Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Find-all-you-want.com redirect in all of my browsers, no extensions.


  • This topic is locked This topic is locked
14 replies to this topic

#1 discombobulationist

discombobulationist

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 10 March 2015 - 11:10 PM

This has been going on for a couple of months now. I get redirected to Find-all-you-want.com first and then it quickly redirects through 3 other sites before landing on some page that's remotely related to what I was looking at before. I've got Panda AV, and I've run MalwareBytes, YAC, and a few more, but no luck. I've been reading a few other posts with the same problem, and it looks like a "hijacked hosts file"? However, I have no idea what that is, and I didn't want to try to follow somebody else's guidance and mess my system up. I've attached the Farbar addition txt, and I've pasted the FRST txt below:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2015 01
Ran by Doug (administrator) on BEDROOM on 10-03-2015 21:50:30
Running from C:\Users\Doug\Desktop
Loaded Profiles: Doug (Available profiles: Doug)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [371864 2012-04-05] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe,
HKU\S-1-5-21-910110538-2245187606-297430099-1001\...\Run: [Google Update] => C:\Users\Doug\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-02] (Google Inc.)
HKU\S-1-5-21-910110538-2245187606-297430099-1001\...\Run: [MusicManager] => C:\Users\Doug\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2014-11-13] (Google Inc.)
HKU\S-1-5-21-910110538-2245187606-297430099-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
HKU\S-1-5-21-910110538-2245187606-297430099-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKU\S-1-5-21-910110538-2245187606-297430099-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-910110538-2245187606-297430099-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-10] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-10] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-10] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-10] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1A1C4688-982D-4442-854F-9A7A900CFF06}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{4AA66CCF-86C7-410F-945E-E5B9F0D89A3B}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{B8B04001-9448-4DAD-B608-0D8C94B6EA7D}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{FE165001-3BD5-4655-AD82-94445A776CEC}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-04-05] (Citrix Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-910110538-2245187606-297430099-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Doug\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-910110538-2245187606-297430099-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Doug\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-910110538-2245187606-297430099-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Doug\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2015-02-12] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> https://news.google.com/
CHR Profile: C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-05]
CHR Extension: (YouTube) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Google Search) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (Google Sheets) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (AdBlock) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-07]
CHR Extension: (Google Wallet) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]
CHR Extension: (Gmail) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-10-06] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2693448 2014-11-25] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-04] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1978584 2014-08-13] (VMware, Inc.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [528600 2014-08-29] (VMware, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-09-26] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S1 cetzdych; \??\C:\WINDOWS\system32\drivers\cetzdych.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-10 21:50 - 2015-03-10 21:51 - 00023619 _____ () C:\Users\Doug\Desktop\FRST.txt
2015-03-10 21:50 - 2015-03-10 21:50 - 00000000 ____D () C:\FRST
2015-03-10 21:47 - 2015-03-10 21:47 - 02095104 _____ (Farbar) C:\Users\Doug\Desktop\FRST64.exe
2015-03-10 20:16 - 2015-03-10 20:16 - 02953520 _____ (AVAST Software) C:\Users\Doug\Downloads\avast-browser-cleanup.exe
2015-03-10 20:14 - 2015-03-10 20:14 - 02171392 _____ () C:\Users\Doug\Downloads\adwcleaner_4.112.exe
2015-03-04 13:41 - 2015-03-09 20:19 - 00000000 ____D () C:\Users\Doug\AppData\Local\My Games
2015-03-04 13:07 - 2015-03-04 13:07 - 00000538 _____ () C:\WINDOWS\DXError.log
2015-03-04 13:07 - 2015-03-04 13:07 - 00000000 ____D () C:\Program Files (x86)\2K Games
2015-03-04 13:05 - 2015-03-04 13:05 - 00000000 ____D () C:\Users\Doug\AppData\Roaming\InstallShield
2015-03-04 09:52 - 2015-03-04 11:50 - 2716307456 _____ () C:\Users\Doug\Desktop\Civilization.IV.Complete.Edition.PL..iso
2015-02-27 19:39 - 2015-02-27 19:39 - 02142507 _____ () C:\Users\Doug\Downloads\plugin.video.SportsDevil-2015-02-23.zip
2015-02-27 19:30 - 2015-02-27 19:30 - 01887983 _____ () C:\Users\Doug\Downloads\plugin.video.SportsDevil-1.8.5.7.zip
2015-02-27 19:09 - 2015-02-27 19:09 - 00000582 _____ () C:\Users\Doug\Downloads\repository.MaxMustermann.xbmc-1.0.1.zip
2015-02-27 16:30 - 2015-02-27 16:30 - 07050304 _____ (Microsoft Corporation) C:\Users\Doug\Downloads\ZoomInstaller.exe
2015-02-27 16:30 - 2015-02-27 16:30 - 00000000 ____D () C:\Users\Doug\AppData\Roaming\Zoom
2015-02-27 16:30 - 2015-02-27 16:30 - 00000000 ____D () C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2015-02-27 11:37 - 2015-03-06 21:01 - 00000000 ____D () C:\Users\Doug\AppData\Roaming\XBMC
2015-02-27 11:35 - 2015-02-27 11:35 - 00000000 ____D () C:\Users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
2015-02-27 11:34 - 2015-02-27 11:35 - 00000000 ____D () C:\Program Files (x86)\XBMC
2015-02-27 11:28 - 2015-02-27 11:31 - 63850156 _____ () C:\Users\Doug\Downloads\xbmc-13.2-Gotham.exe
2015-02-26 21:01 - 2015-02-26 21:01 - 00001392 _____ () C:\Users\Doug\Downloads\AOE3 AND BOTH EXPANSIONS FULLY UPDATED - Shortcut.lnk
2015-02-26 20:14 - 2015-02-26 20:18 - 71136326 _____ () C:\Users\Doug\Downloads\kodi-14.2-Helix_beta1 (1).exe
2015-02-26 19:56 - 2014-03-25 08:15 - 00060400 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2015-02-26 10:08 - 2015-02-26 10:08 - 00037770 _____ () C:\Users\Doug\Downloads\metadata.movie.cduniverse.com-1.0.7.zip
2015-02-26 09:55 - 2015-02-26 09:55 - 01206384 _____ () C:\Users\Doug\Downloads\plugin.video.videodevil-1.7.102.zip
2015-02-26 09:39 - 2015-02-26 09:40 - 01010710 _____ () C:\Users\Doug\Downloads\plugin.video.videodevil-1.7.99.zip
2015-02-25 10:48 - 2015-03-06 23:58 - 00001818 ____H () C:\Users\Doug\.swfinfo
2015-02-25 07:47 - 2014-12-13 16:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 07:47 - 2014-12-13 16:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 07:47 - 2014-10-28 20:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 07:47 - 2014-10-28 20:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 07:47 - 2014-10-28 20:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 07:47 - 2014-10-28 20:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-24 23:40 - 2015-02-27 10:24 - 00000000 ____D () C:\Program Files (x86)\Kodi
2015-02-24 23:38 - 2015-02-24 23:40 - 71136326 _____ () C:\Users\Doug\Downloads\kodi-14.2-Helix_beta1.exe
2015-02-22 18:39 - 2015-02-22 18:39 - 00944788 _____ () C:\Users\Doug\Downloads\installer_adobe_flash_player_English.exe
2015-02-20 16:23 - 2015-02-20 16:23 - 00612224 _____ () C:\WINDOWS\Minidump\022015-30562-01.dmp
2015-02-19 20:18 - 2015-02-19 20:18 - 00000000 ____D () C:\ProgramData\HP
2015-02-19 20:18 - 2015-02-19 20:18 - 00000000 ____D () C:\HPSDM
2015-02-19 20:17 - 2015-02-19 20:17 - 00000000 ____D () C:\Users\Doug\AppData\Roaming\hpqLog
2015-02-19 20:17 - 2015-02-19 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-02-19 20:17 - 2015-02-19 20:17 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-02-19 20:15 - 2015-02-19 20:16 - 20562712 _____ (Hewlett-Packard Company ) C:\Users\Doug\Downloads\HP_SDM_Setup.exe
2015-02-14 17:11 - 2015-02-14 17:11 - 02112512 _____ () C:\Users\Doug\Downloads\adwcleaner_4.110 (1).exe
2015-02-14 17:11 - 2015-02-14 17:11 - 01388274 _____ (Thisisu) C:\Users\Doug\Downloads\JRT (2).exe
2015-02-14 16:55 - 2015-03-10 20:19 - 00000000 ____D () C:\AdwCleaner
2015-02-14 16:54 - 2015-02-14 16:54 - 02112512 _____ () C:\Users\Doug\Downloads\adwcleaner_4.110.exe
2015-02-14 16:53 - 2015-02-14 16:53 - 01388274 _____ (Thisisu) C:\Users\Doug\Downloads\JRT (1).exe
2015-02-14 16:52 - 2015-02-14 16:52 - 00000863 _____ () C:\Users\Doug\Desktop\JRT.txt
2015-02-14 16:48 - 2015-02-14 16:48 - 01388274 _____ (Thisisu) C:\Users\Doug\Downloads\JRT.exe
2015-02-13 07:03 - 2014-11-25 18:15 - 12890312 _____ (NVIDIA Corporation) C:\Users\Doug\nvlddmkm.sys
2015-02-13 07:03 - 2014-11-25 18:15 - 07489662 _____ () C:\Users\Doug\nvlddmkm.sy_
2015-02-13 07:02 - 2014-11-25 18:15 - 07489662 _____ () C:\nvlddmkm.sy_
2015-02-12 17:25 - 2015-02-12 17:25 - 01718934 _____ () C:\Users\Doug\Downloads\Terraria Xbox 360 Edition All Items Map v2.rar
2015-02-12 08:20 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 08:20 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 09:16 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 09:16 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 09:16 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 09:16 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 09:16 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 09:16 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 09:16 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 09:16 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 09:16 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 09:16 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 09:16 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 09:16 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 09:16 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 09:16 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 09:16 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 09:16 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 09:16 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 09:16 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 09:16 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 09:16 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 09:16 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 09:16 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 09:16 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 09:16 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 09:16 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 09:16 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 09:16 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 09:16 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 09:16 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 09:16 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 09:16 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 09:16 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 09:16 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 09:16 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 09:16 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 09:16 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 09:16 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 09:16 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 09:16 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 09:16 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 09:16 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 09:16 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 09:16 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 09:16 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 09:16 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 09:16 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 09:16 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 09:16 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 09:16 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 09:16 - 2014-12-08 18:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 09:16 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 09:16 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 09:16 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 09:16 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 09:16 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 09:16 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 09:16 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 09:16 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 09:16 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 09:16 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 09:16 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 09:16 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 09:16 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 09:15 - 2015-02-03 18:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 09:15 - 2015-02-03 18:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 09:15 - 2015-02-03 18:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 09:15 - 2015-02-02 18:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 09:15 - 2015-02-02 18:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 09:15 - 2015-02-02 18:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 09:15 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 09:15 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-10 15:25 - 2015-02-10 15:25 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-10 15:24 - 2015-02-10 15:24 - 00639400 _____ (Oracle Corporation) C:\Users\Doug\Downloads\chromeinstall-8u31.exe
2015-02-10 15:21 - 2015-02-10 15:21 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-02-10 15:21 - 2015-02-10 15:21 - 00000000 ____D () C:\Program Files\Java
2015-02-10 15:19 - 2015-02-10 15:20 - 93427112 _____ (Oracle Corporation) C:\Users\Doug\Downloads\jre-8u31-windows-x64.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-10 21:45 - 2014-10-27 13:46 - 00000000 ____D () C:\Users\Doug\AppData\Roaming\ClassicShell
2015-03-10 21:32 - 2015-02-05 20:22 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 21:10 - 2015-02-05 16:24 - 00004962 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for BEDROOM-Doug Bedroom
2015-03-10 21:04 - 2014-09-26 11:50 - 01325971 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-10 21:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-10 20:54 - 2014-03-18 05:04 - 00956540 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-10 20:52 - 2014-09-26 12:22 - 00000000 __RDO () C:\Users\Doug\OneDrive
2015-03-10 20:50 - 2015-02-05 20:22 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-10 20:49 - 2014-03-18 04:54 - 00048274 _____ () C:\WINDOWS\PFRO.log
2015-03-10 20:49 - 2013-08-22 09:46 - 00342194 _____ () C:\WINDOWS\setupact.log
2015-03-10 20:49 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-10 20:49 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-03-10 20:31 - 2015-01-25 16:14 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-10 20:20 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-10 18:47 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-10 16:40 - 2015-02-05 23:38 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7732464A-507C-415D-B207-CA179B7DAC33}
2015-03-10 01:53 - 2015-02-04 23:33 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-910110538-2245187606-297430099-1001
2015-03-09 20:19 - 2014-12-28 12:03 - 00000000 ____D () C:\Users\Doug\Documents\My Games
2015-03-09 13:04 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-05 10:55 - 2014-10-07 23:18 - 01108480 ___SH () C:\Users\Doug\Desktop\Thumbs.db
2015-03-04 13:31 - 2013-08-22 09:44 - 00552200 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-04 13:29 - 2014-10-14 21:36 - 00000000 ____D () C:\Users\Doug\AppData\Roaming\uTorrent
2015-03-04 13:29 - 2014-09-26 11:57 - 00000000 ____D () C:\Users\Doug
2015-03-04 13:25 - 2014-12-11 03:11 - 00000000 ____D () C:\Users\Doug\AppData\Local\CrashDumps
2015-03-04 13:07 - 2014-12-06 12:12 - 00209674 _____ () C:\WINDOWS\DirectX.log
2015-03-04 13:07 - 2014-10-29 12:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-04 10:26 - 2014-12-07 13:44 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-04 09:59 - 2014-12-07 13:34 - 00000000 ____D () C:\ProgramData\Origin
2015-03-04 09:59 - 2014-12-07 13:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-26 19:52 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-24 23:42 - 2014-10-06 17:42 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-24 23:37 - 2014-09-26 01:08 - 00000000 ____D () C:\Users\Doug\AppData\Local\Packages
2015-02-23 23:14 - 2014-11-14 15:44 - 00374272 ___SH () C:\Users\Doug\Downloads\Thumbs.db
2015-02-20 16:23 - 2014-09-28 15:52 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-19 20:27 - 2014-09-26 11:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-19 16:33 - 2015-02-05 20:23 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 17:05 - 2014-12-29 17:13 - 00000000 ____D () C:\WINDOWS\system32\log
2015-02-13 07:10 - 2014-12-11 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-13 07:09 - 2014-10-15 07:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 15:57 - 2014-12-11 08:16 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 15:57 - 2014-09-26 09:15 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 15:55 - 2013-08-22 08:25 - 00000167 _____ () C:\WINDOWS\win.ini
2015-02-11 15:54 - 2014-09-26 02:28 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 15:51 - 2014-09-26 02:28 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-10 15:25 - 2015-01-16 09:59 - 00000000 ____D () C:\Program Files (x86)\Java
 
==================== Files in the root of some directories =======
 
2015-01-14 15:45 - 2015-01-14 15:45 - 6000640 _____ () C:\Program Files (x86)\GUT7FC3.tmp
2014-12-11 23:51 - 2014-12-11 23:51 - 0000040 _____ () C:\ProgramData\ra3.ini
 
Some content of TEMP:
====================
C:\Users\Doug\AppData\Local\Temp\aoe3-113-english.exe
C:\Users\Doug\AppData\Local\Temp\aoe3x-105-english.exe
C:\Users\Doug\AppData\Local\Temp\aoe3y-102-english.exe
C:\Users\Doug\AppData\Local\Temp\Execute2App.exe
C:\Users\Doug\AppData\Local\Temp\msvcp90.dll
C:\Users\Doug\AppData\Local\Temp\msvcr90.dll
C:\Users\Doug\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Doug\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Doug\AppData\Local\Temp\nvStInst.exe
C:\Users\Doug\AppData\Local\Temp\ochelper.dll
C:\Users\Doug\AppData\Local\Temp\ochelper.exe
C:\Users\Doug\AppData\Local\Temp\ose00000.exe
C:\Users\Doug\AppData\Local\Temp\ose00001.exe
C:\Users\Doug\AppData\Local\Temp\Quarantine.exe
C:\Users\Doug\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Doug\AppData\Local\Temp\sqlite3.dll
C:\Users\Doug\AppData\Local\Temp\standalonepatcher.exe
C:\Users\Doug\AppData\Local\Temp\standalonepatcherX.exe
C:\Users\Doug\AppData\Local\Temp\standalonepatcherY.exe
C:\Users\Doug\AppData\Local\Temp\_isE8C0.exe
C:\Users\Doug\AppData\Local\Temp\{60A4D5B3-6952-4DD6-BF2C-A4E63F5B95B3}.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-05 06:19
 

==================== End Of Log ============================ 

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 11 March 2015 - 08:40 AM

Hello discombobulationist and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
:hello:
 
Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 11 March 2015 - 09:46 AM

Hi discombobulationist,
 

Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

 

Post by quietman7, on 02 October 2009 - 05:16 AM, said:

A Keygen is a program which is used to illegally bypass copy protection on games and commercial software by generating a random serial number, or "cd key", that matches the software it is intended to be used with.

A Cracking tool is used to copy commercial software illegally by breaking the various copy-protection and registration techniques being used.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Quote
Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

Quote
...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

Quote
...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

Quote
...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware
Some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS

 

 

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

 µTorrent

------------------------------------------------------------------------------------------------------------------------------

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
C:\nvlddmkm.sy_
 

Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

--------------------------------------------------------------

Step 1:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.07.0.1009.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

Step 2:

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 14 March 2015 - 06:58 AM

Hello ,

 

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 discombobulationist

discombobulationist
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 14 March 2015 - 10:58 AM

Hi Olgun52, thank you for your help. I got really busy this week and planned to work on the computer this weekend. I've uninstalled the utorrent program and ran the Virus Total scan. Here is the link to the results:

https://www.virustotal.com/en/file/ce2e2cf59862f1d38ce8b1230811c59318c914b9b29ea3722f21d858d586b7d9/analysis/1426343494/

 

The file I scanned was from a problem I was having with the Nvidia driver for my video card. It didn't work well with windows 8.1 for some reason. I kept getting BSOD errors saying that there was a problem with nvlddmkm.sys. So I followed the instructions on this page to fix them:

http://en.kioskea.net/faq/6210-nvidia-nvlddmkm-sys-error-message

 

I have attached the log files from MBAR, even though I don't think it found anything. And below is the report from RogueKiller:

 

RogueKiller V10.5.4.0 [Mar 12 2015] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Doug [Administrator]
Started from : C:\Users\Doug\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/14/2015  10:42:54
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-910110538-2245187606-297430099-1001\Software\Microsoft\Windows\CurrentVersion\Run | MusicManager : "C:\Users\Doug\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-910110538-2245187606-297430099-1001\Software\Microsoft\Windows\CurrentVersion\Run | MusicManager : "C:\Users\Doug\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500YS-01SHB1 ATA Device +++++
--- User ---
[MBR] 3716d394594ecd313c6a24acffb4d730
[BSP] e51e70a9b3dc7905d925100e269c3141 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: SAMSUNG HD161GJ ATA Device +++++
--- User ---
[MBR] 22f1e6192bb4e6994430963d5f937149
[BSP] 32b631af760915a74118e983941e4198 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_03142015_103508.log

Attached Files



#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 14 March 2015 - 06:59 PM

Hi discombobulationist,

BSOD errors was caused ?

-------------------------------------------

Please go to Start, Click Control Panel , click Programs and then click Programs and Features if it still exists:

Find-all-you-want.com
YAC

----------------------------------------------------------------------------------

 Step 1:
 FRST Script:
 Please download this attached        and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.

Step2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 discombobulationist

discombobulationist
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 16 March 2015 - 04:48 PM

I'm not really sure what the cause of the BSOD is. The error is video_tdr_failure, and it says there's a problem with nvlddmkm.sys. It only happens when the computer wakes from sleep. I tried rolling back the Nvidia driver and re-installing the latest driver, but no luck. I checked my installed programs and there was no listing for Find-all-you-want.com or YAC. I think I deleted YAC a few days ago. I'm going to try the three steps you listed and I'll post the results shortly. Thanks again for your help.



#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 16 March 2015 - 04:55 PM

Okay, i am waiting.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 discombobulationist

discombobulationist
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 16 March 2015 - 10:26 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015

Ran by Doug at 2015-03-16 16:53:24 Run:1

Running from C:\Users\Doug\Desktop

Loaded Profiles: Doug (Available profiles: Doug)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

CreateRestorePoint:

CloseProcesses:

 CustomCLSID: HKU\S-1-5-21-910110538-2245187606-297430099-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Doug\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File

Task: {21506324-3A99-40D2-AAAE-0C8867557C98} - \WINshell Event Notification No Task File <==== ATTENTION

Task: {6BB15251-1865-427F-A4D5-9975F598104D} - \WINshell Event Logging No Task File <==== ATTENTION

Task: {9D3828DE-D02F-4BE7-9C99-3802ABD07E7F} - \Microsoft OneDrive Auto Update Task-S-1-5-21-910110538-2245187606-297430099-1001 No Task File <==== ATTENTION

Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

AlternateDataStreams: C:\Users\Doug\OneDrive:ms-properties

HKU\S-1-5-21-910110538-2245187606-297430099-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}

SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-910110538-2245187606-297430099-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}

CHR Extension: (YouTube) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]

S1 cetzdych; \??\C:\WINDOWS\system32\drivers\cetzdych.sys [X]

2015-03-10 20:16 - 2015-03-10 20:16 - 02953520 _____ (AVAST Software) C:\Users\Doug\Downloads\avast-browser-cleanup.exe

2015-02-14 17:11 - 2015-02-14 17:11 - 02112512 _____ () C:\Users\Doug\Downloads\adwcleaner_4.110 (1).exe

2015-02-14 17:11 - 2015-02-14 17:11 - 01388274 _____ (Thisisu) C:\Users\Doug\Downloads\JRT (2).exe

2015-02-14 16:53 - 2015-02-14 16:53 - 01388274 _____ (Thisisu) C:\Users\Doug\Downloads\JRT (1).exe

2015-03-04 13:31 - 2013-08-22 09:44 - 00552200 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2015-02-23 23:14 - 2014-11-14 15:44 - 00374272 ___SH () C:\Users\Doug\Downloads\Thumbs.db

C:\Users\Doug\AppData\Local\Temp\aoe3-113-english.exe

C:\Users\Doug\AppData\Local\Temp\aoe3x-105-english.exe

C:\Users\Doug\AppData\Local\Temp\aoe3y-102-english.exe

C:\Users\Doug\AppData\Local\Temp\Execute2App.exe

C:\Users\Doug\AppData\Local\Temp\msvcp90.dll

C:\Users\Doug\AppData\Local\Temp\msvcr90.dll

C:\Users\Doug\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Doug\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\Doug\AppData\Local\Temp\nvStInst.exe

C:\Users\Doug\AppData\Local\Temp\ochelper.dll

C:\Users\Doug\AppData\Local\Temp\ochelper.exe

C:\Users\Doug\AppData\Local\Temp\ose00000.exe

C:\Users\Doug\AppData\Local\Temp\ose00001.exe

C:\Users\Doug\AppData\Local\Temp\Quarantine.exe

C:\Users\Doug\AppData\Local\Temp\RSPUpgradeInstaller.exe

C:\Users\Doug\AppData\Local\Temp\sqlite3.dll

C:\Users\Doug\AppData\Local\Temp\standalonepatcher.exe

C:\Users\Doug\AppData\Local\Temp\standalonepatcherX.exe

C:\Users\Doug\AppData\Local\Temp\standalonepatcherY.exe

C:\Users\Doug\AppData\Local\Temp\_isE8C0.exe

C:\Users\Doug\AppData\Local\Temp\{60A4D5B3-6952-4DD6-BF2C-A4E63F5B95B3}.exe

Folder: C:\Program Files (x86)\GUT7FC3.tmp

Hosts:

CMD: bitsadmin /reset /allusers

CMD: ipconfig /flushdns

CMD: netsh winsock reset all

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

EmptyTemp:

 

 

 

 

 

*****************

 

Restore point was successfully created.

Processes closed successfully.

"HKU\S-1-5-21-910110538-2245187606-297430099-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21506324-3A99-40D2-AAAE-0C8867557C98}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21506324-3A99-40D2-AAAE-0C8867557C98}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WINshell Event Notification" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BB15251-1865-427F-A4D5-9975F598104D}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BB15251-1865-427F-A4D5-9975F598104D}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WINshell Event Logging" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D3828DE-D02F-4BE7-9C99-3802ABD07E7F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D3828DE-D02F-4BE7-9C99-3802ABD07E7F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft OneDrive Auto Update Task-S-1-5-21-910110538-2245187606-297430099-1001" => Key deleted successfully.

C:\WINDOWS\Tasks\AutoKMS.job => Moved successfully.

C:\Users\Doug\OneDrive => ":ms-properties" ADS removed successfully.

HKU\S-1-5-21-910110538-2245187606-297430099-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value deleted successfully.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}" => Key deleted successfully.

HKCR\CLSID\{0191A6B0-1154-4C22-9182-23A95BBE92D9} => Key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{0191A6B0-1154-4C22-9182-23A95BBE92D9} => Key not found.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

"HKU\S-1-5-21-910110538-2245187606-297430099-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}" => Key deleted successfully.

HKCR\CLSID\{0191A6B0-1154-4C22-9182-23A95BBE92D9} => Key not found.

C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => Moved successfully.

cetzdych => Service not found.

"C:\Users\Doug\Downloads\avast-browser-cleanup.exe" => File/Directory not found.

C:\Users\Doug\Downloads\adwcleaner_4.110 (1).exe => Moved successfully.

C:\Users\Doug\Downloads\JRT (2).exe => Moved successfully.

C:\Users\Doug\Downloads\JRT (1).exe => Moved successfully.

C:\WINDOWS\system32\FNTCACHE.DAT => Moved successfully.

C:\Users\Doug\Downloads\Thumbs.db => Moved successfully.

"C:\Users\Doug\AppData\Local\Temp\aoe3-113-english.exe" => File/Directory not found.

"C:\Users\Doug\AppData\Local\Temp\aoe3x-105-english.exe" => File/Directory not found.

"C:\Users\Doug\AppData\Local\Temp\aoe3y-102-english.exe" => File/Directory not found.

"C:\Users\Doug\AppData\Local\Temp\Execute2App.exe" => File/Directory not found.

"C:\Users\Doug\AppData\Local\Temp\msvcp90.dll" => File/Directory not found.

"C:\Users\Doug\AppData\Local\Temp\msvcr90.dll" => File/Directory not found.

"C:\Users\Doug\AppData\Local\Temp\nvSCPAPI.dll" => File/Directory not found.

"C:\Users\Doug\AppData\Local\Temp\nvSCPAPI64.dll" => File/Directory not found.

"C:\Users\Doug\AppData\Local\Temp\nvStInst.exe" => File/Directory not found.

"C:\Users\Doug\AppData\Local\Temp\ochelper.dll" => File/Directory not found.

"C:\Users\Doug\AppData\Local\Temp\ochelper.exe" => File/Directory not found.

C:\Users\Doug\AppData\Local\Temp\ose00000.exe => Moved successfully.

C:\Users\Doug\AppData\Local\Temp\ose00001.exe => Moved successfully.

"C:\Users\Doug\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.

"C:\Users\Doug\AppData\Local\Temp\RSPUpgradeInstaller.exe" => File/Directory not found.

"C:\Users\Doug\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.

"C:\Users\Doug\AppData\Local\Temp\standalonepatcher.exe" => File/Directory not found.

"C:\Users\Doug\AppData\Local\Temp\standalonepatcherX.exe" => File/Directory not found.

"C:\Users\Doug\AppData\Local\Temp\standalonepatcherY.exe" => File/Directory not found.

C:\Users\Doug\AppData\Local\Temp\_isE8C0.exe => Moved successfully.

"C:\Users\Doug\AppData\Local\Temp\{60A4D5B3-6952-4DD6-BF2C-A4E63F5B95B3}.exe" => File/Directory not found.

 

========================= Folder: C:\Program Files (x86)\GUT7FC3.tmp ========================

 

The path is not a directory.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

 

=========  bitsadmin /reset /allusers =========

 

 

========= End of CMD: =========

 

 

=========  ipconfig /flushdns =========

 

 

========= End of CMD: =========

 

 

=========  netsh winsock reset all =========

 

 

========= End of CMD: =========

 

 

=========  netsh int ipv4 reset =========

 

 

========= End of CMD: =========

 

 

=========  netsh int ipv6 reset =========

 

 

========= End of CMD: =========

 

EmptyTemp: => Removed 369.4 MB temporary data.

 

 

The system needed a reboot.

 

==== End of Fixlog 16:55:23 ====

 

 

# AdwCleaner v4.112 - Logfile created 10/03/2015 at 20:19:51

# Updated 09/03/2015 by Xplode

# Database : 2015-03-05.1 [Server]

# Operating system : Windows 8.1 Pro  (x64)

# Username : Doug - BEDROOM

# Running from : C:\Users\Doug\Downloads\adwcleaner_4.112.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Deleted : C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

-\\ Google Chrome v40.0.2214.115

 

[C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [1053 bytes] - [14/02/2015 16:55:14]

AdwCleaner[R1].txt - [1262 bytes] - [10/03/2015 20:16:19]

AdwCleaner[S0].txt - [1091 bytes] - [14/02/2015 17:05:37]

AdwCleaner[S1].txt - [1195 bytes] - [10/03/2015 20:19:51]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1254  bytes] ##########

# AdwCleaner v4.112 - Logfile created 16/03/2015 at 22:09:34

# Updated 09/03/2015 by Xplode

# Database : 2015-03-15.1 [Server]

# Operating system : Windows 8.1 Pro  (x64)

# Username : Doug - BEDROOM

# Running from : C:\Users\Doug\Desktop\adwcleaner_4.112.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

-\\ Google Chrome v41.0.2272.89

 

 

*************************

 

AdwCleaner[R0].txt - [1053 bytes] - [14/02/2015 16:55:14]

AdwCleaner[R1].txt - [2275 bytes] - [10/03/2015 20:16:19]

AdwCleaner[S0].txt - [1091 bytes] - [14/02/2015 17:05:37]

AdwCleaner[S1].txt - [2217 bytes] - [10/03/2015 20:19:51]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2276  bytes] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.4 (03.16.2015:1)

OS: Windows 8.1 Pro x64

Ran by Doug on Mon 03/16/2015 at 22:17:25.51

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 03/16/2015 at 22:20:06.31

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#10 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 17 March 2015 - 06:28 AM

Hi again,

 

Step 1:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:

Run Eset Online Scan
Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

 

All browsers should be closed.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
  • Make sure that the option Remove found threats is ticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Have a nice day

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 discombobulationist

discombobulationist
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 18 March 2015 - 05:15 PM

I'm not sure which of the 3 steps did it, but the redirects have stopped. I haven't had a single link get redirected in two days. I went ahead and did the MBAM scan and I'll post the results below. I'm also doing the ESET scan, but it's taking quite a while. I can post the results of it later. Here is the MBAM log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/18/2015
Scan Time: 7:16:15 AM
Logfile: MBAM Log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.03.18.03
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Doug
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 424598
Time Elapsed: 20 min, 20 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Useful, C:\Users\Doug\Downloads\Xvid.exe, Quarantined, [f30863e3bcceea4ca6009b404db8956b], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 discombobulationist

discombobulationist
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 18 March 2015 - 05:17 PM

BTW, Panda AV started messing up on me early on in the cleanup process, so I uninstalled it. Can you recommend a good free AV? I've always used Avast before, but Panda 2015 had some really good reviews, so I thought I would give it a try.



#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 18 March 2015 - 05:40 PM

BTW, Panda AV started messing up on me early on in the cleanup process, so I uninstalled it. Can you recommend a good free AV? I've always used Avast before, but Panda 2015 had some really good reviews, so I thought I would give it a try.

Have you tried Comodo Internet security?
Especially Firewall is very good.
But with  software together Comodo Dragon and geekbudy do not download. But novice (new) users should do not install this software.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 23 March 2015 - 02:06 PM

Hello,

 

4 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:34 AM

Posted 26 March 2015 - 04:04 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users