Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:Win64/SvcMiner.A at startup?


  • This topic is locked This topic is locked
14 replies to this topic

#1 Streakyferret

Streakyferret

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 24 March 2015 - 02:19 PM

Hello!

 

I have this issue with above said program starting everytime with my computer, and MSE gives me a warning, and quarantines it. According to MSE it's a Svchost.exe located in my C/Windows/Temp folder.

 

I have tried by all means to get rid of this thing, and I guess I can't. I would prefer not to have to reinstall my computer, so I was hoping to get some help here. 

 

HERE is a Virustotal.com scan of the file, when I let the computer boot without the MSE running. https://www.virustotal.com/sv/file/18a2f191db62cc45601981180e6263c46657f537e0842cbc350a47efaa775178/analysis/

 

I saw in another thread that you want scans from frst, so I did that already and attached them, I hope that's okay.

 

Thank you in advance, and I will add any more info that I can. 

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:52 PM

Posted 25 March 2015 - 09:34 AM

Please post the logs directly into the thread rather than attaching them. ;)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Streakyferret

Streakyferret
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 25 March 2015 - 11:08 AM

Please post the logs directly into the thread rather than attaching them. ;)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Hellis (administrator) on HELLIS-DATOR on 24-03-2015 20:16:10
Running from H:\Users\Hellis\Desktop
Loaded Profiles: Hellis (Available profiles: Hellis)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Spotify Ltd) C:\Users\Hellis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Hellis\AppData\Local\Akamai\netsession_win.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Elias Fotinis) H:\Program Files (x86)\Deskpins\DeskPins.exe
(Akamai Technologies, Inc.) C:\Users\Hellis\AppData\Local\Akamai\netsession_win.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) H:\Users\Hellis\Desktop\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\Run: [DAEMON Tools Lite] => H:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\Run: [Spotify Web Helper] => C:\Users\Hellis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-03] (Spotify Ltd)
HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Hellis\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\MountPoints2: {4ff4608c-5432-11e3-838e-00241dccf2c9} - D:\autoplay.exe
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
Startup: C:\Users\Hellis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk
ShortcutTarget: DeskPins.lnk -> H:\Program Files (x86)\Deskpins\DeskPins.exe (Elias Fotinis)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1425679479-3535229674-943032330-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1425679479-3535229674-943032330-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Inloggningshjälp för Microsoft-konto -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.67.199.24 195.67.199.25
Tcpip\..\Interfaces\{8EF42DCA-3163-46D4-BB10-8736B9FAC217}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9F3330B6-2D19-4526-9964-5A253354EBC3}: [NameServer] 8.8.8.8
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.1.2.21 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2014-01-30] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-04-18] (DivX, LLC)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-10-26] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> H:\Program Files (x86)\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1425679479-3535229674-943032330-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1402930983&from=smt&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD901668R", "hxxp://www.sweet-page.com/?type=hppp&ts=1402931012&from=smt&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD901668R", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1403531401&from=smt&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD901668R"
CHR Profile: C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Assassin's Creed IV Black Flag) - C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibflpbghgmiinfaefgnldmfajdance [2013-11-13]
CHR Extension: (Google Drive) - C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-13]
CHR Extension: (YouTube) - C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-13]
CHR Extension: (Adblock Plus) - C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-13]
CHR Extension: (Google Search) - C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-13]
CHR Extension: (FrankerFaceZ) - C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2013-11-13]
CHR Extension: (AdBlock) - C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-13]
CHR Extension: (Google Wallet) - C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-13]
CHR Extension: (Gmail) - C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DAUpdaterSvc; H:\Program Files (x86)\Origin Games\Dragon Age Origins Ultimate Edition\\bin_ship\daupdatersvc.service.exe [25832 2011-05-17] (BioWare)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 Origin Client Service; H:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-08] (Electronic Arts)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-23] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-01 15:33 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-01 15:33 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-27 10:52 - 2015-02-27 10:52 - 00000000 ____D () C:\Users\Hellis\AppData\Roaming\IsolatedStorage
2015-02-27 10:52 - 2015-02-27 10:52 - 00000000 ____D () C:\Users\Hellis\AppData\Local\FileViewPro
2015-02-27 10:52 - 2015-02-27 10:52 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-02-27 10:45 - 2015-02-27 10:45 - 00000000 ____D () C:\Spacekace
2015-02-24 21:10 - 2015-03-24 19:38 - 00003662 _____ () C:\Windows\setupact.log
2015-02-24 21:10 - 2015-02-24 21:10 - 00000000 _____ () C:\Windows\setuperr.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-24 20:16 - 2015-02-16 19:38 - 00000000 ____D () C:\FRST
2015-03-24 20:09 - 2013-11-13 20:09 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-24 19:47 - 2009-07-14 05:45 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-24 19:47 - 2009-07-14 05:45 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-24 19:43 - 2011-04-12 15:28 - 00663478 _____ () C:\Windows\system32\perfh01D.dat
2015-03-24 19:43 - 2011-04-12 15:28 - 00142278 _____ () C:\Windows\system32\perfc01D.dat
2015-03-24 19:43 - 2009-07-14 06:13 - 01579154 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-24 19:41 - 2013-11-13 20:05 - 01200592 _____ () C:\Windows\WindowsUpdate.log
2015-03-24 19:39 - 2014-04-16 09:29 - 00000000 ____D () C:\Users\Hellis\AppData\Roaming\Raptr
2015-03-24 19:38 - 2013-11-13 20:09 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-24 19:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-24 17:57 - 2015-02-01 18:48 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-03-13 20:08 - 2013-11-14 17:48 - 00000000 ____D () C:\Users\Hellis\AppData\Roaming\Skype
2015-03-08 20:19 - 2013-12-17 14:31 - 00000000 ____D () C:\ProgramData\Origin
2015-03-08 20:19 - 2013-11-15 15:06 - 00000000 ____D () C:\Users\Hellis\AppData\Roaming\Spotify
2015-03-08 17:37 - 2013-11-15 15:07 - 00000000 ____D () C:\Users\Hellis\AppData\Local\Spotify
2015-03-04 20:30 - 2013-11-20 13:45 - 00000000 ____D () C:\Users\Hellis\AppData\Roaming\uTorrent
2015-03-03 14:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2013-12-06 19:22 - 2014-08-06 21:01 - 0000132 _____ () C:\Users\Hellis\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-12-06 19:26 - 2015-02-15 20:09 - 0001456 _____ () C:\Users\Hellis\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-12-06 15:49 - 2013-12-06 15:49 - 0007650 _____ () C:\Users\Hellis\AppData\Local\Resmon.ResmonCfg
 
Files to move or delete:
====================
C:\Users\Hellis\AppData\Roaming\Origin\update.vbe
 
 
Some content of TEMP:
====================
C:\Users\Hellis\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-15 19:12
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Hellis at 2015-03-24 20:16:35
Running from H:\Users\Hellis\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8900 - Adobe Systems Inc.)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version:  - SkyBox Labs)
Akamai NetSession Interface (HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
BankID säkerhetsprogram (HKLM-x32\...\{2D6973ED-BBF2-434E-993C-37E05087B8C8}) (Version: 5.1.2.21 - Finansiell ID-Teknik BID AB)
Cake Mania 2 (HKLM-x32\...\Steam App 36190) (Version:  - Sandlot Games)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dead Space™ (HKLM-x32\...\{6E6F22D7-8AD6-4A87-9A47-733E6E996F50}) (Version: 1.0.0.222 - Electronic Arts)
Dekaron (HKLM-x32\...\GlobalDK) (Version:  - )
DeskPins (remove only) (HKLM-x32\...\DeskPins) (Version:  - )
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dragon Age Awakening Redesigned (HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\Dragon Age Awakening Redesigned) (Version:  - )
Dragon Age Awakening Velanna Redesigned© (HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\Dragon Age Awakening Velanna Redesigned©) (Version:  - )
Dragon Age Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05 - Electronic Arts)
Dragon Age Redesigned © Morrigan (HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\Dragon Age Redesigned © Morrigan) (Version:  - )
Dragon Age Redesigned- Leliana's Song (HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\Dragon Age Redesigned- Leliana's Song) (Version:  - )
Dragon Age Redesigned Oghren© (HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\Dragon Age Redesigned Oghren©) (Version:  - )
Dragon Age Redesigned©  Zevran (HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\Dragon Age Redesigned©  Zevran) (Version:  - )
Dragon Age Redesigned© (HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\Dragon Age Redesigned©) (Version:  - )
Dragon Age Redesigned© Leliana (HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\Dragon Age Redesigned© Leliana) (Version:  - )
Dragon Age Redesigned© Wynne (HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\Dragon Age Redesigned© Wynne) (Version:  - )
Dragon Age™ II (HKLM-x32\...\{4D565319-8B91-41CB-961C-0DDC86101AC5}) (Version: 1.04.8524.0 - Electronic Arts)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.6 - Electronic Arts)
EA Installer (HKLM-x32\...\EA Installer.-1621049558) (Version: 2.2.0.62 - Electronic Arts, Inc.)
EA Shared Game Component: Activation (HKLM-x32\...\com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 2.2.0.62 - Electronic Arts)
EA Shared Game Component: Activation (x32 Version: 2.2.0 - Electronic Arts) Hidden
Fallout New Vegas (HKLM-x32\...\Fallout New Vegas_is1) (Version:  - )
Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
InfiniteCrisis_565FD31B388B (HKLM-x32\...\InfiniteCrisis_565FD31B388B) (Version:  - Turbine, Inc)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\Steam App 17460) (Version:  - BioWare)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version:  - BioWare)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-041D-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools för Office Runtime (x64) Language Pack - SVE (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - SVE) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MPC-HC 1.7.1 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.1.0 - MPC-HC Team)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.51.0 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{9530AE42-DAE1-4619-9594-B23487285D17}) (Version: 9.11.1107 - NVIDIA Corporation)
Oblivion - Knights of the Nine (HKLM-x32\...\{14C87AA7-08E6-419F-A165-998EBE5023D7}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Mehrunes Razor (HKLM-x32\...\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Orrery (HKLM-x32\...\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Spell Tomes (HKLM-x32\...\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Thieves Den (HKLM-x32\...\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Vile Lair (HKLM-x32\...\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Wizard's Tower (HKLM-x32\...\{2F2E3D62-8B8C-448F-8900-451325E50948}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version:  - Timeslip)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Python 2.7 comtypes-0.6.2 (HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\comtypes-py2.7) (Version:  - )
Python 2.7 pywin32-218 (HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\pywin32-py2.7) (Version:  - )
Python 2.7.8 (HKLM-x32\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version:  - The Creative Assembly)
Rymdjakten (HKLM-x32\...\Rymdjakten) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Battle for Middle-earth ™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
The Sims 2 Arbetsliv (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version:  - )
The Sims 2 Kul för familjen - Prylpaket (HKLM-x32\...\{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}) (Version:  - )
The Sims 2 Nattliv (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )
The Sims 2 University (HKLM-x32\...\{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}) (Version:  - )
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
The Sims 4 Deluxe Edition version 1.0 Update 1 (HKLM-x32\...\The Sims 4 Deluxe Edition_is1) (Version: 1.0 Update 1 - GMT-MAX.ORG)
The Sims™ 2 Djurliv (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )
The Sims™ 2 Fest & bröllop! Prylpaket (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version:  - )
The Sims™ 2 Fritid (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version:  - Electronic Arts)
The Sims™ 2 Glitter & Glamour Prylpaket (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version:  - )
The Sims™ 2 H&M® Fashion Prylpaket (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version:  - )
The Sims™ 2 Herrgård och trädgård Prylpaket (HKLM-x32\...\{1A2A15C2-6780-49c1-B296-503230E9DE00}) (Version:  - Electronic Arts)
The Sims™ 2 IKEA® Heminredning Prylpaket (HKLM-x32\...\{6E17F9751-F056-4335-B718-8AF1B1092AFB}) (Version:  - Electronic Arts)
The Sims™ 2 Jorden runt (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version:  - Electronic Arts)
The Sims™ 2 Kök & badrum Heminredning Prylpaket (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version:  - Electronic Arts)
The Sims™ 2 Livet i lägenhet (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version:  - Electronic Arts)
The Sims™ 2 Tonårsprylar Prylpaket (HKLM-x32\...\{5C648FDB-0138-4619-B66E-230EF53E8E2C}) (Version:  - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-3 - Wacom Technology Corp.)
Warcraft III Reign of Chaos & The Frozen Throne (HKLM-x32\...\Warcraft III Reign of Chaos & The Frozen Throne) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.1 - win.rar GmbH)
Vista Shortcut Manager x64 (HKLM\...\{C7311329-C491-427B-8880-133E84869B3A}) (Version: 2.0 - Frameworkx)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.5 - Wrye & Wrye Bash Development Team)
Zoo Tycoon 2 - Extinct Animals (HKLM-x32\...\InstallShield_{15292416-A464-4FBA-BB96-7298EAACFC07}) (Version: 1.00.0000 - Microsoft Game Studios)
Zoo Tycoon 2 - Extinct Animals (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Zoo Tycoon: Complete Collection (HKLM-x32\...\Zoo Tycoon 1.0) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1425679479-3535229674-943032330-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
==================== Restore Points  =========================
 
23-02-2015 18:46:53 Windows Update
26-02-2015 21:45:33 Windows Update
01-03-2015 15:33:26 Windows Update
04-03-2015 16:29:45 Windows Update
08-03-2015 17:49:53 Windows Update
11-03-2015 21:33:50 Windows Update
14-03-2015 21:47:54 Windows Update
20-03-2015 15:55:51 Windows Update
23-03-2015 21:12:19 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0CF4731E-42FB-4CB4-BFF7-4307E9EC5ADC} - System32\Tasks\Origin => C:\Users\Hellis\AppData\Roaming\Origin\update.vbe [2014-09-10] () <==== ATTENTION
Task: {3A174A0D-F5D7-406E-AE10-55729CF10AFC} - System32\Tasks\{A758E342-45B4-4EC8-AEF9-9CD0BFB26DDC} => pcalua.exe -a "H:\Chrome Downloads\DAMN_NFO_Viewer_v2-10-0032-RC3.exe" -d "H:\Chrome Downloads"
Task: {3C89BD2C-2743-4F6F-87F4-D930FA81967E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {609138E1-5BC1-4044-89E4-F227337F4E72} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {6A637998-83A0-4DC6-B3D1-BEF12B3424ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-13] (Google Inc.)
Task: {8C794D15-3D0E-4348-B4C9-4FC0F9E69F6C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-13] (Google Inc.)
Task: {B229FC42-F105-4FE2-9253-59E0163535BF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-01-29 18:20 - 2014-01-13 17:24 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-14 01:37 - 2014-08-14 01:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 01:37 - 2014-08-14 01:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-21 01:05 - 2013-11-21 01:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 01:56 - 2014-06-18 01:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2015-03-20 21:11 - 2015-03-14 11:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-20 21:11 - 2015-03-14 11:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-20 21:11 - 2015-03-14 11:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-20 21:11 - 2015-03-14 11:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1425679479-3535229674-943032330-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hellis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: Spotify => "C:\Users\Hellis\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Hellis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "H:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
==================== Accounts: =============================
 
Administratör (S-1-5-21-1425679479-3535229674-943032330-500 - Administrator - Disabled)
Gäst (S-1-5-21-1425679479-3535229674-943032330-501 - Limited - Disabled)
Hellis (S-1-5-21-1425679479-3535229674-943032330-1000 - Administrator - Enabled) => C:\Users\Hellis
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/24/2015 07:40:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/24/2015 05:53:50 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Det gick inte att skapa aktiveringskontext för assemblyIdentity1. Det finns ett fel i manifest- eller principfilen assemblyIdentity2 på rad assemblyIdentity3.
Värdet MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR i attributet version i elementet assemblyIdentity är felaktigt.
 
Error: (03/24/2015 05:12:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/23/2015 08:51:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/22/2015 03:32:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/16/2015 06:43:16 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Det gick inte att skapa aktiveringskontext för assemblyIdentity1. Det finns ett fel i manifest- eller principfilen assemblyIdentity2 på rad assemblyIdentity3.
Värdet MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR i attributet version i elementet assemblyIdentity är felaktigt.
 
Error: (03/16/2015 03:25:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/15/2015 03:24:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/14/2015 11:24:36 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Det gick inte att skapa aktiveringskontext för assemblyIdentity1. Det finns ett fel i manifest- eller principfilen assemblyIdentity2 på rad assemblyIdentity3.
Värdet MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR i attributet version i elementet assemblyIdentity är felaktigt.
 
Error: (03/14/2015 09:38:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (03/24/2015 05:21:14 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Anrop ScRegSetValueExW avbröts för FailureCommand med följande fel: 
%%5.
 
Error: (03/24/2015 05:21:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Anrop ScRegSetValueExW avbröts för Start med följande fel: 
%%5.
 
Error: (03/24/2015 05:11:14 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Anrop ScRegSetValueExW avbröts för Start med följande fel: 
%%5.
 
Error: (03/24/2015 05:11:14 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860-funktionen för realtidsskydd har stött på ett fel och avslutats.
 
Funktion: %%886
 
Felkod: 0x80070005
 
Felbeskrivning: Åtkomst nekad. 
 
Orsak: %%892
 
Error: (03/15/2015 03:32:28 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Anrop ScRegSetValueExW avbröts för FailureCommand med följande fel: 
%%5.
 
Error: (03/15/2015 03:32:26 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Anrop ScRegSetValueExW avbröts för Start med följande fel: 
%%5.
 
Error: (03/15/2015 03:22:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Anrop ScRegSetValueExW avbröts för Start med följande fel: 
%%5.
 
Error: (03/15/2015 03:22:23 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860-funktionen för realtidsskydd har stött på ett fel och avslutats.
 
Funktion: %%886
 
Felkod: 0x80070005
 
Felbeskrivning: Åtkomst nekad. 
 
Orsak: %%892
 
Error: (03/04/2015 04:28:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Anrop ScRegSetValueExW avbröts för FailureCommand med följande fel: 
%%5.
 
Error: (03/04/2015 04:28:04 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Anrop ScRegSetValueExW avbröts för Start med följande fel: 
%%5.
 
 
Microsoft Office Sessions:
=========================
Error: (03/24/2015 07:40:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/24/2015 05:53:50 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (03/24/2015 05:12:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/23/2015 08:51:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/22/2015 03:32:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/16/2015 06:43:16 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (03/16/2015 03:25:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/15/2015 03:24:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/14/2015 11:24:36 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (03/14/2015 09:38:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 49%
Total physical RAM: 4091.49 MB
Available physical RAM: 2084.28 MB
Total Pagefile: 8181.17 MB
Available Pagefile: 5781.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:56.92 GB) NTFS
Drive h: (Hellis System) (Fixed) (Total:931.51 GB) (Free:413.6 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: D91193F1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CE40552E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:52 PM

Posted 25 March 2015 - 11:17 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
  • Note: The log can also be found in here: C:\AdwCleaner\

    Step 2: Malwarebytes

    Iconic_normal.png Please download Malwarebytes Anti-Malware to your desktop
    • Double-click mbam-setup-version.exe and follow the prompts to install the program.
    • At the end, be sure a check-mark is placed next to the following:
      • Enable free trial of Malwarebytes Anti-Malware Premium
      • Launch Malwarebytes Anti-Malware
    • Then click Finish.
    • If an update is found, you will be prompted to download and install the latest version.
    • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
    • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
    • Reboot your computer if prompted.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

    The log is available throughout History ->Application logs. Please post it contents in your next reply.

    Step 3: Junkware Removal Tool

    thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Step 4: FRST Scan
    • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
    • Click Scan to start FRST.
    • When FRST finishes scanning, a log, FRST.txt, will open.
    • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Streakyferret

Streakyferret
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 25 March 2015 - 12:23 PM

Hello! Here are the logfiles! They are in order by the steps taken. Thank you! :)
 
# AdwCleaner v4.113 - Logfile created 25/03/2015 at 17:27:38
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Hellis - HELLIS-DATOR
# Running from : H:\Users\Hellis\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Users\Hellis\AppData\Local\FileViewPro
File Deleted : C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v41.0.2272.101
 
 
*************************
 
AdwCleaner[R0].txt - [1373 bytes] - [25/03/2015 17:26:07]
AdwCleaner[S0].txt - [1265 bytes] - [25/03/2015 17:27:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1324  bytes] ##########
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 2015-03-25 17:30:46, SYSTEM, HELLIS-DATOR, Manual, Rootkit Database, 2015.2.3.1, 2015.2.25.1, 
Update, 2015-03-25 17:30:46, SYSTEM, HELLIS-DATOR, Manual, Remediation Database, 2014.12.6.1, 2015.3.9.1, 
Update, 2015-03-25 17:31:17, SYSTEM, HELLIS-DATOR, Manual, Malware Database, 2015.2.16.7, 2015.3.25.4, 
Update, 2015-03-25 17:32:32, SYSTEM, HELLIS-DATOR, Manual, Malware Database, 2015.3.25.4, 2015.3.25.5, 
Scan, 2015-03-25 18:08:13, SYSTEM, HELLIS-DATOR, Manual, Start:2015-03-25 17:32:32, Duration:35 min 40 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
 
(end)
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 7 Professional x64
Ran by Hellis on 2015-03-25 at 18:16:03,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-03-25 at 18:18:24,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Hellis (administrator) on HELLIS-DATOR on 25-03-2015 18:21:28
Running from H:\Users\Hellis\Desktop
Loaded Profiles: Hellis (Available profiles: Hellis)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Elias Fotinis) H:\Program Files (x86)\Deskpins\DeskPins.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) H:\Users\Hellis\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1425679479-3535229674-943032330-1000\...\MountPoints2: {4ff4608c-5432-11e3-838e-00241dccf2c9} - D:\autoplay.exe
Startup: C:\Users\Hellis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk
ShortcutTarget: DeskPins.lnk -> H:\Program Files (x86)\Deskpins\DeskPins.exe (Elias Fotinis)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1425679479-3535229674-943032330-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1425679479-3535229674-943032330-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Inloggningshjälp för Microsoft-konto -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.67.199.24 195.67.199.25
Tcpip\..\Interfaces\{8EF42DCA-3163-46D4-BB10-8736B9FAC217}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9F3330B6-2D19-4526-9964-5A253354EBC3}: [NameServer] 8.8.8.8
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.1.2.21 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2014-01-30] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-04-18] (DivX, LLC)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-10-26] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> H:\Program Files (x86)\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1425679479-3535229674-943032330-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1402930983&from=smt&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD901668R", "hxxp://www.sweet-page.com/?type=hppp&ts=1402931012&from=smt&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD901668R", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1403531401&from=smt&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD901668R"
CHR Profile: C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Assassin's Creed IV Black Flag) - C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibflpbghgmiinfaefgnldmfajdance [2013-11-13]
CHR Extension: (Google Drive) - C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-13]
CHR Extension: (YouTube) - C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-13]
CHR Extension: (Adblock Plus) - C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-13]
CHR Extension: (Google Search) - C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-13]
CHR Extension: (FrankerFaceZ) - C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2013-11-13]
CHR Extension: (AdBlock) - C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-13]
CHR Extension: (Google Wallet) - C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-13]
CHR Extension: (Gmail) - C:\Users\Hellis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DAUpdaterSvc; H:\Program Files (x86)\Origin Games\Dragon Age Origins Ultimate Edition\\bin_ship\daupdatersvc.service.exe [25832 2011-05-17] (BioWare)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 Origin Client Service; H:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-08] (Electronic Arts)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-23] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-25 18:18 - 2015-03-25 18:18 - 00000760 _____ () C:\Users\Hellis\Desktop\JRT.txt
2015-03-25 17:25 - 2015-03-25 17:27 - 00000000 ____D () C:\AdwCleaner
2015-03-01 15:33 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-01 15:33 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-27 10:52 - 2015-02-27 10:52 - 00000000 ____D () C:\Users\Hellis\AppData\Roaming\IsolatedStorage
2015-02-27 10:52 - 2015-02-27 10:52 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-02-27 10:45 - 2015-02-27 10:45 - 00000000 ____D () C:\Spacekace
2015-02-24 21:10 - 2015-03-25 17:28 - 00003886 _____ () C:\Windows\setupact.log
2015-02-24 21:10 - 2015-02-24 21:10 - 00000000 _____ () C:\Windows\setuperr.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-25 18:21 - 2015-02-16 19:38 - 00000000 ____D () C:\FRST
2015-03-25 18:20 - 2014-08-12 11:44 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-25 18:09 - 2013-11-13 20:09 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-25 17:35 - 2011-04-12 15:28 - 00663478 _____ () C:\Windows\system32\perfh01D.dat
2015-03-25 17:35 - 2011-04-12 15:28 - 00142278 _____ () C:\Windows\system32\perfc01D.dat
2015-03-25 17:35 - 2009-07-14 06:13 - 01579154 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-25 17:35 - 2009-07-14 05:45 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-25 17:35 - 2009-07-14 05:45 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 17:31 - 2013-11-13 20:05 - 01266059 _____ () C:\Windows\WindowsUpdate.log
2015-03-25 17:29 - 2014-04-16 09:29 - 00000000 ____D () C:\Users\Hellis\AppData\Roaming\Raptr
2015-03-25 17:28 - 2013-11-13 20:09 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-25 17:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-24 17:57 - 2015-02-01 18:48 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-03-13 20:08 - 2013-11-14 17:48 - 00000000 ____D () C:\Users\Hellis\AppData\Roaming\Skype
2015-03-08 20:19 - 2013-12-17 14:31 - 00000000 ____D () C:\ProgramData\Origin
2015-03-08 20:19 - 2013-11-15 15:06 - 00000000 ____D () C:\Users\Hellis\AppData\Roaming\Spotify
2015-03-08 17:37 - 2013-11-15 15:07 - 00000000 ____D () C:\Users\Hellis\AppData\Local\Spotify
2015-03-04 20:30 - 2013-11-20 13:45 - 00000000 ____D () C:\Users\Hellis\AppData\Roaming\uTorrent
2015-03-03 14:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2013-12-06 19:22 - 2014-08-06 21:01 - 0000132 _____ () C:\Users\Hellis\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-12-06 19:26 - 2015-02-15 20:09 - 0001456 _____ () C:\Users\Hellis\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-12-06 15:49 - 2013-12-06 15:49 - 0007650 _____ () C:\Users\Hellis\AppData\Local\Resmon.ResmonCfg
 
Files to move or delete:
====================
C:\Users\Hellis\AppData\Roaming\Origin\update.vbe
 
 
Some content of TEMP:
====================
C:\Users\Hellis\AppData\Local\Temp\18508.exe
C:\Users\Hellis\AppData\Local\Temp\Quarantine.exe
C:\Users\Hellis\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Hellis\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-25 16:54
 
==================== End Of Log ============================


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:52 PM

Posted 25 March 2015 - 03:30 PM

Wrong MBAM Log. ;)
  • Start Malwarebytes
  • Go to the tab called History
  • Then click on Application Logs
tq7qi6z6.png
  • Then select the one log where it has found anything, do a double click on it
  • Then click on the Export
  • Button - select in the menu Text File (.txt)
p84ykoav.png
  • Save it on your Desktop and post the content of this text file into your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:52 PM

Posted 28 March 2015 - 08:24 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:52 PM

Posted 30 March 2015 - 02:55 PM

User returned.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Streakyferret

Streakyferret
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 31 March 2015 - 06:04 AM

Here comes (what I think is) the correct malwarebytes log. I scanned the computer again yesterday so it was a recent one. Thank you again!

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2015-03-30
Scan Time: 16:28:42
Logfile: log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.03.30.06
Rootkit Database: v2015.03.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Hellis
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 765840
Time Elapsed: 2 hr, 4 min, 43 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 6
Trojan.Passwords.GM, H:\Chrome Downloads\Bin.rar, , [a47c9dadcebcea4c882daba3ad5524dc], 
PUP.Optional.Amonetize.A, H:\Chrome Downloads\Theme Park World MULTi5 CLASSiO_10924_i29346582_il345.exe, , [80a016343b4f70c6bfb193d86e92d729], 
Adware.Vomba, H:\Chrome Downloads\Zoo Tycoon 2 ® Ultimate Collection with save+Extras\DAEMON Tools Lite 4.11.2\daemon-4112-lite.exe, , [a57bb4969eec2313770fcd358e78a957], 
PUP.RiskwareTool.CK, H:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\amtlib.dll, , [48d8a4a6fb8f0234d6307c44b052ec14], 
PUP.RiskwareTool.CK, H:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll, , [d7492c1eadddae88cf37dbe5cd35fd03], 
Trojan.Passwords.GM, H:\Program Files\The Sims 4 Deluxe Edition\Game\Bin\3dmgame.dll, , [fe2299b1e5a5c670179ef955dd2528d8], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
A note, I let malwarebytes quarantine everything and rebooted my computer. And the miner thingy was still detected. 

Edited by Streakyferret, 31 March 2015 - 06:05 AM.


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:52 PM

Posted 31 March 2015 - 06:52 AM

Trojan.Passwords.GM, H:\Chrome Downloads\Bin.rar, , [a47c9dadcebcea4c882daba3ad5524dc],
PUP.Optional.Amonetize.A, H:\Chrome Downloads\Theme Park World MULTi5 CLASSiO_10924_i29346582_il345.exe, , [80a016343b4f70c6bfb193d86e92d729],
Adware.Vomba, H:\Chrome Downloads\Zoo Tycoon 2 ® Ultimate Collection with save+Extras\DAEMON Tools Lite 4.11.2\daemon-4112-lite.exe, , [a57bb4969eec2313770fcd358e78a957],
PUP.RiskwareTool.CK, H:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\amtlib.dll, , [48d8a4a6fb8f0234d6307c44b052ec14],
PUP.RiskwareTool.CK, H:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll, , [d7492c1eadddae88cf37dbe5cd35fd03],
Trojan.Passwords.GM, H:\Program Files\The Sims 4 Deluxe Edition\Game\Bin\3dmgame.dll, , [fe2299b1e5a5c670179ef955dd2528d8],

What are these files?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Streakyferret

Streakyferret
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 31 March 2015 - 08:19 AM

 

Trojan.Passwords.GM, H:\Chrome Downloads\Bin.rar, , [a47c9dadcebcea4c882daba3ad5524dc],
PUP.Optional.Amonetize.A, H:\Chrome Downloads\Theme Park World MULTi5 CLASSiO_10924_i29346582_il345.exe, , [80a016343b4f70c6bfb193d86e92d729],
Adware.Vomba, H:\Chrome Downloads\Zoo Tycoon 2 ® Ultimate Collection with save+Extras\DAEMON Tools Lite 4.11.2\daemon-4112-lite.exe, , [a57bb4969eec2313770fcd358e78a957],
PUP.RiskwareTool.CK, H:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\amtlib.dll, , [48d8a4a6fb8f0234d6307c44b052ec14],
PUP.RiskwareTool.CK, H:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll, , [d7492c1eadddae88cf37dbe5cd35fd03],
Trojan.Passwords.GM, H:\Program Files\The Sims 4 Deluxe Edition\Game\Bin\3dmgame.dll, , [fe2299b1e5a5c670179ef955dd2528d8],

What are these files?

I have no idea, sorry. But that is what came up when I scanned my computer with mbam. 



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:52 PM

Posted 31 March 2015 - 09:37 AM

Looks like cracked software. Cracked Software = Illegal.

What should we do now?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Streakyferret

Streakyferret
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 31 March 2015 - 12:39 PM

Looks like cracked software. Cracked Software = Illegal.

What should we do now?

Okay? "What should we do now"?  Im of course still looking to get rid of my problems, which have nothing to do with illegal software. How do I know? I haven't done anything illegal what so ever in 2015, and my issue started in the beginning of February.

Am I getting any more help or what?



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:52 PM

Posted 31 March 2015 - 01:15 PM

Just kidding. ;)
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Then,
Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on CKScanner.exe and select Run as Administrator)
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:52 PM

Posted 04 April 2015 - 04:23 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users