Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm 100% sure I have different types of viruses on my PC.


  • This topic is locked This topic is locked
34 replies to this topic

#1 Funny nublet

Funny nublet

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 07 March 2015 - 08:18 AM

Over the last few weeks, I've used many different programs to get rid of some viruses on my PC, I remember some sort of "proxy trojan" which got removed. And now I'm seeing "JS/kryptic.atb trojan" on the scan results.

 

So there's definitely something there

 

If anyone could guide me through the full removal process, it'd be greatly appreciated :)

 

 

 

 

edit: and every so often, when I click a link, it sometimes redirects me to other sites such as: gambling, live chats etc 

 

EDIT: uploaded FRST logs

Attached Files


Edited by Funny nublet, 07 March 2015 - 01:02 PM.


BC AdBot (Login to Remove)

 


#2 Funny nublet

Funny nublet
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 07 March 2015 - 04:07 PM

I just ran an eset online scan and these are the results:

 

C:\AdwCleaner\Quarantine\C\ProgramData\bbgdaniejjpnmjodbkkikahpicilbnbk\i18i8TS.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\dglblkdhlkbbjpcbpojpfhfpgjinlkoo\USH.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Erminijus\AppData\Local\Microsoft\Windows\INetCache\IE\2Y5DZEAN\OrbiterInstaller[1].exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\Users\Erminijus\AppData\Local\Microsoft\Windows\INetCache\IE\3JD6EK7I\spstub[1].exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\Users\Erminijus\AppData\Local\Temp\utt7DEA.tmp.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application deleted - quarantined
C:\Users\Erminijus\Downloads\Core-Temp-installer.exe Win32/Somoto.Q potentially unwanted application deleted - quarantined
C:\Users\Erminijus\Downloads\CrystalDiskInfo5_6_2-en.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Windows\Temp\~nsu.tmp\Au_.exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
E:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application deleted - quarantined
E:\Program Files\CamStudio 2.7\BunndleOfferManager.exe a variant of Win32/Bunndle potentially unsafe application deleted - quarantined
E:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined
E:\Users\Gastro\Downloads\3.8.0.117_20140108021056.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
E:\Users\Gastro\Downloads\CheatEngine63.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
E:\Users\Gastro\Downloads\HSS-3.37-install-e-550-plain (1).exe Win32/Bundled.Toolbar.Ask.L potentially unsafe application deleted - quarantined
E:\Users\Gastro\Downloads\HSS-3.37-install-e-550-plain.exe Win32/Bundled.Toolbar.Ask.L potentially unsafe application deleted - quarantined
E:\Users\Gastro\Downloads\HSS-3.41-install-e-550-plain.exe Win32/Bundled.Toolbar.Ask.L potentially unsafe application deleted - quarantined
E:\Users\Gastro\Downloads\rcsetup151.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Users\Gastro\Downloads\spsetup126.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
E:\Users\Gastro\Downloads\Microsoft Office Proffesional Plus 2010 Corporate Final Full Activated -NoGRp\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated).iso a variant of MSIL/HackKMS.A potentially unsafe application deleted - quarantined
E:\Users\Gastro\Downloads\Windows 7 Loader + Activator v2.0.6 Reloaded - DAZ [Team Rjaa]\Windows 7 Loader + Activator v2.0.6 Reloaded - DAZ [Team Rjaa]\Windows.7.Loader.v2.0.6 Reloaded -DAZ [Team Rjaa].rar40319C32 Win32/HackTool.WinActivator.I potentially unsafe application deleted - quarantined
E:\Users\Gastro\Downloads\Windows 8.1 Update 1 Pro X64 PreActivated\Windows 8.1 Update 1 Pro X64 PreActivated.iso a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application deleted - quarantined


#3 Funny nublet

Funny nublet
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 10 March 2015 - 02:21 PM

Are we allowed to bump on these forums? 



#4 Jo*

Jo*

  • Malware Response Team
  • 3,453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:03 AM

Posted 11 March 2015 - 06:08 AM

:welcome:

Hello Funny nublet,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Funny nublet

Funny nublet
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 11 March 2015 - 01:35 PM

Security Check Results
 
 Results of screen317's Security Check version 0.99.97  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender                     
Bitdefender Antivirus Free Edition   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Google Chrome (41.0.2272.76) 
 Google Chrome (41.0.2272.89) 
 Google Chrome (GoogleUpdate.dll..) 
````````Process Check: objlist.exe by Laurent````````  
 Bitdefender Antivirus Free Edition gzserv.exe  
 Bitdefender Antivirus Free Edition gziface.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
 
 
No malware was found
 
 
Adware cleaner Results
 
# AdwCleaner v4.112 - Logfile created 11/03/2015 at 18:30:55
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Erminijus - GASTRO
# Running from : C:\Users\Erminijus\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17037
 
 
-\\ Google Chrome v41.0.2272.89
 
[C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=4D3522F4-AFAF-47F1-969E-3A651D15C011&apn_ptnrs=U4&apn_sauid=1C1FA7A8-3FB1-45DD-994C-B65A17CE054B&apn_dtid=OSJ000YYUK&q={searchTerms}
[C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=4D3522F4-AFAF-47F1-969E-3A651D15C011&apn_ptnrs=U4&apn_sauid=1C1FA7A8-3FB1-45DD-994C-B65A17CE054B&apn_dtid=OSJ000YYUK&q={searchTerms}
[C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=15527&prt=360&chn=o0&geo=GB&ver=20&locale=en_GB&tpr=111
[C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.disneystore.co.uk/disney/store/DSISearch?Searchstr={searchTerms}&x=18&y=24&storeId=30053&catalogId=10002&langId=-11&Ntx=mode+matchallpartial&N=0&Nu=pProductID&Nr=pPublished%3A1&Ntk=All_Shopping&Ntt=girls+umbrella&D=girls+umbrella&Dr=pPublished%3A1
*************************
 
AdwCleaner[R0].txt - [4344 bytes] - [26/12/2014 17:03:07]
AdwCleaner[R1].txt - [1667 bytes] - [13/02/2015 00:07:21]
AdwCleaner[R2].txt - [1036 bytes] - [16/02/2015 00:53:27]
AdwCleaner[R3].txt - [1096 bytes] - [16/02/2015 01:28:28]
AdwCleaner[R4].txt - [1216 bytes] - [16/02/2015 01:32:19]
AdwCleaner[R5].txt - [1334 bytes] - [26/02/2015 19:47:27]
AdwCleaner[R6].txt - [2393 bytes] - [11/03/2015 18:30:55]
AdwCleaner[S0].txt - [4432 bytes] - [26/12/2014 17:04:01]
AdwCleaner[S1].txt - [1757 bytes] - [13/02/2015 00:09:30]
AdwCleaner[S2].txt - [1165 bytes] - [16/02/2015 01:29:28]
AdwCleaner[S3].txt - [1285 bytes] - [16/02/2015 01:35:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [2688 bytes] ##########


#6 Jo*

Jo*

  • Malware Response Team
  • 3,453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:03 AM

Posted 11 March 2015 - 01:42 PM

Hello Funny nublet,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 Funny nublet

Funny nublet
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 11 March 2015 - 02:05 PM

I must have cleaned using the Adware on the previous post, if that's ok. Do I attach the "Addition.txt" the one that I got just now? Or the one that I did like 5 days ago, I attached the one I just got.

 

Adware Results

 

# AdwCleaner v4.112 - Logfile created 11/03/2015 at 18:37:06

# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Erminijus - GASTRO
# Running from : C:\Users\Erminijus\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17037
 
 
-\\ Google Chrome v41.0.2272.89
 
[C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=4D3522F4-AFAF-47F1-969E-3A651D15C011&apn_ptnrs=U4&apn_sauid=1C1FA7A8-3FB1-45DD-994C-B65A17CE054B&apn_dtid=OSJ000YYUK&q={searchTerms}
[C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=4D3522F4-AFAF-47F1-969E-3A651D15C011&apn_ptnrs=U4&apn_sauid=1C1FA7A8-3FB1-45DD-994C-B65A17CE054B&apn_dtid=OSJ000YYUK&q={searchTerms}
[C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=15527&prt=360&chn=o0&geo=GB&ver=20&locale=en_GB&tpr=111
[C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.disneystore.co.uk/disney/store/DSISearch?Searchstr={searchTerms}&x=18&y=24&storeId=30053&catalogId=10002&langId=-11&Ntx=mode+matchallpartial&N=0&Nu=pProductID&Nr=pPublished%3A1&Ntk=All_Shopping&Ntt=girls+umbrella&D=girls+umbrella&Dr=pPublished%3A1
 
*************************
 
AdwCleaner[R0].txt - [4344 bytes] - [26/12/2014 17:03:07]
AdwCleaner[R1].txt - [1667 bytes] - [13/02/2015 00:07:21]
AdwCleaner[R2].txt - [1036 bytes] - [16/02/2015 00:53:27]
AdwCleaner[R3].txt - [1096 bytes] - [16/02/2015 01:28:28]
AdwCleaner[R4].txt - [1216 bytes] - [16/02/2015 01:32:19]
AdwCleaner[R5].txt - [1334 bytes] - [26/02/2015 19:47:27]
AdwCleaner[R6].txt - [2767 bytes] - [11/03/2015 18:30:55]
AdwCleaner[R7].txt - [2826 bytes] - [11/03/2015 18:35:50]
AdwCleaner[S0].txt - [4432 bytes] - [26/12/2014 17:04:01]
AdwCleaner[S1].txt - [1757 bytes] - [13/02/2015 00:09:30]
AdwCleaner[S2].txt - [1165 bytes] - [16/02/2015 01:29:28]
AdwCleaner[S3].txt - [1285 bytes] - [16/02/2015 01:35:18]
AdwCleaner[S4].txt - [2765 bytes] - [11/03/2015 18:37:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2824  bytes] ##########
 
 
JRT Results
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 8.1 Pro x64
Ran by Erminijus on 11/03/2015 at 18:55:59.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/03/2015 at 18:59:44.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
FRST Results
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Erminijus (administrator) on GASTRO on 11-03-2015 19:02:31
Running from C:\Users\Erminijus\Downloads
Loaded Profiles: Erminijus (Available profiles: Erminijus)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Flux Software LLC) C:\Users\Erminijus\AppData\Local\FluxSoftware\Flux\flux.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Spotify Ltd) C:\Users\Erminijus\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-18] (Electronic Arts)
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\...\Run: [f.lux] => C:\Users\Erminijus\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\...\Run: [Spotify Web Helper] => C:\Users\Erminijus\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-11] (Spotify Ltd)
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\...\Run: [Spotify] => C:\Users\Erminijus\AppData\Roaming\Spotify\Spotify.exe [6611512 2015-03-11] (Spotify Ltd)
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\...\MountPoints2: {2d9404af-5e05-11e4-8253-e069959f233e} - "L:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\...\MountPoints2: {442e1400-78d1-11e4-8258-e069959f233e} - "L:\HTC_Sync_Manager_PC.exe" 
Startup: C:\Users\Erminijus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-08] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-08] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www.trovi.com/?gd=&ctid=CT3325163&octid=EB_ORIGINAL_CTID&ISID=M964AA77F-3EE3-4B4F-9DD9-FA7C33549BEA&SearchSource=55&CUI=&UM=6&UP=SP005C233A-1625-4473-B2F6-1286C7EA40F7&SSPV=
CHR StartupUrls: Profile 1 -> "hxxp://search.conduit.com/?gd=&ctid=CT3320691&octid=EB_ORIGINAL_CTID&ISID=MD5AE7774-E842-4E59-85E0-9689D3A596A6&SearchSource=55&CUI=&UM=5&UP=SP51FDCB03-1701-4DED-9151-68C122338E5C&SSPV="
CHR DefaultSuggestURL: Profile 1 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-10]
CHR Extension: (Google Wallet) - C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-23]
CHR Profile: C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-23]
CHR Extension: (YouTube) - C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-23]
CHR Extension: (Google Search) - C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-23]
CHR Extension: (AdBlock) - C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Google Wallet) - C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-23]
CHR Extension: (Gmail) - C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-23]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-12] (Hi-Rez Studios) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-11-04] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 18cc2389; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\AppendFoobar\AppendFoobar.dll",serv
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-14] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-11 18:59 - 2015-03-11 18:59 - 00000756 _____ () C:\Users\Erminijus\Desktop\JRT.txt
2015-03-11 18:55 - 2015-03-11 18:55 - 01388333 _____ (Thisisu) C:\Users\Erminijus\Desktop\JRT.exe
2015-03-11 18:30 - 2015-03-11 18:30 - 02171392 _____ () C:\Users\Erminijus\Desktop\AdwCleaner.exe
2015-03-11 18:23 - 2015-03-11 18:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-11 18:21 - 2015-03-11 18:30 - 00000000 ____D () C:\Users\Erminijus\Desktop\mbar
2015-03-11 18:21 - 2015-03-11 18:21 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Erminijus\Desktop\mbar-1.09.1.1004.exe
2015-03-11 18:19 - 2015-03-11 18:19 - 00852604 _____ () C:\Users\Erminijus\Desktop\SecurityCheck.exe
2015-03-10 20:08 - 2015-03-10 20:08 - 00005912 _____ () C:\Users\Erminijus\Downloads\LOL_OPGG_Observer_2007927846_spectate.bat
2015-03-10 19:10 - 2015-03-10 19:10 - 00005912 _____ () C:\Users\Erminijus\Downloads\LOL_OPGG_Observer_2007700066_spectate.bat
2015-03-10 18:51 - 2015-03-10 18:51 - 00005912 _____ () C:\Users\Erminijus\Downloads\LOL_OPGG_Observer_2007633215_spectate.bat
2015-03-10 16:12 - 2015-03-10 16:12 - 00005912 _____ () C:\Users\Erminijus\Downloads\Unconfirmed 41297.crdownload
2015-03-10 16:12 - 2015-03-10 16:12 - 00005912 _____ () C:\Users\Erminijus\Downloads\Unconfirmed 102142.crdownload
2015-03-09 10:21 - 2015-03-09 10:21 - 00000886 _____ () C:\Users\Erminijus\Desktop\BitTorrent.lnk
2015-03-09 10:21 - 2015-03-09 10:21 - 00000866 _____ () C:\Users\Erminijus\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-03-09 10:20 - 2015-03-10 02:08 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\BitTorrent
2015-03-09 10:20 - 2015-03-09 10:20 - 01744472 _____ (BitTorrent Inc.) C:\Users\Erminijus\Downloads\BitTorrent.exe
2015-03-07 21:01 - 2015-03-07 21:01 - 00003394 _____ () C:\Users\Erminijus\Downloads\eset.txt
2015-03-07 20:30 - 2015-03-07 20:30 - 01142128 _____ () C:\Users\Erminijus\Downloads\SteamSetup (1).exe
2015-03-07 17:58 - 2015-03-11 19:01 - 00000000 ____D () C:\Users\Erminijus\Downloads\FRST-OlderVersion
2015-03-07 13:36 - 2015-03-07 13:40 - 00000254 _____ () C:\Users\Erminijus\Downloads\Search.txt
2015-03-07 13:34 - 2015-03-11 19:02 - 00015965 _____ () C:\Users\Erminijus\Downloads\FRST.txt
2015-03-07 13:34 - 2015-03-07 17:59 - 00029178 _____ () C:\Users\Erminijus\Downloads\Addition.txt
2015-03-07 13:33 - 2015-03-11 19:02 - 00000000 ____D () C:\FRST
2015-03-07 13:33 - 2015-03-11 19:01 - 02095616 _____ (Farbar) C:\Users\Erminijus\Downloads\FRST64.exe
2015-03-07 12:55 - 2015-03-07 12:55 - 02347384 _____ (ESET) C:\Users\Erminijus\Downloads\esetsmartinstaller_enu.exe
2015-03-02 18:13 - 2015-03-02 18:13 - 00000049 _____ () C:\Users\Erminijus\jagex_cl_runescape_LIVE1.dat
2015-03-01 21:27 - 2015-03-11 18:38 - 00000000 ___RD () C:\Users\Erminijus\Dropbox
2015-03-01 21:27 - 2015-03-11 12:49 - 00001044 _____ () C:\Users\Erminijus\Desktop\Dropbox.lnk
2015-03-01 21:27 - 2015-03-11 12:49 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-01 21:26 - 2015-03-11 18:38 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\Dropbox
2015-03-01 21:26 - 2015-03-01 21:26 - 00355464 _____ (Dropbox, Inc.) C:\Users\Erminijus\Downloads\DropboxInstaller.exe
2015-02-28 01:45 - 2015-03-11 18:50 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d052f8412ac36c.job
2015-02-28 01:45 - 2015-03-11 18:37 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d052f84058d249.job
2015-02-28 01:45 - 2015-02-28 01:45 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d052f8412ac36c
2015-02-28 01:45 - 2015-02-28 01:45 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d052f84058d249
2015-02-27 10:28 - 2015-02-27 10:28 - 00009154 _____ () C:\Users\Erminijus\Downloads\superb_heater_1.0 (5).simba
2015-02-27 01:30 - 2015-02-27 01:30 - 00012328 _____ () C:\Users\Erminijus\Downloads\AlKharidSmelter.simba
2015-02-26 23:59 - 2015-02-26 23:59 - 00000050 _____ () C:\Users\Erminijus\jagex_cl_speccollect_LIVE.dat
2015-02-26 23:22 - 2015-02-26 23:22 - 00172808 _____ () C:\ProgramData\1424992896.bdinstall.bin
2015-02-26 23:22 - 2015-02-26 23:22 - 00002195 _____ () C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
2015-02-26 23:22 - 2015-02-26 23:22 - 00000000 ____D () C:\Windows\LastGood
2015-02-26 23:22 - 2015-02-26 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2015-02-26 23:22 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-02-26 23:22 - 2009-07-15 01:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-02-26 23:21 - 2015-02-26 23:22 - 00000000 ____D () C:\Program Files\Bitdefender
2015-02-26 23:21 - 2015-02-26 23:21 - 10447328 _____ () C:\Users\Erminijus\Downloads\Antivirus_Free_Edition_x64.exe
2015-02-26 23:21 - 2015-02-26 23:21 - 00162208 _____ () C:\Users\Erminijus\Downloads\Antivirus_Free_Edition.exe
2015-02-26 23:21 - 2015-02-26 23:21 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\QuickScan
2015-02-26 23:21 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-02-26 23:21 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-02-26 23:21 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-02-26 23:21 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-02-26 23:07 - 2015-02-26 23:08 - 07908352 _____ (Mysecuritywin) C:\Users\Erminijus\Downloads\xvirus_setup.exe
2015-02-26 19:47 - 2015-02-26 19:47 - 02126848 _____ () C:\Users\Erminijus\Downloads\adwcleaner_4.111.exe
2015-02-26 16:38 - 2015-02-26 16:45 - 428101368 _____ () C:\Users\Erminijus\Documents\clip0004.avi
2015-02-24 21:45 - 2015-02-24 21:45 - 00009154 _____ () C:\Users\Erminijus\Downloads\superb_heater_1.0 (4).simba
2015-02-24 21:42 - 2015-02-24 21:42 - 00009154 _____ () C:\Users\Erminijus\Downloads\superb_heater_1.0 (3).simba
2015-02-24 21:32 - 2015-02-27 11:34 - 00009157 _____ () C:\Users\Erminijus\Downloads\superb_heater_1.0 (2).simba
2015-02-24 21:32 - 2015-02-24 21:32 - 00009154 _____ () C:\Users\Erminijus\Downloads\superb_heater_1.0 (1).simba
2015-02-23 23:05 - 2015-03-02 18:16 - 00000048 _____ () C:\Users\Erminijus\jagex_cl_runescape_LIVE.dat
2015-02-23 21:39 - 2015-02-23 21:39 - 00000690 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-02-23 21:38 - 2015-02-23 21:41 - 00000000 ____D () C:\Users\Erminijus\Documents\Heroes of the Storm
2015-02-23 21:38 - 2015-02-23 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-02-23 21:34 - 2015-02-23 21:34 - 00001208 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-02-23 21:34 - 2015-02-23 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-02-23 21:24 - 2015-02-28 22:25 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-02-23 21:22 - 2015-02-28 23:37 - 00000000 ____D () C:\Users\Erminijus\AppData\Local\Battle.net
2015-02-23 21:22 - 2015-02-27 22:48 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-23 21:22 - 2015-02-23 21:38 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-02-23 21:22 - 2015-02-23 21:23 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\Battle.net
2015-02-23 21:22 - 2015-02-23 21:22 - 00001163 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-02-23 21:22 - 2015-02-23 21:22 - 00000000 ____D () C:\Users\Erminijus\AppData\Local\Blizzard Entertainment
2015-02-23 21:22 - 2015-02-23 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-02-23 21:21 - 2015-02-23 21:21 - 00000000 ____D () C:\ProgramData\Battle.net
2015-02-23 21:20 - 2015-02-23 21:20 - 03081784 _____ (Blizzard Entertainment) C:\Users\Erminijus\Downloads\Heroes-of-the-Storm-Setup-enUS.exe
2015-02-22 22:44 - 2015-02-22 22:44 - 00012125 _____ () C:\Users\Erminijus\Downloads\OLDSEX 1.1PublicEdit (1).simba
2015-02-22 22:43 - 2015-02-22 22:43 - 00012125 _____ () C:\Users\Erminijus\Downloads\OLDSEX 1.1PublicEdit.simba
2015-02-22 19:33 - 2015-02-22 19:35 - 152428336 _____ (Apple Inc.) C:\Users\Erminijus\Downloads\itunes6464setup.exe
2015-02-21 23:57 - 2015-02-21 23:57 - 00008844 _____ () C:\Users\Erminijus\Downloads\MonsterMashPublicV1.10.simba
2015-02-21 23:55 - 2015-02-21 23:55 - 00019422 _____ () C:\Users\Erminijus\Downloads\Baws Magic 1-66.simba
2015-02-21 22:35 - 2015-02-21 22:35 - 00761926 _____ () C:\Users\Erminijus\Downloads\SMARTv8.0 (1).zip
2015-02-21 22:33 - 2015-02-21 22:33 - 00239228 _____ () C:\Users\Erminijus\Downloads\Fonts (1).zip
2015-02-21 22:01 - 2015-02-21 22:01 - 00019178 _____ () C:\Users\Erminijus\Downloads\P07UpChars.zip
2015-02-21 21:59 - 2015-02-21 21:59 - 00690572 _____ () C:\Users\Erminijus\Downloads\SRL-OSR-master (2).zip
2015-02-21 21:31 - 2015-02-21 21:31 - 00690572 _____ () C:\Users\Erminijus\Downloads\SRL-OSR-master (1).zip
2015-02-21 21:30 - 2015-02-21 21:30 - 00051251 _____ () C:\Users\Erminijus\Downloads\Fonts.tar.bz2
2015-02-21 21:13 - 2015-02-21 21:13 - 00045472 _____ () C:\Users\Erminijus\Downloads\P07Include.simba
2015-02-21 14:28 - 2015-03-10 15:37 - 00000048 _____ () C:\Users\Erminijus\jagex_cl_oldschool_LIVE.dat
2015-02-21 14:28 - 2015-02-26 18:13 - 00000024 ____R () C:\Users\Erminijus\random.dat
2015-02-21 14:24 - 2015-02-21 14:27 - 00000000 ____D () C:\Users\Erminijus\OSBuddy
2015-02-21 14:24 - 2015-02-21 14:24 - 00881112 _____ () C:\Users\Erminijus\Downloads\OSBuddy.exe
2015-02-21 14:09 - 2015-02-21 14:09 - 01760040 _____ () C:\Users\Erminijus\Downloads\wrar521.exe
2015-02-21 14:09 - 2015-02-21 14:09 - 00000000 ____D () C:\Users\Erminijus\Downloads\ACA
2015-02-21 14:09 - 2015-02-21 14:09 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\WinRAR
2015-02-21 14:09 - 2015-02-21 14:09 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-21 14:09 - 2015-02-21 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-21 14:09 - 2015-02-21 14:09 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-02-21 14:08 - 2015-02-21 14:08 - 00296871 _____ () C:\Users\Erminijus\Downloads\ACA.rar
2015-02-21 14:06 - 2015-02-21 14:42 - 00000103 _____ () C:\Users\Erminijus\Downloads\HoodzFightersettings.ini
2015-02-21 14:06 - 2015-02-21 14:24 - 00000000 ____D () C:\Users\Erminijus\tmpTopBot-93966
2015-02-21 14:02 - 2015-02-21 14:02 - 03781197 _____ () C:\Users\Erminijus\Downloads\Plugins.zip
2015-02-21 14:01 - 2015-02-21 14:01 - 06262961 _____ () C:\Users\Erminijus\Downloads\AeroLib-master.zip
2015-02-21 14:01 - 2015-02-21 14:01 - 00025583 _____ () C:\Users\Erminijus\Downloads\HoodzFighter Aero V3.simba
2015-02-21 14:01 - 2015-02-21 14:01 - 00001045 _____ () C:\Users\Erminijus\Downloads\HoodzFighter-Aero downloader.simba
2015-02-20 17:17 - 2015-02-20 17:17 - 00000000 ____D () C:\Users\Erminijus\AppData\Local\Steam
2015-02-18 17:42 - 2015-02-18 17:42 - 00003705 _____ () C:\Users\Erminijus\Downloads\transcript.txt
2015-02-18 10:47 - 2015-02-18 10:47 - 00025460 _____ () C:\Users\Erminijus\Downloads\v21122 (3)
2015-02-18 10:45 - 2015-02-18 10:45 - 00025460 _____ () C:\Users\Erminijus\Downloads\v21122 (2)
2015-02-16 22:03 - 2015-02-16 22:03 - 00009154 _____ () C:\Users\Erminijus\Downloads\superb_heater_1.0.simba
2015-02-16 17:54 - 2015-02-20 20:23 - 00000000 ____D () C:\Users\Erminijus\Documents\TBot
2015-02-16 17:54 - 2015-02-16 17:54 - 00008725 _____ () C:\Users\Erminijus\Downloads\topbot.jar
2015-02-16 00:53 - 2015-02-16 00:53 - 02112512 _____ () C:\Users\Erminijus\Downloads\AdwCleaner (2).exe
2015-02-15 16:31 - 2015-02-15 16:31 - 00000000 _____ () C:\Users\Erminijus\Desktop\New Text Document (4).txt
2015-02-14 13:21 - 2015-03-11 18:38 - 00000000 ____D () C:\Users\Erminijus\AppData\Local\CrashDumps
2015-02-14 13:11 - 2015-02-14 13:11 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Erminijus\Downloads\tdsskiller.exe
2015-02-14 13:10 - 2015-02-14 13:10 - 15431256 _____ () C:\Users\Erminijus\Downloads\RogueKiller.exe
2015-02-14 13:10 - 2015-02-14 13:10 - 05611771 _____ (Swearware) C:\Users\Erminijus\Downloads\ComboFix.exe
2015-02-14 13:10 - 2015-02-14 13:10 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-14 13:10 - 2015-02-14 13:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-13 18:33 - 2015-02-13 18:33 - 25624576 _____ () C:\Users\Erminijus\Downloads\SkypeSetup_6.14.0.104.msi
2015-02-13 18:25 - 2015-02-13 18:25 - 01548384 _____ (Skype Technologies S.A.) C:\Users\Erminijus\Downloads\SkypeSetup.exe
2015-02-13 00:07 - 2015-02-13 00:07 - 02112512 _____ () C:\Users\Erminijus\Downloads\AdwCleaner (1).exe
2015-02-12 23:59 - 2015-03-10 11:24 - 00000020 _____ () C:\Users\Erminijus\AppData\Roaming\appdataFr3.bin
2015-02-12 22:39 - 2015-02-12 22:40 - 19075976 _____ (Skype Technologies S.A.) C:\Users\Erminijus\Documents\SkypeSetupFull.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-11 19:00 - 2014-10-24 20:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-11 19:00 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-11 18:57 - 2014-10-23 18:45 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\Skype
2015-03-11 18:57 - 2014-10-23 17:11 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CAFD309D-08BC-4E08-8CC9-20690489D040}
2015-03-11 18:53 - 2014-12-29 20:48 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-11 18:53 - 2014-12-26 17:03 - 00000000 ____D () C:\AdwCleaner
2015-03-11 18:44 - 2014-03-18 10:04 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-11 18:38 - 2014-12-22 22:30 - 00003026 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-03-11 18:38 - 2014-10-26 16:07 - 00000000 ____D () C:\Users\Erminijus\AppData\Local\Spotify
2015-03-11 18:38 - 2014-10-26 16:06 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\Spotify
2015-03-11 18:38 - 2014-10-23 17:01 - 00000000 __RDO () C:\Users\Erminijus\OneDrive
2015-03-11 18:37 - 2014-12-29 20:48 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-11 18:37 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-11 18:37 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-11 18:22 - 2014-10-24 20:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-11 17:57 - 2014-10-23 17:00 - 01526225 _____ () C:\Windows\WindowsUpdate.log
2015-03-11 14:06 - 2014-10-23 17:05 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1839816152-3178768463-1986008053-1001
2015-03-11 13:10 - 2014-10-23 19:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-10 19:17 - 2014-12-29 20:48 - 00002282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-10 12:32 - 2014-11-15 13:12 - 00001592 _____ () C:\Users\Erminijus\Desktop\Rs accounts.txt
2015-03-10 01:45 - 2014-10-29 11:27 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\vlc
2015-03-08 18:15 - 2015-01-01 20:39 - 00000000 ____D () C:\Users\Erminijus\AppData\Local\Adobe
2015-03-07 21:04 - 2014-10-24 01:51 - 00000000 ____D () C:\Windows\Panther
2015-03-07 21:04 - 2014-03-18 09:54 - 00018782 _____ () C:\Windows\PFRO.log
2015-03-07 21:03 - 2014-10-29 11:01 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\uTorrent
2015-03-05 16:15 - 2014-10-23 20:00 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-03-02 18:13 - 2014-10-23 16:57 - 00000000 ____D () C:\Users\Erminijus
2015-02-27 21:04 - 2014-10-24 14:50 - 00002256 ____H () C:\Users\Erminijus\Documents\Default.rdp
2015-02-27 17:04 - 2015-01-24 15:46 - 00000000 ____D () C:\Simba
2015-02-27 11:16 - 2015-01-24 18:30 - 00000000 ____D () C:\ProgramData\{af5f7844-f39b-f8c3-af5f-f7844f39e113}
2015-02-26 23:22 - 2013-08-22 14:46 - 00027071 _____ () C:\Windows\setupact.log
2015-02-25 12:36 - 2015-01-11 00:09 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-02-20 08:08 - 2015-01-11 00:10 - 00000986 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-02-20 08:08 - 2015-01-11 00:10 - 00000974 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-02-16 01:28 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-02-13 18:48 - 2015-01-11 00:10 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\TeamViewer
2015-02-09 01:04 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2015-02-12 23:59 - 2015-03-10 11:24 - 0000020 _____ () C:\Users\Erminijus\AppData\Roaming\appdataFr3.bin
2014-10-23 19:46 - 2014-10-23 19:46 - 0000003 _____ () C:\Users\Erminijus\AppData\Local\updater.log
2014-10-23 19:46 - 2014-12-17 16:14 - 0000425 _____ () C:\Users\Erminijus\AppData\Local\UserProducts.xml
2015-02-26 23:22 - 2015-02-26 23:22 - 0172808 _____ () C:\ProgramData\1424992896.bdinstall.bin
 
Files to move or delete:
====================
C:\Users\Erminijus\jagex_cl_oldschool_LIVE.dat
C:\Users\Erminijus\jagex_cl_runescape_LIVE.dat
C:\Users\Erminijus\jagex_cl_runescape_LIVE1.dat
C:\Users\Erminijus\jagex_cl_speccollect_LIVE.dat
C:\Users\Erminijus\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Erminijus\AppData\Local\Temp\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe
C:\Users\Erminijus\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Erminijus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpseembj.dll
C:\Users\Erminijus\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Erminijus\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Erminijus\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Erminijus\AppData\Local\Temp\ose00000.exe
C:\Users\Erminijus\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Erminijus\AppData\Local\Temp\SRLDetectionLibrary3977366485222039676.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-06 08:12
 
==================== End Of Log ============================
 
 
 
 

Attached Files



#8 Jo*

Jo*

  • Malware Response Team
  • 3,453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:03 AM

Posted 11 March 2015 - 02:12 PM

Hello Funny nublet,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
EmptyTemp:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HomePage: Profile 1 -> hxxp://www.trovi.com/?gd=&ctid=CT3325163&octid=EB_ORIGINAL_CTID&ISID=M964AA77F-3EE3-4B4F-9DD9-FA7C33549BEA&SearchSource=55&CUI=&UM=6&UP=SP005C233A-1625-4473-B2F6-1286C7EA40F7&SSPV=
CHR StartupUrls: Profile 1 -> "hxxp://search.conduit.com/?gd=&ctid=CT3320691&octid=EB_ORIGINAL_CTID&ISID=MD5AE7774-E842-4E59-85E0-9689D3A596A6&SearchSource=55&CUI=&UM=5&UP=SP51FDCB03-1701-4DED-9151-68C122338E5C&SSPV="
C:\Users\Erminijus\jagex_cl_oldschool_LIVE.dat 
C:\Users\Erminijus\jagex_cl_runescape_LIVE.dat 
C:\Users\Erminijus\jagex_cl_runescape_LIVE1.dat 
C:\Users\Erminijus\jagex_cl_speccollect_LIVE.dat 
C:\Users\Erminijus\random.dat
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Funny nublet

Funny nublet
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 11 March 2015 - 02:38 PM

1st Scan
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Erminijus at 2015-03-11 19:34:07 Run:1
Running from C:\Users\Erminijus\Downloads
Loaded Profiles: Erminijus (Available profiles: Erminijus)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
EmptyTemp:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HomePage: Profile 1 -> hxxp://www.trovi.com/?gd=&ctid=CT3325163&octid=EB_ORIGINAL_CTID&ISID=M964AA77F-3EE3-4B4F-9DD9-FA7C33549BEA&SearchSource=55&CUI=&UM=6&UP=SP005C233A-1625-4473-B2F6-1286C7EA40F7&SSPV=
CHR StartupUrls: Profile 1 -> "hxxp://search.conduit.com/?gd=&ctid=CT3320691&octid=EB_ORIGINAL_CTID&ISID=MD5AE7774-E842-4E59-85E0-9689D3A596A6&SearchSource=55&CUI=&UM=5&UP=SP51FDCB03-1701-4DED-9151-68C122338E5C&SSPV="
C:\Users\Erminijus\jagex_cl_oldschool_LIVE.dat 
C:\Users\Erminijus\jagex_cl_runescape_LIVE.dat 
C:\Users\Erminijus\jagex_cl_runescape_LIVE1.dat 
C:\Users\Erminijus\jagex_cl_speccollect_LIVE.dat 
C:\Users\Erminijus\random.dat
end
*****************
 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Users\Erminijus\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\Erminijus\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Erminijus\jagex_cl_runescape_LIVE1.dat => Moved successfully.
C:\Users\Erminijus\jagex_cl_speccollect_LIVE.dat => Moved successfully.
C:\Users\Erminijus\random.dat => Moved successfully.
EmptyTemp: => Removed 2.8 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:35:16 ====
 
 
2nd Scan
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Erminijus (administrator) on GASTRO on 11-03-2015 19:37:32
Running from C:\Users\Erminijus\Downloads
Loaded Profiles: Erminijus (Available profiles: Erminijus)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Flux Software LLC) C:\Users\Erminijus\AppData\Local\FluxSoftware\Flux\flux.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Erminijus\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Erminijus\AppData\Roaming\Spotify\Spotify.exe
(Dropbox, Inc.) C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Spotify Ltd) C:\Users\Erminijus\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Spotify Ltd) C:\Users\Erminijus\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Erminijus\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-18] (Electronic Arts)
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\...\Run: [f.lux] => C:\Users\Erminijus\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\...\Run: [Spotify Web Helper] => C:\Users\Erminijus\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-11] (Spotify Ltd)
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\...\Run: [Spotify] => C:\Users\Erminijus\AppData\Roaming\Spotify\Spotify.exe [6611512 2015-03-11] (Spotify Ltd)
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\...\MountPoints2: {2d9404af-5e05-11e4-8253-e069959f233e} - "L:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\...\MountPoints2: {442e1400-78d1-11e4-8258-e069959f233e} - "L:\HTC_Sync_Manager_PC.exe" 
Startup: C:\Users\Erminijus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Erminijus\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1839816152-3178768463-1986008053-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-08] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-08] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-10]
CHR Extension: (Google Wallet) - C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-23]
CHR Profile: C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Wallet) - C:\Users\Erminijus\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-23]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-12] (Hi-Rez Studios) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-11-04] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 18cc2389; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\AppendFoobar\AppendFoobar.dll",serv
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-14] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-11 18:59 - 2015-03-11 18:59 - 00000756 _____ () C:\Users\Erminijus\Desktop\JRT.txt
2015-03-11 18:55 - 2015-03-11 18:55 - 01388333 _____ (Thisisu) C:\Users\Erminijus\Desktop\JRT.exe
2015-03-11 18:30 - 2015-03-11 18:30 - 02171392 _____ () C:\Users\Erminijus\Desktop\AdwCleaner.exe
2015-03-11 18:23 - 2015-03-11 18:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-11 18:21 - 2015-03-11 18:30 - 00000000 ____D () C:\Users\Erminijus\Desktop\mbar
2015-03-11 18:21 - 2015-03-11 18:21 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Erminijus\Desktop\mbar-1.09.1.1004.exe
2015-03-11 18:19 - 2015-03-11 18:19 - 00852604 _____ () C:\Users\Erminijus\Desktop\SecurityCheck.exe
2015-03-10 20:08 - 2015-03-10 20:08 - 00005912 _____ () C:\Users\Erminijus\Downloads\LOL_OPGG_Observer_2007927846_spectate.bat
2015-03-10 19:10 - 2015-03-10 19:10 - 00005912 _____ () C:\Users\Erminijus\Downloads\LOL_OPGG_Observer_2007700066_spectate.bat
2015-03-10 18:51 - 2015-03-10 18:51 - 00005912 _____ () C:\Users\Erminijus\Downloads\LOL_OPGG_Observer_2007633215_spectate.bat
2015-03-10 16:12 - 2015-03-10 16:12 - 00005912 _____ () C:\Users\Erminijus\Downloads\Unconfirmed 41297.crdownload
2015-03-10 16:12 - 2015-03-10 16:12 - 00005912 _____ () C:\Users\Erminijus\Downloads\Unconfirmed 102142.crdownload
2015-03-09 10:21 - 2015-03-09 10:21 - 00000886 _____ () C:\Users\Erminijus\Desktop\BitTorrent.lnk
2015-03-09 10:21 - 2015-03-09 10:21 - 00000866 _____ () C:\Users\Erminijus\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-03-09 10:20 - 2015-03-10 02:08 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\BitTorrent
2015-03-09 10:20 - 2015-03-09 10:20 - 01744472 _____ (BitTorrent Inc.) C:\Users\Erminijus\Downloads\BitTorrent.exe
2015-03-07 21:01 - 2015-03-07 21:01 - 00003394 _____ () C:\Users\Erminijus\Downloads\eset.txt
2015-03-07 20:30 - 2015-03-07 20:30 - 01142128 _____ () C:\Users\Erminijus\Downloads\SteamSetup (1).exe
2015-03-07 17:58 - 2015-03-11 19:01 - 00000000 ____D () C:\Users\Erminijus\Downloads\FRST-OlderVersion
2015-03-07 13:36 - 2015-03-07 13:40 - 00000254 _____ () C:\Users\Erminijus\Downloads\Search.txt
2015-03-07 13:34 - 2015-03-11 19:37 - 00014497 _____ () C:\Users\Erminijus\Downloads\FRST.txt
2015-03-07 13:34 - 2015-03-11 19:03 - 00018404 _____ () C:\Users\Erminijus\Downloads\Addition.txt
2015-03-07 13:33 - 2015-03-11 19:37 - 00000000 ____D () C:\FRST
2015-03-07 13:33 - 2015-03-11 19:01 - 02095616 _____ (Farbar) C:\Users\Erminijus\Downloads\FRST64.exe
2015-03-07 12:55 - 2015-03-07 12:55 - 02347384 _____ (ESET) C:\Users\Erminijus\Downloads\esetsmartinstaller_enu.exe
2015-03-01 21:27 - 2015-03-11 19:36 - 00000000 ___RD () C:\Users\Erminijus\Dropbox
2015-03-01 21:27 - 2015-03-11 12:49 - 00001044 _____ () C:\Users\Erminijus\Desktop\Dropbox.lnk
2015-03-01 21:27 - 2015-03-11 12:49 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-01 21:26 - 2015-03-11 19:36 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\Dropbox
2015-03-01 21:26 - 2015-03-01 21:26 - 00355464 _____ (Dropbox, Inc.) C:\Users\Erminijus\Downloads\DropboxInstaller.exe
2015-02-28 01:45 - 2015-03-11 19:35 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d052f84058d249.job
2015-02-28 01:45 - 2015-03-11 18:50 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d052f8412ac36c.job
2015-02-28 01:45 - 2015-02-28 01:45 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d052f8412ac36c
2015-02-28 01:45 - 2015-02-28 01:45 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d052f84058d249
2015-02-27 10:28 - 2015-02-27 10:28 - 00009154 _____ () C:\Users\Erminijus\Downloads\superb_heater_1.0 (5).simba
2015-02-27 01:30 - 2015-02-27 01:30 - 00012328 _____ () C:\Users\Erminijus\Downloads\AlKharidSmelter.simba
2015-02-26 23:22 - 2015-02-26 23:22 - 00172808 _____ () C:\ProgramData\1424992896.bdinstall.bin
2015-02-26 23:22 - 2015-02-26 23:22 - 00002195 _____ () C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
2015-02-26 23:22 - 2015-02-26 23:22 - 00000000 ____D () C:\Windows\LastGood
2015-02-26 23:22 - 2015-02-26 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2015-02-26 23:22 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-02-26 23:22 - 2009-07-15 01:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-02-26 23:21 - 2015-02-26 23:22 - 00000000 ____D () C:\Program Files\Bitdefender
2015-02-26 23:21 - 2015-02-26 23:21 - 10447328 _____ () C:\Users\Erminijus\Downloads\Antivirus_Free_Edition_x64.exe
2015-02-26 23:21 - 2015-02-26 23:21 - 00162208 _____ () C:\Users\Erminijus\Downloads\Antivirus_Free_Edition.exe
2015-02-26 23:21 - 2015-02-26 23:21 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\QuickScan
2015-02-26 23:21 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-02-26 23:21 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-02-26 23:21 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-02-26 23:21 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-02-26 23:07 - 2015-02-26 23:08 - 07908352 _____ (Mysecuritywin) C:\Users\Erminijus\Downloads\xvirus_setup.exe
2015-02-26 19:47 - 2015-02-26 19:47 - 02126848 _____ () C:\Users\Erminijus\Downloads\adwcleaner_4.111.exe
2015-02-26 16:38 - 2015-02-26 16:45 - 428101368 _____ () C:\Users\Erminijus\Documents\clip0004.avi
2015-02-24 21:45 - 2015-02-24 21:45 - 00009154 _____ () C:\Users\Erminijus\Downloads\superb_heater_1.0 (4).simba
2015-02-24 21:42 - 2015-02-24 21:42 - 00009154 _____ () C:\Users\Erminijus\Downloads\superb_heater_1.0 (3).simba
2015-02-24 21:32 - 2015-02-27 11:34 - 00009157 _____ () C:\Users\Erminijus\Downloads\superb_heater_1.0 (2).simba
2015-02-24 21:32 - 2015-02-24 21:32 - 00009154 _____ () C:\Users\Erminijus\Downloads\superb_heater_1.0 (1).simba
2015-02-23 21:39 - 2015-02-23 21:39 - 00000690 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-02-23 21:38 - 2015-02-23 21:41 - 00000000 ____D () C:\Users\Erminijus\Documents\Heroes of the Storm
2015-02-23 21:38 - 2015-02-23 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-02-23 21:34 - 2015-02-23 21:34 - 00001208 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-02-23 21:34 - 2015-02-23 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-02-23 21:24 - 2015-02-28 22:25 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-02-23 21:22 - 2015-02-28 23:37 - 00000000 ____D () C:\Users\Erminijus\AppData\Local\Battle.net
2015-02-23 21:22 - 2015-02-27 22:48 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-23 21:22 - 2015-02-23 21:38 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-02-23 21:22 - 2015-02-23 21:23 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\Battle.net
2015-02-23 21:22 - 2015-02-23 21:22 - 00001163 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-02-23 21:22 - 2015-02-23 21:22 - 00000000 ____D () C:\Users\Erminijus\AppData\Local\Blizzard Entertainment
2015-02-23 21:22 - 2015-02-23 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-02-23 21:21 - 2015-02-23 21:21 - 00000000 ____D () C:\ProgramData\Battle.net
2015-02-23 21:20 - 2015-02-23 21:20 - 03081784 _____ (Blizzard Entertainment) C:\Users\Erminijus\Downloads\Heroes-of-the-Storm-Setup-enUS.exe
2015-02-22 22:44 - 2015-02-22 22:44 - 00012125 _____ () C:\Users\Erminijus\Downloads\OLDSEX 1.1PublicEdit (1).simba
2015-02-22 22:43 - 2015-02-22 22:43 - 00012125 _____ () C:\Users\Erminijus\Downloads\OLDSEX 1.1PublicEdit.simba
2015-02-22 19:33 - 2015-02-22 19:35 - 152428336 _____ (Apple Inc.) C:\Users\Erminijus\Downloads\itunes6464setup.exe
2015-02-21 23:57 - 2015-02-21 23:57 - 00008844 _____ () C:\Users\Erminijus\Downloads\MonsterMashPublicV1.10.simba
2015-02-21 23:55 - 2015-02-21 23:55 - 00019422 _____ () C:\Users\Erminijus\Downloads\Baws Magic 1-66.simba
2015-02-21 22:35 - 2015-02-21 22:35 - 00761926 _____ () C:\Users\Erminijus\Downloads\SMARTv8.0 (1).zip
2015-02-21 22:33 - 2015-02-21 22:33 - 00239228 _____ () C:\Users\Erminijus\Downloads\Fonts (1).zip
2015-02-21 22:01 - 2015-02-21 22:01 - 00019178 _____ () C:\Users\Erminijus\Downloads\P07UpChars.zip
2015-02-21 21:59 - 2015-02-21 21:59 - 00690572 _____ () C:\Users\Erminijus\Downloads\SRL-OSR-master (2).zip
2015-02-21 21:31 - 2015-02-21 21:31 - 00690572 _____ () C:\Users\Erminijus\Downloads\SRL-OSR-master (1).zip
2015-02-21 21:30 - 2015-02-21 21:30 - 00051251 _____ () C:\Users\Erminijus\Downloads\Fonts.tar.bz2
2015-02-21 21:13 - 2015-02-21 21:13 - 00045472 _____ () C:\Users\Erminijus\Downloads\P07Include.simba
2015-02-21 14:24 - 2015-02-21 14:27 - 00000000 ____D () C:\Users\Erminijus\OSBuddy
2015-02-21 14:24 - 2015-02-21 14:24 - 00881112 _____ () C:\Users\Erminijus\Downloads\OSBuddy.exe
2015-02-21 14:09 - 2015-02-21 14:09 - 01760040 _____ () C:\Users\Erminijus\Downloads\wrar521.exe
2015-02-21 14:09 - 2015-02-21 14:09 - 00000000 ____D () C:\Users\Erminijus\Downloads\ACA
2015-02-21 14:09 - 2015-02-21 14:09 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\WinRAR
2015-02-21 14:09 - 2015-02-21 14:09 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-21 14:09 - 2015-02-21 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-21 14:09 - 2015-02-21 14:09 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-02-21 14:08 - 2015-02-21 14:08 - 00296871 _____ () C:\Users\Erminijus\Downloads\ACA.rar
2015-02-21 14:06 - 2015-02-21 14:42 - 00000103 _____ () C:\Users\Erminijus\Downloads\HoodzFightersettings.ini
2015-02-21 14:06 - 2015-02-21 14:24 - 00000000 ____D () C:\Users\Erminijus\tmpTopBot-93966
2015-02-21 14:02 - 2015-02-21 14:02 - 03781197 _____ () C:\Users\Erminijus\Downloads\Plugins.zip
2015-02-21 14:01 - 2015-02-21 14:01 - 06262961 _____ () C:\Users\Erminijus\Downloads\AeroLib-master.zip
2015-02-21 14:01 - 2015-02-21 14:01 - 00025583 _____ () C:\Users\Erminijus\Downloads\HoodzFighter Aero V3.simba
2015-02-21 14:01 - 2015-02-21 14:01 - 00001045 _____ () C:\Users\Erminijus\Downloads\HoodzFighter-Aero downloader.simba
2015-02-20 17:17 - 2015-02-20 17:17 - 00000000 ____D () C:\Users\Erminijus\AppData\Local\Steam
2015-02-18 17:42 - 2015-02-18 17:42 - 00003705 _____ () C:\Users\Erminijus\Downloads\transcript.txt
2015-02-18 10:47 - 2015-02-18 10:47 - 00025460 _____ () C:\Users\Erminijus\Downloads\v21122 (3)
2015-02-18 10:45 - 2015-02-18 10:45 - 00025460 _____ () C:\Users\Erminijus\Downloads\v21122 (2)
2015-02-16 22:03 - 2015-02-16 22:03 - 00009154 _____ () C:\Users\Erminijus\Downloads\superb_heater_1.0.simba
2015-02-16 17:54 - 2015-02-20 20:23 - 00000000 ____D () C:\Users\Erminijus\Documents\TBot
2015-02-16 17:54 - 2015-02-16 17:54 - 00008725 _____ () C:\Users\Erminijus\Downloads\topbot.jar
2015-02-16 00:53 - 2015-02-16 00:53 - 02112512 _____ () C:\Users\Erminijus\Downloads\AdwCleaner (2).exe
2015-02-15 16:31 - 2015-02-15 16:31 - 00000000 _____ () C:\Users\Erminijus\Desktop\New Text Document (4).txt
2015-02-14 13:21 - 2015-03-11 19:36 - 00000000 ____D () C:\Users\Erminijus\AppData\Local\CrashDumps
2015-02-14 13:11 - 2015-02-14 13:11 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Erminijus\Downloads\tdsskiller.exe
2015-02-14 13:10 - 2015-02-14 13:10 - 15431256 _____ () C:\Users\Erminijus\Downloads\RogueKiller.exe
2015-02-14 13:10 - 2015-02-14 13:10 - 05611771 _____ (Swearware) C:\Users\Erminijus\Downloads\ComboFix.exe
2015-02-14 13:10 - 2015-02-14 13:10 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-14 13:10 - 2015-02-14 13:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-13 18:33 - 2015-02-13 18:33 - 25624576 _____ () C:\Users\Erminijus\Downloads\SkypeSetup_6.14.0.104.msi
2015-02-13 18:25 - 2015-02-13 18:25 - 01548384 _____ (Skype Technologies S.A.) C:\Users\Erminijus\Downloads\SkypeSetup.exe
2015-02-13 00:07 - 2015-02-13 00:07 - 02112512 _____ () C:\Users\Erminijus\Downloads\AdwCleaner (1).exe
2015-02-12 23:59 - 2015-03-10 11:24 - 00000020 _____ () C:\Users\Erminijus\AppData\Roaming\appdataFr3.bin
2015-02-12 22:39 - 2015-02-12 22:40 - 19075976 _____ (Skype Technologies S.A.) C:\Users\Erminijus\Documents\SkypeSetupFull.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-11 19:37 - 2014-10-23 18:45 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\Skype
2015-03-11 19:36 - 2014-12-22 22:30 - 00003026 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-03-11 19:36 - 2014-10-26 16:07 - 00000000 ____D () C:\Users\Erminijus\AppData\Local\Spotify
2015-03-11 19:36 - 2014-10-26 16:06 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\Spotify
2015-03-11 19:36 - 2014-10-24 20:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-11 19:36 - 2014-10-23 17:01 - 00000000 __RDO () C:\Users\Erminijus\OneDrive
2015-03-11 19:35 - 2014-12-29 20:48 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-11 19:35 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-11 19:35 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-11 19:34 - 2014-10-23 16:57 - 00000000 ____D () C:\Users\Erminijus
2015-03-11 19:28 - 2014-10-23 17:11 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CAFD309D-08BC-4E08-8CC9-20690489D040}
2015-03-11 19:00 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-11 18:53 - 2014-12-29 20:48 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-11 18:53 - 2014-12-26 17:03 - 00000000 ____D () C:\AdwCleaner
2015-03-11 18:44 - 2014-03-18 10:04 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-11 18:22 - 2014-10-24 20:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-11 17:57 - 2014-10-23 17:00 - 01526225 _____ () C:\Windows\WindowsUpdate.log
2015-03-11 14:06 - 2014-10-23 17:05 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1839816152-3178768463-1986008053-1001
2015-03-11 13:10 - 2014-10-23 19:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-10 19:17 - 2014-12-29 20:48 - 00002282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-10 12:32 - 2014-11-15 13:12 - 00001592 _____ () C:\Users\Erminijus\Desktop\Rs accounts.txt
2015-03-10 01:45 - 2014-10-29 11:27 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\vlc
2015-03-08 18:15 - 2015-01-01 20:39 - 00000000 ____D () C:\Users\Erminijus\AppData\Local\Adobe
2015-03-07 21:04 - 2014-10-24 01:51 - 00000000 ____D () C:\Windows\Panther
2015-03-07 21:04 - 2014-03-18 09:54 - 00018782 _____ () C:\Windows\PFRO.log
2015-03-07 21:03 - 2014-10-29 11:01 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\uTorrent
2015-03-05 16:15 - 2014-10-23 20:00 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-27 21:04 - 2014-10-24 14:50 - 00002256 ____H () C:\Users\Erminijus\Documents\Default.rdp
2015-02-27 17:04 - 2015-01-24 15:46 - 00000000 ____D () C:\Simba
2015-02-27 11:16 - 2015-01-24 18:30 - 00000000 ____D () C:\ProgramData\{af5f7844-f39b-f8c3-af5f-f7844f39e113}
2015-02-26 23:22 - 2013-08-22 14:46 - 00027071 _____ () C:\Windows\setupact.log
2015-02-25 12:36 - 2015-01-11 00:09 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-02-20 08:08 - 2015-01-11 00:10 - 00000986 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-02-20 08:08 - 2015-01-11 00:10 - 00000974 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-02-16 01:28 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-02-13 18:48 - 2015-01-11 00:10 - 00000000 ____D () C:\Users\Erminijus\AppData\Roaming\TeamViewer
2015-02-09 01:04 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2015-02-12 23:59 - 2015-03-10 11:24 - 0000020 _____ () C:\Users\Erminijus\AppData\Roaming\appdataFr3.bin
2014-10-23 19:46 - 2014-10-23 19:46 - 0000003 _____ () C:\Users\Erminijus\AppData\Local\updater.log
2014-10-23 19:46 - 2014-12-17 16:14 - 0000425 _____ () C:\Users\Erminijus\AppData\Local\UserProducts.xml
2015-02-26 23:22 - 2015-02-26 23:22 - 0172808 _____ () C:\ProgramData\1424992896.bdinstall.bin
 
Some content of TEMP:
====================
C:\Users\Erminijus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_t2_2f.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-06 08:12
 
==================== End Of Log ============================


#10 Funny nublet

Funny nublet
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 11 March 2015 - 02:43 PM

I just seemed to have lost all my most visited sites, was that something that that was done by you? 

 

I'm sure I can sync them back, but just wondering :)

 

edit: along with all my saved passwords

 

 

And I just got a random popup advert redirect when clicking a URL :/


Edited by Funny nublet, 11 March 2015 - 03:13 PM.


#11 Jo*

Jo*

  • Malware Response Team
  • 3,453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:03 AM

Posted 11 March 2015 - 03:19 PM

Hello Funny nublet,

the most visited sites are gone, because we deleted temp files:
> EmptyTemp: => Removed 2.8 GB temporary data.

I do not know why your passwords are gone.
Were they saved in your browser and can you remember / restore them?
 

***


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 Funny nublet

Funny nublet
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 11 March 2015 - 03:26 PM

Alright, password seemed to be synced now, so that's all fine :)

 

I still get that random pop up to gambling and live chats after clicking a link



#13 Funny nublet

Funny nublet
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 11 March 2015 - 03:33 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/03/2015
Scan Time: 20:22:55
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.03.11.05
Rootkit Database: v2015.02.25.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Erminijus
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340078
Time Elapsed: 5 min, 34 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#14 Funny nublet

Funny nublet
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 12 March 2015 - 08:49 AM

Scan was at 8 hours yesterday and only 73%, had to end due to PC shutdown. Should I rerun it today?



#15 Jo*

Jo*

  • Malware Response Team
  • 3,453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:03 AM

Posted 12 March 2015 - 09:04 AM

rerun it today please

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users