trailer Button Adder
2015-02-19 06:12 - 2015-02-19 06:12 - 00000000 ____D () C:\Users\Gjob\AppData\Local\Steam
2015-02-15 10:31 - 2015-03-03 13:41 - 00000000 ____D () C:\ProgramData\{af54f21e-ad7d-01f8-af54-4f21ead7c87a}
2015-02-14 22:30 - 2015-03-05 17:08 - 00000000 ____D () C:\ProgramData\1eb5cb1800000d54
2015-02-06 06:40 - 2015-02-06 06:40 - 00000000 ____D () C:\Users\Gjob\AppData\Roaming\11bitstudios
2015-02-05 22:01 - 2015-02-05 22:01 - 00000222 _____ () C:\Users\Gjob\Desktop\This War of Mine.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 17:33 - 2013-09-27 23:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-06 17:22 - 2015-01-29 05:59 - 00000000 ____D () C:\Users\Gjob\Desktop\Plugins
2015-03-06 17:16 - 2013-09-28 00:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-06 17:16 - 2013-09-27 17:50 - 01919303 _____ () C:\Windows\WindowsUpdate.log
2015-03-06 05:58 - 2009-07-13 23:45 - 00019504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-06 05:58 - 2009-07-13 23:45 - 00019504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-06 05:51 - 2013-09-27 22:23 - 01517996 _____ () C:\Windows\PFRO.log
2015-03-06 05:51 - 2013-09-27 22:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-06 05:51 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-06 05:51 - 2009-07-13 23:51 - 00375573 _____ () C:\Windows\setupact.log
2015-03-05 05:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2015-03-04 22:42 - 2014-06-18 19:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-03 18:26 - 2015-01-28 19:05 - 00000000 ____D () C:\Users\Gjob\Desktop\RustRCon
2015-03-03 16:25 - 2009-07-14 00:08 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-03 14:47 - 2013-10-04 22:29 - 00000000 ____D () C:\Users\Gjob\AppData\Local\SlimWare Utilities Inc
2015-03-03 14:32 - 2009-07-13 21:34 - 00000768 _____ () C:\Windows\system32\Drivers\etc\hosts.old
2015-03-03 13:42 - 2015-01-10 17:52 - 00000000 ____D () C:\ProgramData\{de6864de-34ea-bfd2-de68-864de34e9378}
2015-03-02 18:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system
2015-03-02 06:16 - 2013-10-04 05:31 - 00000000 ____D () C:\Users\Gjob\AppData\Local\Downloaded Installations
2015-03-02 06:15 - 2013-09-27 17:50 - 00000000 ____D () C:\Users\Gjob
2015-03-02 06:02 - 2013-09-27 20:30 - 00000000 ____D () C:\Windows\pss
2015-03-01 07:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-22 11:59 - 2015-01-10 17:53 - 00000000 ____D () C:\ProgramData\9347521451024919284
2015-02-15 22:23 - 2013-09-27 22:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 10:39 - 2015-01-10 17:50 - 00000000 ____D () C:\Program Files\PeerBlock
2015-02-15 07:23 - 2013-09-27 22:06 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-15 07:23 - 2013-09-27 22:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-15 07:23 - 2013-09-27 22:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2014-09-27 19:58 - 2014-09-27 19:58 - 0085355 _____ () C:\Users\Gjob\AppData\Roaming\icarus-dxdiag.xml
2015-03-03 14:30 - 2015-03-03 14:36 - 0000115 _____ () C:\Users\Gjob\AppData\Roaming\LogFile.txt
2014-01-18 19:22 - 2014-01-18 19:22 - 0000000 _____ () C:\Users\Gjob\AppData\Roaming\SharedSettings.ccs
2014-01-27 17:06 - 2014-01-27 17:06 - 0003584 _____ () C:\Users\Gjob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-18 19:23 - 2014-01-18 19:23 - 0067992 _____ () C:\Users\Gjob\AppData\Local\eciaqehe
2014-01-25 22:47 - 2014-01-25 22:47 - 0000000 ___SH () C:\Users\Gjob\AppData\Local\LumaEmu
2014-01-18 19:24 - 2014-01-18 19:24 - 0012326 _____ () C:\Users\Gjob\AppData\Local\vqeugkxk

Some content of TEMP:
====================
C:\Users\Gjob\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Gjob\AppData\Local\Temp\HitmanPro.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2013-12-30 20:34

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by Gjob at 2015-03-06 17:40:45
Running from C:\Users\Gjob\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F87F5A36-43B2-F8CD-F601-AED5D064DD4C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Creative 3DMIDI Player (HKLM-x32\...\3DMIDI) (Version: 1.11 - Creative Technology Limited)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Diagnostics (HKLM-x32\...\Diagnostics 4_5) (Version: 5.11 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version:  - )
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
IncrediMail (x32 Version: 6.3.9.5274 - IncrediMail) Hidden
IncrediMail 2.0 (HKLM-x32\...\IncrediMail) (Version: 6.3.9.5274 - IncrediMail Ltd.)
Ipswitch WS_FTP Pro (HKLM-x32\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 9.01 - )
Java 7 Update 76 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417076FF}) (Version: 7.0.760 - Oracle)
Java 7 Update 76 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version:  - 11 bit studios)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

Could not list restore points.
Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-03-04 22:59 - 00000835 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05BA4B0A-A49F-427F-B19B-8EB6729F279D} - System32\Tasks\PC Optimizer Pro Idle => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {12C8AADB-FD41-4724-ABEA-8A6317B8B017} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-10] (AVAST Software)
Task: {1822E50D-5B19-4A86-BF7C-180E13D04B6B} - System32\Tasks\{2B51314D-E9AD-4799-87FE-8E6DB7B7B0F1} => pcalua.exe -a G:\INSTALL.EXE -d G:\
Task: {53D27837-3EDF-46E0-9139-7571F9AC44EE} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3104191088-1198645538-407198213-1000
Task: {54FB4502-F2A7-4EBE-8CC8-A8B903B55CC4} - \Dealply No Task File <==== ATTENTION
Task: {56263AE6-9811-4FBF-80A0-E06294B95AEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {5C5381F0-F2C0-4E55-905F-4A5FEB38EEAC} - \bench-S-1-5-21-3104191088-1198645538-407198213-1000 No Task File <==== ATTENTION
Task: {5FEE203A-07AC-4270-8201-502080B95CE5} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {623DDB30-DB14-43AC-927D-755FA5419258} - System32\Tasks\SparkTrust PC Cleaner Plus Startup => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: {6714D24A-6CDD-4FF5-ACA5-26D8A1C61FBD} - System32\Tasks\{2E361022-6BA9-48C9-A651-C5EB53BC545D} => pcalua.exe -a "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe"
Task: {6C1DFF7F-0D8C-420F-9808-8F4E066A7775} - System32\Tasks\PC Optimizer Pro startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {8E21C8F6-4885-4B3F-9D91-1FCC434F53A9} - System32\Tasks\SparkTrust Update Version3 => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
Task: {A34D2B84-85B3-45C5-9800-1C821632A571} - System32\Tasks\PC Optimizer Pro Scan => C:\StartApps.exe <==== ATTENTION
Task: {A7CE2449-05E4-4879-93F4-05F3A332B969} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {AABA3302-62EA-4F5D-B9D7-10E9DD15CD87} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {AC7B942E-EC5B-412E-9407-2DB65F447124} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
Task: {ACDD7BC9-DE04-4899-9DD1-DFDC59D75944} - System32\Tasks\PC Optimizer Pro Updates => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {AEE6FBD8-B4FB-4754-8B44-365C5769474C} - \Rocket Updater No Task File <==== ATTENTION
Task: {BC40851D-4007-489E-ACB4-247A1E1095B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-15] (Adobe Systems Incorporated)
Task: {C91F1AB3-8215-4C0D-B0AD-AC0D2F2540B0} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
Task: {D4CBFF13-6B7F-4F69-9BA3-1CCB9A21175D} - System32\Tasks\{54A73D6B-C06B-45C9-B8DC-DC759F8D656D} => pcalua.exe -a "C:\Users\Gjob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XN123B9O\AdobeAIRInstaller.exe" -d C:\Users\Gjob\Desktop
Task: {E9CEACCE-9FA3-4DA6-BCAF-D727B39DF374} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {EC4159C7-1867-4D2A-8F71-A56FD3D59445} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {ED3C35E0-8B15-48FD-A84A-DA7C76C53C2A} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: {EDEEA9D4-FA7E-4676-A411-1E073ED6D4D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {F7418F98-6019-4C1F-800D-8DF6A388C749} - \Optimizer Pro Schedule No Task File <==== ATTENTION
Task: {F9BFF720-126D-44DC-8950-B7675E64DC32} - System32\Tasks\SUPERAntiSpyware Scheduled Task d999415f-0cb8-4de7-b1af-c340c48ac6cb => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d999415f-0cb8-4de7-b1af-c340c48ac6cb.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

==================== Loaded Modules (whitelisted) ==============

2014-07-22 21:00 - 2014-05-19 20:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-13 20:58 - 2014-08-13 20:58 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-10 20:41 - 2014-11-10 20:41 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-10 20:41 - 2014-11-10 20:41 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-11-10 20:41 - 2014-11-10 20:41 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-03-06 17:16 - 2015-03-06 17:16 - 02919424 _____ () C:\Program Files\AVAST Software\Avast\defs\15030602\algo.dll
2014-11-10 20:41 - 2014-11-10 20:41 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Gjob\Local Settings:init
AlternateDataStreams: C:\Users\Gjob\AppData\Local:init
AlternateDataStreams: C:\Users\Gjob\AppData\Local\Application Data:init

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3104191088-1198645538-407198213-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gjob\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 167.206.245.135 - 167.206.245.136

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Gjob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^874604CC2.lnk => C:\Windows\pss\874604CC2.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gjob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dying Light Ultimate Edition [RUS _ ENG] [v1.3 + DLCs] RePack by RG Games.lnk => C:\Windows\pss\Dying Light Ultimate Edition [RUS _ ENG] [v1.3 + DLCs] RePack by RG Games.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gjob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dying Light_ Ultimate Edition [v 1.2.1 + DLCs] - 2015 - RePack by R.G. Steamgames.lnk => C:\Windows\pss\Dying Light_ Ultimate Edition [v 1.2.1 + DLCs] - 2015 - RePack by R.G. Steamgames.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gjob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Keygen - YoWindow Unlimited Edition 4 Build 12 Full   Serial Key.rar.lnk => C:\Windows\pss\Keygen - YoWindow Unlimited Edition 4 Build 12 Full   Serial Key.rar.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gjob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gjob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^program.lnk => C:\Windows\pss\program.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gjob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: 20131121 => C:\Program Files\AVAST Software\Avast\setup\emupdate\66dd04b8-acab-4d80-8073-e1103995ff99.exe /check
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Gjob\AppData\Local\Smartbar\Application\QuickShare.exe startup
MSCONFIG\startupreg: ConvertAd => C:\Users\Gjob\AppData\Local\ConvertAd\ConvertAd.exe
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: EarthAlerts => C:\Program Files (x86)\Earth Alerts\EarthAlerts.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_7F1F7213633E4F744540EAE635D05F64 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GoogleChromeAutoLaunch_B95FE6E82234C54F6ACE6E3F7DCD84D3 => "C:\Users\Gjob\AppData\Local\Vosteran\Application\vosteran.exe" --auto-launch-at-startup --profile-directory="Default"
MSCONFIG\startupreg: IncrediMail => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: llelaxjn => "C:\Users\Gjob\AppData\Local\afbjfnfw.exe"
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: MSConfig => "C:\Users\Gjob\bkhqihty.exe"
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Gjob\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ospd_us_526 => "C:\Program Files (x86)\ospd_us_526\ospd_us_526.exe"
MSCONFIG\startupreg: pcreg => C:\Program Files\pcreg\service.exe
MSCONFIG\startupreg: Search Protection => "C:\Users\Gjob\AppData\Roaming\Search Protection\SP.EXE" /autostart
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Super Optimizer => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
MSCONFIG\startupreg: sxbcsirx => "C:\Users\Gjob\AppData\Local\xqhenokc.exe"
MSCONFIG\startupreg: TWC.Win7 => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
MSCONFIG\startupreg: Updater => C:\ProgramData\Updater\updater.exe
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: uTorrent => "C:\Users\Gjob\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
MSCONFIG\startupreg: WarThunderLauncher => C:\Program Files (x86)\WarThunder\launcher.exe
MSCONFIG\startupreg: WinCheck => C:\Users\Gjob\AppData\Local\wincheck\wincheck.exe
MSCONFIG\startupreg: WINUP => regsvr32 "C:\Users\Gjob\AppData\Local\Temp\reg.dll
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Accounts: =============================

Administrator (S-1-5-21-3104191088-1198645538-407198213-500 - Administrator - Disabled)
Gjob (S-1-5-21-3104191088-1198645538-407198213-1000 - Administrator - Enabled) => C:\Users\Gjob
Guest (S-1-5-21-3104191088-1198645538-407198213-501 - Administrator - Disabled)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2015 06:39:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IncMail.exe, version: 6.3.9.5274, time stamp: 0x51eb9497
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0x150
Faulting application start time: 0xIncMail.exe0
Faulting application path: IncMail.exe1
Faulting module path: IncMail.exe2
Report Id: IncMail.exe3

Error: (03/03/2015 02:20:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000220,(null),0,REG_BINARY,00000000019AEAD0.72).  hr = 0x80070005, Access is denied.
.

Error: (03/03/2015 02:20:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000030c,(null),0,REG_BINARY,0000000000B8E390.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d085c376-944c-431a-baf0-a5ceb5490ba2}

Error: (03/03/2015 02:20:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000aac,(null),0,REG_BINARY,0000000000F8DEA0.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {6f7b762e-ed22-4886-802e-c6ecedd83219}

Error: (03/03/2015 02:20:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001cc,(null),0,REG_BINARY,0000000002E6EC40.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {7a35323c-a54b-4894-9e6e-7259efa8a5b5}

Error: (03/03/2015 02:20:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001dc,(null),0,REG_BINARY,0000000001B0F130.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {9a823be9-96e4-44fd-8137-abbfe30f6d25}

Error: (03/03/2015 02:20:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,(null),0,REG_BINARY,0000000002C2EB40.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {21606045-20a9-41a4-885b-e82f8e78cd88}

Error: (03/03/2015 02:20:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000030c,(null),0,REG_BINARY,0000000000B8E390.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d085c376-944c-431a-baf0-a5ceb5490ba2}

Error: (03/03/2015 02:20:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000aac,(null),0,REG_BINARY,0000000000F8DEA0.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {6f7b762e-ed22-4886-802e-c6ecedd83219}

Error: (03/03/2015 02:20:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001cc,(null),0,REG_BINARY,0000000002E6EC40.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {7a35323c-a54b-4894-9e6e-7259efa8a5b5}

System errors:
=============
Error: (03/06/2015 05:40:49 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

Error: (03/06/2015 05:40:49 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

Error: (03/06/2015 05:40:48 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

Error: (03/06/2015 05:40:48 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

Error: (03/06/2015 05:40:47 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

Error: (03/06/2015 05:40:47 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

Error: (03/06/2015 05:40:46 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

Error: (03/06/2015 05:40:46 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

Error: (03/06/2015 05:40:45 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

Error: (03/06/2015 05:40:44 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Security Center service depends the following service: winmgmt. This service might not be installed.

Microsoft Office Sessions:
=========================
Error: (03/03/2015 06:39:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IncMail.exe6.3.9.527451eb9497KERNELBASE.dll6.1.7601.1840953159a86e06d73630000c42d15001d0560b31cb2431C:\Program Files (x86)\IncrediMail\Bin\IncMail.exeC:\Windows\syswow64\KERNELBASE.dll909a823e-c1fe-11e4-ad15-60a44c631d91

Error: (03/03/2015 02:20:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000220,(null),0,REG_BINARY,00000000019AEAD0.72)0x80070005, Access is denied.

Error: (03/03/2015 02:20:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x0000030c,(null),0,REG_BINARY,0000000000B8E390.72)0x80070005, Access is denied.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d085c376-944c-431a-baf0-a5ceb5490ba2}

Error: (03/03/2015 02:20:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000aac,(null),0,REG_BINARY,0000000000F8DEA0.72)0x80070005, Access is denied.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {6f7b762e-ed22-4886-802e-c6ecedd83219}

Error: (03/03/2015 02:20:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001cc,(null),0,REG_BINARY,0000000002E6EC40.72)0x80070005, Access is denied.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {7a35323c-a54b-4894-9e6e-7259efa8a5b5}

Error: (03/03/2015 02:20:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001dc,(null),0,REG_BINARY,0000000001B0F130.72)0x80070005, Access is denied.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {9a823be9-96e4-44fd-8137-abbfe30f6d25}

Error: (03/03/2015 02:20:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x0000020c,(null),0,REG_BINARY,0000000002C2EB40.72)0x80070005, Access is denied.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {21606045-20a9-41a4-885b-e82f8e78cd88}

Error: (03/03/2015 02:20:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x0000030c,(null),0,REG_BINARY,0000000000B8E390.72)0x80070005, Access is denied.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d085c376-944c-431a-baf0-a5ceb5490ba2}

Error: (03/03/2015 02:20:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000aac,(null),0,REG_BINARY,0000000000F8DEA0.72)0x80070005, Access is denied.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {6f7b762e-ed22-4886-802e-c6ecedd83219}

Error: (03/03/2015 02:20:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001cc,(null),0,REG_BINARY,0000000002E6EC40.72)0x80070005, Access is denied.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {7a35323c-a54b-4894-9e6e-7259efa8a5b5}

==================== Memory info ===========================

Processor: AMD FX™-8350 Eight-Core Processor
Percentage of memory in use: 8%
Total physical RAM: 16282.95 MB
Available physical RAM: 14958.48 MB
Total Pagefile: 18329.13 MB
Available Pagefile: 16781.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:214.53 GB) (Free:112.96 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (New Volume) (Fixed) (Total:279.35 GB) (Free:278.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 63AB6945)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=214.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 279.5 GB) (Disk ID: C179098E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 PM

Posted 07 March 2015 - 08:08 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3104191088-1198645538-407198213-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_coinis_14_49_ie_na01&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CyCtAtC0DzytCtA0AzzzytN0D0Tzu0StCtDyBtDtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyC0F0CyBzzyC0DyDtG0FyCtA0FtG0EtDyCyEtG0C0D0C0CtGtAzyyBtAtByD0F0CtByDyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAtCyBtA0EzytAtG0CtCyD0DtGyEtCyC0FtGzztAtDtBtGzzyDyCtByEtC0DzytC0ByBzy2Q&cr=64824244&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_idaddy_15_01&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CyCtAtC0DzytCtA0AzzzytN0D0Tzu0StCtDzyzztN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1L1Q1T1Q1Q2UtN1L1G1B1V1N2Y1L1Qzu2StBtA0EyByC0DyC0EtG0C0E0C0BtG0B0Azy0EtGtD0DyBtDtGyB0DyEzzzy0FtCtAtDtBtB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAtCyBtA0EzytAtG0CtCyD0DtGyEtCyC0FtGzztAtDtBtGzzyDyCtByEtC0DzytC0ByBzy2Q&cr=122124356&ir=
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3104191088-1198645538-407198213-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3104191088-1198645538-407198213-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-3104191088-1198645538-407198213-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-3104191088-1198645538-407198213-1000 -> No Name - {57434C32-2D53-5000-76A7-7A786E7484D7} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-10]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S3 cpuz134; \??\C:\Users\Gjob\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
Task: {05BA4B0A-A49F-427F-B19B-8EB6729F279D} - System32\Tasks\PC Optimizer Pro Idle => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {54FB4502-F2A7-4EBE-8CC8-A8B903B55CC4} - \Dealply No Task File <==== ATTENTION
Task: {5C5381F0-F2C0-4E55-905F-4A5FEB38EEAC} - \bench-S-1-5-21-3104191088-1198645538-407198213-1000 No Task File <==== ATTENTION
Task: {5FEE203A-07AC-4270-8201-502080B95CE5} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {623DDB30-DB14-43AC-927D-755FA5419258} - System32\Tasks\SparkTrust PC Cleaner Plus Startup => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: {6C1DFF7F-0D8C-420F-9808-8F4E066A7775} - System32\Tasks\PC Optimizer Pro startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {8E21C8F6-4885-4B3F-9D91-1FCC434F53A9} - System32\Tasks\SparkTrust Update Version3 => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
Task: {A34D2B84-85B3-45C5-9800-1C821632A571} - System32\Tasks\PC Optimizer Pro Scan => C:\StartApps.exe <==== ATTENTION
Task: {AABA3302-62EA-4F5D-B9D7-10E9DD15CD87} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {AC7B942E-EC5B-412E-9407-2DB65F447124} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
Task: {ACDD7BC9-DE04-4899-9DD1-DFDC59D75944} - System32\Tasks\PC Optimizer Pro Updates => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {AEE6FBD8-B4FB-4754-8B44-365C5769474C} - \Rocket Updater No Task File <==== ATTENTION
Task: {C91F1AB3-8215-4C0D-B0AD-AC0D2F2540B0} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
Task: {ED3C35E0-8B15-48FD-A84A-DA7C76C53C2A} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: {F7418F98-6019-4C1F-800D-8DF6A388C749} - \Optimizer Pro Schedule No Task File <==== ATTENTION
End
AlternateDataStreams: C:\Users\Gjob\Local Settings:init
AlternateDataStreams: C:\Users\Gjob\AppData\Local:init
AlternateDataStreams: C:\Users\Gjob\AppData\Local\Application Data:init

Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

After the restart run the AdwCleaner tool and clean any remaining entries that willl be found.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

===

Could not list restore points.
Check "winmgmt" service or repair WMI.


Open your Task Manager (CTRL+ALT+DEL) key.
Click the service tab.

Look at winmgmt
If not running right click on the line and select Start service

Close the Task Manager.
Let me know if this service is now shown as started.
===

How is the computer running now?

======

#6 Joplinfmz

Joplinfmz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 07 March 2015 - 08:54 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2015 01
Ran by Gjob at 2015-03-07 08:46:00 Run:1
Running from C:\Users\Gjob\Desktop\FRST
Loaded Profiles: Gjob (Available profiles: Gjob)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3104191088-1198645538-407198213-1000\SOFTWARE\Policies\Google: Policy restriction <=======
ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_coinis_14_49_ie_na01&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CyCtAtC0DzytCtA0AzzzytN0D0Tzu0StCtDyBtDtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2SyC0F0CyBzzyC0DyDtG0FyCtA0FtG0EtDyCyEtG0C0D0C0CtGtAzyyBtAtByD0F0CtByDyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAtCyBtA0EzytAtG0CtCyD0DtGyEtCyC0FtGzztAtDtBtGzzyDyCtByEtC0DzytC0ByBzy2Q&cr=64824244&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_idaddy_15_01&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CyCtAtC0DzytCtA0AzzzytN0D0Tzu0StCtDzyzztN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1L1Q1T1Q1Q2UtN1L1G1B1V1N2Y1L1Qzu2StBtA0EyByC0DyC0EtG0C0E0C0BtG0B0Azy0EtGtD0DyBtDtGyB0DyEzzzy0FtCtAtDtBtB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAtCyBtA0EzytAtG0CtCyD0DtGyEtCyC0FtGzztAtDtBtGzzyDyCtByEtC0DzytC0ByBzy2Q&cr=122124356&ir=
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3104191088-1198645538-407198213-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3104191088-1198645538-407198213-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-3104191088-1198645538-407198213-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar:
HKU\S-1-5-21-3104191088-1198645538-407198213-1000 -> No Name - {57434C32-2D53-5000-76A7-7A786E7484D7} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR
HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-10]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S3 cpuz134; \??\C:\Users\Gjob\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
Task: {05BA4B0A-A49F-427F-B19B-8EB6729F279D} - System32\Tasks\PC Optimizer Pro Idle => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {54FB4502-F2A7-4EBE-8CC8-A8B903B55CC4} - \Dealply No Task File <==== ATTENTION
Task: {5C5381F0-F2C0-4E55-905F-4A5FEB38EEAC} - \bench-S-1-5-21-3104191088-1198645538-407198213-1000 No Task File <==== ATTENTION
Task: {5FEE203A-07AC-4270-8201-502080B95CE5} -
System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {623DDB30-DB14-43AC-927D-755FA5419258} - System32\Tasks\SparkTrust PC Cleaner Plus Startup => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: {6C1DFF7F-0D8C-420F-9808-8F4E066A7775} - System32\Tasks\PC Optimizer Pro startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {8E21C8F6-4885-4B3F-9D91-1FCC434F53A9} - System32\Tasks\SparkTrust Update Version3 => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
Task: {A34D2B84-85B3-45C5-9800-1C821632A571} - System32\Tasks\PC Optimizer Pro Scan => C:\StartApps.exe <==== ATTENTION
Task: {AABA3302-62EA-4F5D-B9D7-10E9DD15CD87} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {AC7B942E-EC5B-412E-9407-2DB65F447124}
- System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
Task: {ACDD7BC9-DE04-4899-9DD1-DFDC59D75944} - System32\Tasks\PC Optimizer Pro Updates => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {AEE6FBD8-B4FB-4754-8B44-365C5769474C} - \Rocket Updater No Task File <==== ATTENTION
Task: {C91F1AB3-8215-4C0D-B0AD-AC0D2F2540B0} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
Task: {ED3C35E0-8B15-48FD-A84A-DA7C76C53C2A} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: {F7418F98-6019-4C1F-800D-8DF6A388C749} - \Optimizer Pro Schedule No Task File <==== ATTENTION
End
AlternateDataStreams: C:\Users\Gjob\Local Settings:init
AlternateDataStreams: C:\Users\Gjob\AppData\Local:init
AlternateDataStreams:
C:\Users\Gjob\AppData\Local\Application Data:init

*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3104191088-1198645538-407198213-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully.
HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_idaddy_15_01&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CyCtAtC0DzytCtA0AzzzytN0D0Tzu0StCtDzyzztN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1L1Q1T1Q1Q2UtN1L1G1B1V1N2Y1L1Qzu2StBtA0EyByC0DyC0EtG0C0E0C0BtG0B0Azy0EtGtD0DyBtDtGyB0DyEzzzy0FtCtAtDtBtB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAtCyBtA0EzytAtG0CtCyD0DtGyEtCyC0FtGzztAtDtBtGzzyDyCtByEtC0DzytC0ByBzy2Q&cr=122124356&ir= => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKU\S-1-5-21-3104191088-1198645538-407198213-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-3104191088-1198645538-407198213-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully.
HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => Key not found.
"HKU\S-1-5-21-3104191088-1198645538-407198213-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
Toolbar: => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3104191088-1198645538-407198213-1000 -> No Name - {57434C32-2D53-5000-76A7-7A786E7484D7} -  No File => Error: No automatic fix found for this entry.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.4.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => Key deleted successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx" => Scheduled to move on reboot.
CHR => Error: No automatic fix found for this entry.
HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-10] => Error: No automatic fix found for this entry.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
NMIndexingService => Service deleted successfully.
cpuz134 => Service deleted successfully.
nvvad_WaveExtensible => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05BA4B0A-A49F-427F-B19B-8EB6729F279D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05BA4B0A-A49F-427F-B19B-8EB6729F279D}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Optimizer Pro Idle => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro Idle" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54FB4502-F2A7-4EBE-8CC8-A8B903B55CC4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54FB4502-F2A7-4EBE-8CC8-A8B903B55CC4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C5381F0-F2C0-4E55-905F-4A5FEB38EEAC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C5381F0-F2C0-4E55-905F-4A5FEB38EEAC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-S-1-5-21-3104191088-1198645538-407198213-1000" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {5FEE203A-07AC-4270-8201-502080B95CE5} - => Key not found.
System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{623DDB30-DB14-43AC-927D-755FA5419258}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{623DDB30-DB14-43AC-927D-755FA5419258}" => Key deleted successfully.
C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus Startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust PC Cleaner Plus Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C1DFF7F-0D8C-420F-9808-8F4E066A7775}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C1DFF7F-0D8C-420F-9808-8F4E066A7775}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Optimizer Pro startups => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro startups" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E21C8F6-4885-4B3F-9D91-1FCC434F53A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E21C8F6-4885-4B3F-9D91-1FCC434F53A9}" => Key deleted successfully.
C:\Windows\System32\Tasks\SparkTrust Update Version3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Update Version3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A34D2B84-85B3-45C5-9800-1C821632A571}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A34D2B84-85B3-45C5-9800-1C821632A571}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Optimizer Pro Scan => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AABA3302-62EA-4F5D-B9D7-10E9DD15CD87}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AABA3302-62EA-4F5D-B9D7-10E9DD15CD87}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Popup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {AC7B942E-EC5B-412E-9407-2DB65F447124} => Key not found.
- System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACDD7BC9-DE04-4899-9DD1-DFDC59D75944}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACDD7BC9-DE04-4899-9DD1-DFDC59D75944}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Optimizer Pro Updates => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro Updates" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEE6FBD8-B4FB-4754-8B44-365C5769474C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEE6FBD8-B4FB-4754-8B44-365C5769474C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Rocket Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C91F1AB3-8215-4C0D-B0AD-AC0D2F2540B0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C91F1AB3-8215-4C0D-B0AD-AC0D2F2540B0}" => Key deleted successfully.
C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Update Version3_triggeronce" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED3C35E0-8B15-48FD-A84A-DA7C76C53C2A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED3C35E0-8B15-48FD-A84A-DA7C76C53C2A}" => Key deleted successfully.
C:\Windows\System32\Tasks\SparkTrust Registration3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Registration3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F7418F98-6019-4C1F-800D-8DF6A388C749}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7418F98-6019-4C1F-800D-8DF6A388C749}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule => Key not found.
"C:\Users\Gjob\Local Settings" => ":init" ADS not found.
C:\Users\Gjob\AppData\Local => ":init" ADS removed successfully.
AlternateDataStreams: => Error: No automatic fix found for this entry.
"C:\Users\Gjob\AppData\Local\Application Data:init" => File/Directory not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-07 08:46:49)<=

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx" => File could not move.

==== End of Fixlog 08:46:49 ====

 

 

 

 Results of screen317's Security Check version 0.99.97 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 76 
  Java 64-bit 8 Update 31 
 Adobe Flash Player 16.0.0.305 
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 PM

Posted 07 March 2015 - 09:17 AM

Remove this old version of Java using the Add/Remove programs applet.

Java 7 Update 76

===

If all is well.

to learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 Joplinfmz

Joplinfmz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 07 March 2015 - 10:01 AM

Thanks you for all of your fast replies. Virus warning still popping up on reboot.

http://www.fmzclan.net/antivirus.jpg



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 PM

Posted 07 March 2015 - 01:44 PM

Something must still be in the registry.

Can you give me the exact error message.

#10 Joplinfmz

Joplinfmz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 07 March 2015 - 04:11 PM

The link in the above post is a screenshot of the error im getting. The http:// address is  HTTP://blackfightinfo/333livereader sometimes as well



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 PM

Posted 08 March 2015 - 07:19 AM

Your link is not working.
Check it out.

#12 Joplinfmz

Joplinfmz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 08 March 2015 - 07:48 AM

Sorry I meant the reply above my last. Please look at this link.

 

http://www.fmzclan.net/antivirus.jpg



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 PM

Posted 08 March 2015 - 09:25 AM

Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

If that fails to stop this run this online scan.

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

#14 Joplinfmz

Joplinfmz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 08 March 2015 - 11:04 AM

Here is the log, Thanks again!

 

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmbpcohapalacgmihelconiegnohofaj\1.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmbpcohapalacgmihelconiegnohofaj\1.0\PrcZLbczw.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phfggnlpcmaflacjgimpcpaemfnnonkn\1.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phfggnlpcmaflacjgimpcpaemfnnonkn\1.0\uU4yBSX.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cmbpcohapalacgmihelconiegnohofaj\1.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cmbpcohapalacgmihelconiegnohofaj\1.0\PrcZLbczw.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phfggnlpcmaflacjgimpcpaemfnnonkn\1.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phfggnlpcmaflacjgimpcpaemfnnonkn\1.0\uU4yBSX.js JS/Kryptik.ATB trojan
C:\Users\Gjob\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmbpcohapalacgmihelconiegnohofaj\1.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Gjob\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmbpcohapalacgmihelconiegnohofaj\1.0\PrcZLbczw.js JS/Kryptik.ATB trojan
C:\Users\Gjob\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phfggnlpcmaflacjgimpcpaemfnnonkn\1.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Gjob\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phfggnlpcmaflacjgimpcpaemfnnonkn\1.0\uU4yBSX.js JS/Kryptik.ATB trojan
C:\Users\Gjob\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cmbpcohapalacgmihelconiegnohofaj\1.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Gjob\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cmbpcohapalacgmihelconiegnohofaj\1.0\PrcZLbczw.js JS/Kryptik.ATB trojan
C:\Users\Gjob\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phfggnlpcmaflacjgimpcpaemfnnonkn\1.0\content.js JS/Chromex.Agent.L trojan
C:\Users\Gjob\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phfggnlpcmaflacjgimpcpaemfnnonkn\1.0\uU4yBSX.js JS/Kryptik.ATB trojan
 



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 PM

Posted 08 March 2015 - 01:00 PM

If not already done run Eset again and fix/remove everything that is found.

How is the computer running now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users