Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer opens random websites


  • This topic is locked This topic is locked
54 replies to this topic

#1 The_Killer

The_Killer

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 20 April 2015 - 10:37 PM

At some random (unpredictable for me) time, Internet Explorer opens some random websites and I can hear voices from those websites (most likely ads). IE didn't show up under the taskbar (the voices suddenly pop up during my work, seem like it is hidden) and the only way I know IE is open is by Task Manager ( it appears under both Applications and Processes tabs). I can not end IE tasks and even after I end IE processes, it will show up again.

 

-----------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Genius (administrator) on GENIUS-PC on 20-04-2015 23:15:22
Running from C:\Users\Genius\Desktop\Fix
Loaded Profiles: Genius (Available profiles: Genius & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(FSPro Labs) C:\Windows\SysWOW64\fsproflt2.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(FSPro Labs) C:\Program Files\Hide Folders 2012\hf.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\UniKey\UniKeyNT.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Dropbox, Inc.) C:\Users\Genius\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems Inc.) F:\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-01-31] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2774864 2013-01-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-20] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-20] (Avast Software s.r.o.)
HKLM-x32\...\Run: [YouCam Service6] => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [500696 2013-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => F:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\...\Run: [UniKey] => C:\Program Files\UniKey\UniKeyNT.exe [316928 2009-11-01] ()
HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768 2015-02-24] (Tonec Inc.)
HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\...\MountPoints2: {345f3f8a-0b5a-11e3-b9e8-08edb9025f38} - H:\Windows\AutoRun.exe
HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\...\MountPoints2: {5b2a54e3-dbdd-11e3-8a1d-08edb9025f38} - H:\LGAutoRun.exe
HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\...\MountPoints2: {89dd89c1-cc28-11e3-8f3e-08edb9025f38} - H:\./MTP/LMPC.exe
IFEO\ccleaner64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\hamachi-2-ui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\pictureviewer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\quicktimeplayer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\youcam6.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2013-07-12]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2014-09-25]
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\Users\Genius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\Genius\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Genius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk [2014-08-08]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genius\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genius\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genius\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genius\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genius\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genius\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genius\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genius\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-20] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genius\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genius\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genius\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genius\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genius\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genius\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genius\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Genius\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.vn/
HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\S-1-5-21-1196051478-3440850986-1358106429-1000 -> DefaultScope {D70E7C31-8B02-4679-86D3-5DB1AD2CBF4C} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1196051478-3440850986-1358106429-1000 -> {D70E7C31-8B02-4679-86D3-5DB1AD2CBF4C} URL = https://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-20] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-20] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> F:\MS Visual Studio\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-30] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-03-08] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-20] (Avast Software s.r.o.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-20] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512] (National Instruments Corporation)
Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560] (National Instruments Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 129.21.3.17 129.21.4.18
Tcpip\..\Interfaces\{13A7770E-374B-40BA-AD4B-8D2E12338510}: [NameServer] 31.168.228.251,82.166.96.251
Tcpip\..\Interfaces\{827D71CA-6E07-41E3-B613-6C26EF4F0E6C}: [NameServer] 31.168.228.251,82.166.96.251
Tcpip\..\Interfaces\{A26A589D-8F70-45CD-96C6-E309B9D744E4}: [NameServer] 31.168.228.251,82.166.96.251

FireFox:
========
FF ProfilePath: C:\Users\Genius\AppData\Roaming\Mozilla\Firefox\Profiles\ufoyddiu.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-19] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> F:\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-20] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-24] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\Bin\npSSOAxCtrlForPTLogin.dll [2013-01-24] (Tencent)
FF Plugin-x32: Adobe Acrobat -> F:\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> F:\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF user.js: detected! => C:\Users\Genius\AppData\Roaming\Mozilla\Firefox\Profiles\ufoyddiu.default\user.js [2015-04-19]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll [2014-01-08] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll [2014-08-28] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-25] (Apple Inc.)
FF Extension: QQDownload Extension - C:\Users\Genius\AppData\Roaming\Mozilla\Firefox\Profiles\ufoyddiu.default\Extensions\{00000000-965C-475f-92C9-8D9EB7B27605} [2015-02-15]
FF Extension: anonymoX - C:\Users\Genius\AppData\Roaming\Mozilla\Firefox\Profiles\ufoyddiu.default\Extensions\client@anonymox.net.xpi [2013-07-12]
FF Extension: Steam Database - C:\Users\Genius\AppData\Roaming\Mozilla\Firefox\Profiles\ufoyddiu.default\Extensions\firefox-extension@steamdb.info.xpi [2014-12-14]
FF Extension: Enhanced Steam - C:\Users\Genius\AppData\Roaming\Mozilla\Firefox\Profiles\ufoyddiu.default\Extensions\jid0-SmvlvxGpvCyG252KbVMqIKR79Uc@jetpack.xpi [2014-11-04]
FF Extension: Adblock Plus - C:\Users\Genius\AppData\Roaming\Mozilla\Firefox\Profiles\ufoyddiu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-12]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - F:\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - F:\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-07-13]
FF HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Genius\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Genius\AppData\Roaming\IDM\idmmzcc5 [2015-02-27]
FF HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Genius\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-24]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-20]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S4 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [107648 2012-03-08] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-20] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-04-20] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-20] (Avast Software)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2013-07-12] (Conexant Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-10-02] (EasyAntiCheat Ltd)
R2 fsproflt2; C:\Windows\SysWOW64\fsproflt2.exe [49512 2012-07-11] (FSPro Labs)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-03-27] (Intel Corporation)
S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation)
S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [83768 2013-06-10] (National Instruments Corporation)
S4 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-12-10] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-12-10] (National Instruments Corporation)
S4 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation)
S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
S4 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)
S4 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-12-10] (National Instruments Corporation)
S4 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-12-10] (National Instruments Corporation)
S4 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [687944 2013-06-15] (National Instruments Corporation)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-07-26] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-30] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S4 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [159360 2012-03-08] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-04-22] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-20] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-20] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-20] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-04-20] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-20] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-20] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-20] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-20] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-20] ()
R3 clwvd6; C:\Windows\System32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (FSPro Labs)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 Neo_VPN-01; C:\Windows\System32\DRIVERS\Neo_0033.sys [28768 2014-07-25] (SoftEther VPN Project at University of Tsukuba, Japan.)
R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2012-09-04] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-31] (Duplex Secure Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-20] (Avast Software)
S3 VSPerfDrv110; F:\MS Visual Studio\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 HSPADataCardusbvoice; system32\DRIVERS\HSPADataCardusbvoice.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2050-07-17 08:55 - 2050-07-17 08:55 - 00000000 ____D () C:\ProgramData\eSellerate
2050-07-17 08:46 - 2050-07-17 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
2050-07-17 08:46 - 2050-07-17 10:37 - 00000000 ____D () C:\Program Files\NewBlue
2050-07-17 08:46 - 2050-07-17 10:36 - 00000000 ____D () C:\Program Files (x86)\NewBlue
2015-04-20 23:14 - 2015-04-20 23:15 - 00000000 ____D () C:\FRST
2015-04-20 23:02 - 2015-04-20 23:02 - 00000000 ____D () C:\log
2015-04-20 23:01 - 2015-04-20 23:01 - 00000020 _____ () C:\Users\Genius\defogger_reenable
2015-04-20 23:00 - 2015-04-20 23:15 - 00000000 ____D () C:\Users\Genius\Desktop\Fix
2015-04-20 20:44 - 2015-04-20 20:44 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-20 20:43 - 2015-04-20 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-20 20:43 - 2015-04-20 20:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-20 20:43 - 2015-04-20 20:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-20 20:43 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-20 20:43 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-20 20:43 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-20 17:08 - 2015-04-20 23:05 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-20 17:08 - 2015-04-20 17:10 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d9c2fefc-68e9-4ff9-8265-594b1da35d43.job
2015-04-20 17:08 - 2015-04-20 17:10 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4e9b19fa-cb61-47a2-a084-a863bfe9d254.job
2015-04-20 17:08 - 2015-04-20 17:08 - 00003594 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 4e9b19fa-cb61-47a2-a084-a863bfe9d254
2015-04-20 17:08 - 2015-04-20 17:08 - 00003520 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task d9c2fefc-68e9-4ff9-8265-594b1da35d43
2015-04-20 17:08 - 2015-04-20 17:08 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\SUPERAntiSpyware.com
2015-04-20 17:08 - 2015-04-20 17:08 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-20 17:08 - 2015-04-20 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-20 16:20 - 2015-04-20 16:20 - 00000000 ____D () C:\Users\Genius\Tracing
2015-04-20 10:45 - 2015-04-20 10:45 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-20 10:45 - 2015-04-20 10:45 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-20 10:44 - 2015-04-20 10:44 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-04-20 01:21 - 2015-04-20 23:03 - 00000784 _____ () C:\Windows\setupact.log
2015-04-20 01:21 - 2015-04-20 01:21 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-20 01:20 - 2015-04-20 23:03 - 00012058 _____ () C:\Windows\PFRO.log
2015-04-19 16:35 - 2015-04-19 16:35 - 00000000 ____D () C:\Program Files (x86)\predm
2015-04-19 16:32 - 2015-04-19 16:32 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\kivjauvo
2015-04-19 16:18 - 2015-04-19 16:39 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\WTools
2015-04-19 16:17 - 2015-04-19 16:41 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\Store
2015-04-19 16:16 - 2015-04-19 16:16 - 00000000 ____D () C:\Users\Genius\AppData\Local\CrashRpt
2015-04-19 16:13 - 2015-04-19 16:13 - 00000000 ____D () C:\Program Files (x86)\app_setup
2015-04-18 23:03 - 2015-04-20 01:14 - 00000000 ____D () C:\Windows\Minidump
2015-04-09 23:13 - 2015-04-09 23:13 - 00001720 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-09 23:13 - 2015-04-09 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-09 23:12 - 2015-04-09 23:13 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-09 23:12 - 2015-04-09 23:13 - 00000000 ____D () C:\Program Files\iTunes
2015-04-09 23:12 - 2015-04-09 23:12 - 00000000 ____D () C:\Program Files\iPod
2015-04-09 23:12 - 2015-04-09 23:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-09 19:49 - 2015-04-09 19:49 - 00000000 ____D () C:\Users\Genius\AppData\Local\Ndemic Creations
2015-04-09 17:51 - 2015-04-09 17:51 - 00000222 _____ () C:\Users\Genius\Desktop\Plague Inc Evolved.url
2015-04-04 02:58 - 2015-04-04 02:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-03 15:23 - 2015-04-20 01:20 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-03 15:23 - 2015-04-03 15:23 - 00000789 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-03 15:23 - 2015-04-03 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-03 15:22 - 2015-04-03 15:23 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-03 15:16 - 2015-04-03 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-04-03 15:16 - 2015-03-24 14:00 - 00126976 _____ () C:\Windows\system32\ff_vfw.dll
2015-04-03 15:16 - 2015-03-24 14:00 - 00112128 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2015-04-03 15:16 - 2015-02-28 12:22 - 03571200 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2015-04-03 15:16 - 2015-02-28 12:21 - 03591680 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2015-04-03 15:16 - 2015-02-24 19:37 - 00655872 _____ () C:\Windows\SysWOW64\xvidcore.dll
2015-04-03 15:16 - 2015-02-24 19:37 - 00240128 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2015-04-03 15:16 - 2014-11-14 10:12 - 00254976 _____ () C:\Windows\system32\xvidvfw.dll
2015-04-03 15:16 - 2014-11-13 11:05 - 00729088 _____ () C:\Windows\system32\xvidcore.dll
2015-04-03 15:16 - 2012-07-21 07:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2015-04-03 15:16 - 2012-07-21 07:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2015-04-03 15:16 - 2011-12-07 14:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2015-04-03 15:16 - 2011-12-07 14:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2015-03-29 15:27 - 2015-03-29 15:27 - 00001162 _____ () C:\Users\Genius\Desktop\Pillars Of Eternity.lnk
2015-03-26 16:07 - 2015-03-26 16:07 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\com.shirogames.evoland
2015-03-25 11:47 - 2015-03-25 11:47 - 00000222 _____ () C:\Users\Genius\Desktop\Besiege.url
2015-03-22 04:38 - 2015-03-22 04:41 - 00000000 ____D () C:\Users\Genius\Documents\Heroes of the Storm
2015-03-21 21:26 - 2015-03-21 21:26 - 00000775 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-03-21 21:26 - 2015-03-21 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-03-21 15:22 - 2015-04-02 20:02 - 00000000 ____D () C:\Users\Genius\AppData\Local\Battle.net
2015-03-21 15:22 - 2015-03-21 15:23 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\Battle.net
2015-03-21 15:22 - 2015-03-21 15:22 - 00000748 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-03-21 15:22 - 2015-03-21 15:22 - 00000000 ____D () C:\Users\Genius\AppData\Local\Blizzard Entertainment
2015-03-21 15:21 - 2015-03-22 04:38 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-03-21 15:21 - 2015-03-21 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-03-21 15:16 - 2015-03-21 15:16 - 00000000 ____D () C:\ProgramData\Battle.net

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 23:14 - 2014-08-28 17:04 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\IDM
2015-04-20 23:11 - 2009-07-14 00:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-20 23:11 - 2009-07-14 00:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-20 23:09 - 2014-08-28 17:04 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\DMCache
2015-04-20 23:07 - 2014-12-21 15:55 - 00004966 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Genius-PC-Genius Genius-PC
2015-04-20 23:07 - 2013-07-11 22:44 - 01630113 _____ () C:\Windows\WindowsUpdate.log
2015-04-20 23:06 - 2015-03-19 01:57 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\Dropbox
2015-04-20 23:04 - 2014-07-26 02:50 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2015-04-20 23:03 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-20 23:01 - 2013-07-11 09:21 - 00000000 ____D () C:\Users\Genius
2015-04-20 22:54 - 2013-07-12 02:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-20 22:49 - 2013-07-12 02:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-20 21:15 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-04-20 17:29 - 2013-07-12 13:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-20 16:21 - 2013-07-12 12:13 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\Skype
2015-04-20 16:19 - 2014-04-08 10:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-20 16:18 - 2013-07-12 12:13 - 00000000 ____D () C:\ProgramData\Skype
2015-04-20 16:15 - 2015-01-08 18:38 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-20 16:15 - 2015-01-08 18:38 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-20 10:45 - 2014-05-01 09:38 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-20 10:45 - 2014-01-01 07:57 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-20 10:45 - 2013-07-12 13:12 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-20 10:45 - 2013-07-12 13:12 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-20 10:45 - 2013-07-12 13:12 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-20 10:45 - 2013-07-12 13:12 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-20 10:45 - 2013-07-12 13:12 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-20 10:44 - 2013-07-12 13:32 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-04-20 10:44 - 2013-07-12 13:12 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-20 02:00 - 2014-06-15 01:32 - 00000000 ____D () C:\Users\Genius\AppData\Local\Adobe
2015-04-20 01:44 - 2013-10-07 11:10 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\Notepad++
2015-04-20 01:17 - 2013-07-22 03:00 - 00000000 ____D () C:\Users\Genius\AppData\Local\CrashDumps
2015-04-20 01:09 - 2014-08-08 08:22 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\HpUpdate
2015-04-19 16:42 - 2013-07-13 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
2015-04-19 16:42 - 2013-07-13 08:25 - 00000000 ____D () C:\ProgramData\Xilisoft
2015-04-19 16:42 - 2013-07-13 08:25 - 00000000 ____D () C:\Program Files (x86)\Xilisoft
2015-04-19 16:38 - 2013-07-12 01:58 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-19 16:38 - 2013-07-11 09:21 - 00001436 _____ () C:\Users\Genius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-19 16:17 - 2009-07-13 22:34 - 00000580 _____ () C:\Windows\win.ini
2015-04-19 01:38 - 2013-07-13 08:27 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\Xilisoft
2015-04-18 22:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-04-18 21:44 - 2014-05-31 02:26 - 00418528 _____ () C:\Windows\system32\perfh011.dat
2015-04-18 21:44 - 2014-05-31 02:26 - 00123150 _____ () C:\Windows\system32\perfc011.dat
2015-04-18 21:44 - 2009-07-14 01:13 - 01316510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-17 22:37 - 2015-02-03 23:11 - 00000000 ____D () C:\Users\Genius\Documents\Visual Studio 2012
2015-04-15 00:49 - 2013-07-12 02:10 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 00:49 - 2013-07-12 02:10 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 00:49 - 2013-07-12 02:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 15:28 - 2013-04-02 08:50 - 00000000 ____D () C:\temp
2015-04-09 23:12 - 2013-09-24 08:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-08 16:28 - 2015-03-19 01:59 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-05 13:00 - 2013-07-12 01:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-03 15:36 - 2009-07-14 01:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-03 15:29 - 2013-07-13 08:26 - 00002189 _____ () C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate.lnk
2015-04-03 03:47 - 2015-02-15 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-04-03 03:35 - 2014-09-03 20:23 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

==================== Files in the root of some directories =======

2013-06-18 22:51 - 2013-06-18 22:51 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2013-07-27 07:54 - 2013-07-27 08:23 - 0000132 _____ () C:\Users\Genius\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-03-14 21:44 - 2015-03-14 21:44 - 0002298 _____ () C:\Users\Genius\AppData\Roaming\ASSDraw3.cfg
2015-03-04 22:57 - 2015-03-14 21:52 - 0000155 _____ () C:\Users\Genius\AppData\Roaming\Camdata.ini
2015-03-04 22:57 - 2015-03-14 21:52 - 0000408 _____ () C:\Users\Genius\AppData\Roaming\CamLayout.ini
2015-03-04 22:57 - 2015-03-14 21:52 - 0000408 _____ () C:\Users\Genius\AppData\Roaming\CamShapes.ini
2015-03-04 22:57 - 2015-03-14 21:52 - 0004587 _____ () C:\Users\Genius\AppData\Roaming\CamStudio.cfg
2015-03-04 22:57 - 2015-03-14 21:46 - 0000096 _____ () C:\Users\Genius\AppData\Roaming\version2.xml
2015-01-06 05:01 - 2015-01-06 05:01 - 0007605 _____ () C:\Users\Genius\AppData\Local\Resmon.ResmonCfg
2014-08-08 08:20 - 2014-08-08 08:20 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Genius\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5q04cp.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 10:28

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:08 PM

Posted 21 April 2015 - 02:13 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

I'll post back later today with a fix.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:08 PM

Posted 21 April 2015 - 06:32 AM

Hi,

 

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Let me know how are things after the step above.

 

 

Regards,

Georgi


cXfZ4wS.png


#4 The_Killer

The_Killer
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 21 April 2015 - 09:53 AM

Hi Georgi,

About my computer conditions, it happens randomly so please give me some time to observe, but until now i don't see any IE processes in Task Manager (before there were several of them).

And here is my log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by Genius at 2015-04-21 10:35:13 Run:1
Running from C:\Users\Genius\Desktop\Fix
Loaded Profiles: Genius (Available profiles: Genius & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\...\MountPoints2: {345f3f8a-0b5a-11e3-b9e8-08edb9025f38} - H:\Windows\AutoRun.exe
HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\...\MountPoints2: {5b2a54e3-dbdd-11e3-8a1d-08edb9025f38} - H:\LGAutoRun.exe
HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\...\MountPoints2: {89dd89c1-cc28-11e3-8f3e-08edb9025f38} - H:\./MTP/LMPC.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
cmd: type "C:\Users\Genius\AppData\Roaming\Mozilla\Firefox\Profiles\ufoyddiu.default\user.js"
2015-04-19 16:35 - 2015-04-19 16:35 - 00000000 ____D () C:\Program Files (x86)\predm
2015-04-19 16:32 - 2015-04-19 16:32 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\kivjauvo
2015-04-19 16:18 - 2015-04-19 16:39 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\WTools
2015-04-19 16:17 - 2015-04-19 16:41 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\Store
2015-04-19 16:16 - 2015-04-19 16:16 - 00000000 ____D () C:\Users\Genius\AppData\Local\CrashRpt
2015-04-19 16:13 - 2015-04-19 16:13 - 00000000 ____D () C:\Program Files (x86)\app_setup
Task: {660A57C0-AF33-459B-A889-68EC3400778B} - \SMW_UpdateTask_Time_313738393732303234312d3437415a556c2a3223346c41 No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Microsoft:iocQMSm01V6TlF5fcIMGmf
AlternateDataStreams: C:\ProgramData\Microsoft:x2jCRNsSExZYNlPatvZMKDP4o2K
AlternateDataStreams: C:\Users\Genius\AppData\Local\p4c45UqJu:jDz73QrzeBG9rMzNHOfp71
emptytemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{345f3f8a-0b5a-11e3-b9e8-08edb9025f38}" => Key deleted successfully.
HKCR\CLSID\{345f3f8a-0b5a-11e3-b9e8-08edb9025f38} => Key not found.
"HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b2a54e3-dbdd-11e3-8a1d-08edb9025f38}" => Key deleted successfully.
HKCR\CLSID\{5b2a54e3-dbdd-11e3-8a1d-08edb9025f38} => Key not found.
"HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89dd89c1-cc28-11e3-8f3e-08edb9025f38}" => Key deleted successfully.
HKCR\CLSID\{89dd89c1-cc28-11e3-8f3e-08edb9025f38} => Key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1196051478-3440850986-1358106429-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

=========  type "C:\Users\Genius\AppData\Roaming\Mozilla\Firefox\Profiles\ufoyddiu.default\user.js" =========














========= End of CMD: =========

C:\Program Files (x86)\predm => Moved successfully.
C:\Users\Genius\AppData\Roaming\kivjauvo => Moved successfully.
C:\Users\Genius\AppData\Roaming\WTools => Moved successfully.
C:\Users\Genius\AppData\Roaming\Store => Moved successfully.
C:\Users\Genius\AppData\Local\CrashRpt => Moved successfully.
C:\Program Files (x86)\app_setup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{660A57C0-AF33-459B-A889-68EC3400778B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{660A57C0-AF33-459B-A889-68EC3400778B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_313738393732303234312d3437415a556c2a3223346c41" => Key deleted successfully.
C:\ProgramData\Microsoft => ":iocQMSm01V6TlF5fcIMGmf" ADS removed successfully.
C:\ProgramData\Microsoft => ":x2jCRNsSExZYNlPatvZMKDP4o2K" ADS removed successfully.
C:\Users\Genius\AppData\Local\p4c45UqJu => ":jDz73QrzeBG9rMzNHOfp71" ADS removed successfully.
EmptyTemp: => Removed 534.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 10:37:46 ====



#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:08 PM

Posted 21 April 2015 - 11:34 AM

Hi,

 

 

Before we continue let me check something.

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Next please download Malwarebytes Anti-Malware 2.1.6.1022 Final to your desktop.
 

  • Double-click mbam-setup-2.1.6.1022.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.

65ZBqkR.jpg

  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#6 The_Killer

The_Killer
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 21 April 2015 - 01:07 PM

Hi, I follow your instructions and when I restart (after the scanning is done), my computer spent a long time on the loading screen (the loading "welcome" after I log in my account) and then only the mouse appears on a totally black screen (my computer is still running and i can move the mouse though). Currently I'm going out after leaving my computer there, I intend to check it back when I come back. Is it normal for my computer to behave like that?

Edited by The_Killer, 21 April 2015 - 02:46 PM.


#7 The_Killer

The_Killer
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 21 April 2015 - 02:56 PM

When I came back, my computer remains the same as before so I tried to open Task Manager, but then it said that Ctrl+Alt+Delete does not respond and also that I have to use the power button to restart. After I used power button to restart, it takes forever to load so I have to use power button again. Now I will try to restart with Safe Mode.

Edited by The_Killer, 21 April 2015 - 03:19 PM.


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:08 PM

Posted 21 April 2015 - 03:57 PM

Hi,

 

That's strange. The first step from my previous post was supposed to list the content of a folder so I guess that probably MBAM deleted something that shouldn't have been deleted.

 

 

To run FRST on Vista, Windows 7 and Windows 8 in RE:

 

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flashdrive into the infected PC.
    :spacer:
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt
    :spacer:
  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#9 The_Killer

The_Killer
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 21 April 2015 - 04:23 PM

Here is my log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by SYSTEM on MININT-ILJITCK on 21-04-2015 17:18:48
Running from g:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-01-31] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2774864 2013-01-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-20] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-18] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-20] (Avast Software s.r.o.)
HKLM-x32\...\Run: [YouCam Service6] => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [500696 2013-11-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => "F:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION!
HKU\Genius\...\Run: [UniKey] => C:\Program Files\UniKey\UniKeyNT.exe [316928 2009-11-01] ()
HKU\Genius\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768 2015-02-24] (Tonec Inc.)
HKU\Genius\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
IFEO\ccleaner64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\hamachi-2-ui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\pictureviewer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\quicktimeplayer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\youcam6.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2013-07-12]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Genius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-18]
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Genius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk [2014-08-08]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-20] (Avast Software s.r.o.)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-04-20] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-20] (Avast Software)
S2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2013-07-11] (Conexant Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-10-02] (EasyAntiCheat Ltd)
S2 fsproflt2; C:\Windows\SysWOW64\fsproflt2.exe [49512 2012-07-11] (FSPro Labs)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-03-27] (Intel Corporation)
S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation)
S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [83768 2013-06-10] (National Instruments Corporation)
S4 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-12-10] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-12-10] (National Instruments Corporation)
S4 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation)
S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
S4 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)
S4 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-12-10] (National Instruments Corporation)
S4 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-12-10] (National Instruments Corporation)
S4 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [687944 2013-06-15] (National Instruments Corporation)
S2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-07-25] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-30] (TuneUp Software)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S4 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [159360 2012-03-08] (Atheros)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-04-22] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-01-31] (Advanced Micro Devices, Inc.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-20] ()
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-20] (Avast Software s.r.o.)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-20] (Avast Software s.r.o.)
S0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-04-20] (Avast Software s.r.o.)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-20] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-20] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-20] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-20] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-20] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-20] ()
S3 clwvd6; C:\Windows\System32\DRIVERS\clwvd6.sys [41704 2013-10-28] (CyberLink Corporation)
S0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (FSPro Labs)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-18] (Intel Corporation)
S1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-28] (EZB Systems, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2015-04-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 Neo_VPN-01; C:\Windows\System32\DRIVERS\Neo_0033.sys [28768 2014-07-25] (SoftEther VPN Project at University of Tsukuba, Japan.)
S0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2012-09-04] (Realtek Semiconductor Corp.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-05-31] (Duplex Secure Ltd.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-20] (Avast Software)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 HSPADataCardusbvoice; system32\DRIVERS\HSPADataCardusbvoice.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VSPerfDrv110; \??\F:\MS Visual Studio\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2050-07-17 04:55 - 2050-07-17 04:55 - 00000000 ____D () C:\ProgramData\eSellerate
2050-07-17 04:46 - 2050-07-17 06:37 - 00000000 ____D () C:\Program Files\NewBlue
2050-07-17 04:46 - 2050-07-17 06:36 - 00000000 ____D () C:\Program Files (x86)\NewBlue
2015-04-21 08:48 - 2015-04-21 08:48 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-20 19:14 - 2015-04-21 17:18 - 00000000 ____D () C:\FRST
2015-04-20 19:02 - 2015-04-20 19:02 - 00000000 ____D () C:\log
2015-04-20 19:01 - 2015-04-20 19:01 - 00000020 _____ () C:\Users\Genius\defogger_reenable
2015-04-20 19:00 - 2015-04-21 08:47 - 00000000 ____D () C:\Users\Genius\Desktop\Fix
2015-04-20 16:44 - 2015-04-21 08:49 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-04-20 16:43 - 2015-04-21 08:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-20 16:43 - 2015-04-20 16:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-20 16:43 - 2015-04-14 05:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-04-20 16:43 - 2015-04-14 05:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-04-20 16:43 - 2015-04-14 05:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-04-20 13:08 - 2015-04-21 06:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-20 13:08 - 2015-04-20 22:00 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4e9b19fa-cb61-47a2-a084-a863bfe9d254.job
2015-04-20 13:08 - 2015-04-20 21:08 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d9c2fefc-68e9-4ff9-8265-594b1da35d43.job
2015-04-20 13:08 - 2015-04-20 13:08 - 00003594 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 4e9b19fa-cb61-47a2-a084-a863bfe9d254
2015-04-20 13:08 - 2015-04-20 13:08 - 00003520 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task d9c2fefc-68e9-4ff9-8265-594b1da35d43
2015-04-20 13:08 - 2015-04-20 13:08 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\SUPERAntiSpyware.com
2015-04-20 13:08 - 2015-04-20 13:08 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-20 12:20 - 2015-04-20 12:20 - 00000000 ____D () C:\Users\Genius\Tracing
2015-04-20 06:45 - 2015-04-20 06:45 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\System32\aswBoot.exe
2015-04-20 06:45 - 2015-04-20 06:45 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-20 06:44 - 2015-04-20 06:44 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswNdisFlt.sys
2015-04-19 21:21 - 2015-04-21 12:46 - 00001120 _____ () C:\Windows\setupact.log
2015-04-19 21:21 - 2015-04-19 21:21 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-19 21:20 - 2015-04-21 06:39 - 00012392 _____ () C:\Windows\PFRO.log
2015-04-18 19:03 - 2015-04-19 21:14 - 00000000 ____D () C:\Windows\Minidump
2015-04-09 19:13 - 2015-04-09 19:13 - 00001720 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-09 19:12 - 2015-04-09 19:13 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-09 19:12 - 2015-04-09 19:13 - 00000000 ____D () C:\Program Files\iTunes
2015-04-09 19:12 - 2015-04-09 19:12 - 00000000 ____D () C:\Program Files\iPod
2015-04-09 19:12 - 2015-04-09 19:12 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-09 15:49 - 2015-04-09 15:49 - 00000000 ____D () C:\Users\Genius\AppData\Local\Ndemic Creations
2015-04-09 13:51 - 2015-04-09 13:51 - 00000222 _____ () C:\Users\Genius\Desktop\Plague Inc Evolved.url
2015-04-03 22:58 - 2015-04-03 22:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-03 11:23 - 2015-04-19 21:20 - 00002796 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-03 11:23 - 2015-04-03 11:23 - 00000789 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-03 11:22 - 2015-04-03 11:23 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-03 11:16 - 2015-03-24 10:00 - 00126976 _____ () C:\Windows\System32\ff_vfw.dll
2015-04-03 11:16 - 2015-03-24 10:00 - 00112128 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2015-04-03 11:16 - 2015-02-28 08:22 - 03571200 _____ (x264vfw project) C:\Windows\System32\x264vfw64.dll
2015-04-03 11:16 - 2015-02-28 08:21 - 03591680 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2015-04-03 11:16 - 2015-02-24 15:37 - 00655872 _____ () C:\Windows\SysWOW64\xvidcore.dll
2015-04-03 11:16 - 2015-02-24 15:37 - 00240128 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2015-04-03 11:16 - 2014-11-14 06:12 - 00254976 _____ () C:\Windows\System32\xvidvfw.dll
2015-04-03 11:16 - 2014-11-13 07:05 - 00729088 _____ () C:\Windows\System32\xvidcore.dll
2015-04-03 11:16 - 2012-07-21 03:55 - 00180736 _____ (fccHandler) C:\Windows\System32\ac3acm.acm
2015-04-03 11:16 - 2012-07-21 03:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2015-04-03 11:16 - 2011-12-07 10:37 - 00148992 _____ ( ) C:\Windows\System32\lagarith.dll
2015-04-03 11:16 - 2011-12-07 10:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2015-03-29 11:27 - 2015-03-29 11:27 - 00001162 _____ () C:\Users\Genius\Desktop\Pillars Of Eternity.lnk
2015-03-26 12:07 - 2015-03-26 12:07 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\com.shirogames.evoland
2015-03-25 07:47 - 2015-03-25 07:47 - 00000222 _____ () C:\Users\Genius\Desktop\Besiege.url
2015-03-22 00:38 - 2015-03-22 00:41 - 00000000 ____D () C:\Users\Genius\Documents\Heroes of the Storm
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-21 12:57 - 2013-07-11 22:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-21 12:53 - 2014-07-25 22:50 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2015-04-21 12:46 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-21 09:22 - 2014-08-28 13:04 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\DMCache
2015-04-21 09:22 - 2013-07-11 18:44 - 01640970 _____ () C:\Windows\WindowsUpdate.log
2015-04-21 09:21 - 2015-01-08 14:43 - 00000000 ____D () C:\Windows\Sun
2015-04-21 08:44 - 2013-07-11 22:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-21 06:54 - 2014-12-21 11:55 - 00004966 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Genius-PC-Genius Genius-PC
2015-04-21 06:48 - 2009-07-13 20:45 - 00026576 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-21 06:48 - 2009-07-13 20:45 - 00026576 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-21 06:42 - 2015-03-18 21:57 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\Dropbox
2015-04-20 22:00 - 2014-06-14 21:32 - 00000000 ____D () C:\Users\Genius\AppData\Local\Adobe
2015-04-20 19:14 - 2014-08-28 13:04 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\IDM
2015-04-20 19:01 - 2013-07-11 05:21 - 00000000 ____D () C:\users\Genius
2015-04-20 17:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing
2015-04-20 13:29 - 2013-07-12 09:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-20 12:21 - 2013-07-12 08:13 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\Skype
2015-04-20 12:19 - 2014-04-08 06:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-20 12:18 - 2013-07-12 08:13 - 00000000 ____D () C:\ProgramData\Skype
2015-04-20 12:15 - 2015-01-08 14:38 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-20 12:15 - 2015-01-08 14:38 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-20 06:45 - 2014-05-01 05:38 - 00029168 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2015-04-20 06:45 - 2014-01-01 03:57 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswStm.sys
2015-04-20 06:45 - 2013-07-12 09:12 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSP.sys
2015-04-20 06:45 - 2013-07-12 09:12 - 00271200 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2015-04-20 06:45 - 2013-07-12 09:12 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswRdr2.sys
2015-04-20 06:45 - 2013-07-12 09:12 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswMonFlt.sys
2015-04-20 06:45 - 2013-07-12 09:12 - 00065736 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2015-04-20 06:44 - 2013-07-12 09:32 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswKbd.sys
2015-04-20 06:44 - 2013-07-12 09:12 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSnx.sys
2015-04-19 21:44 - 2013-10-07 07:10 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\Notepad++
2015-04-19 21:17 - 2013-07-21 23:00 - 00000000 ____D () C:\Users\Genius\AppData\Local\CrashDumps
2015-04-19 21:09 - 2014-08-08 04:22 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\HpUpdate
2015-04-19 12:42 - 2013-07-13 04:25 - 00000000 ____D () C:\ProgramData\Xilisoft
2015-04-19 12:42 - 2013-07-13 04:25 - 00000000 ____D () C:\Program Files (x86)\Xilisoft
2015-04-19 12:17 - 2009-07-13 18:34 - 00000580 _____ () C:\Windows\win.ini
2015-04-18 21:38 - 2013-07-13 04:27 - 00000000 ____D () C:\Users\Genius\AppData\Roaming\Xilisoft
2015-04-18 18:56 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-04-18 17:44 - 2014-05-30 22:26 - 00418528 _____ () C:\Windows\System32\perfh011.dat
2015-04-18 17:44 - 2014-05-30 22:26 - 00123150 _____ () C:\Windows\System32\perfc011.dat
2015-04-18 17:44 - 2009-07-13 21:13 - 01316510 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-04-17 18:37 - 2015-02-03 19:11 - 00000000 ____D () C:\Users\Genius\Documents\Visual Studio 2012
2015-04-14 20:49 - 2013-07-11 22:10 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 20:49 - 2013-07-11 22:10 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 20:49 - 2013-07-11 22:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 11:28 - 2013-04-02 04:50 - 00000000 ____D () C:\temp
2015-04-09 19:12 - 2013-09-24 04:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-05 09:00 - 2013-07-11 21:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-03 11:36 - 2009-07-13 21:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-03 11:29 - 2013-07-13 04:26 - 00002189 _____ () C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate.lnk
2015-04-02 23:35 - 2014-09-03 16:23 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-04-02 16:02 - 2015-03-21 11:22 - 00000000 ____D () C:\Users\Genius\AppData\Local\Battle.net
2015-03-22 00:38 - 2015-03-21 11:21 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
 
Some content of TEMP:
====================
C:\Users\Genius\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv3uezz.dll
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2015-04-20 06:44:00
Restore point made on: 2015-04-20 06:47:12
Restore point made on: 2015-04-20 06:55:23
Restore point made on: 2015-04-21 06:35:57
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 3998.36 MB
Available physical RAM: 3372.83 MB
Total Pagefile: 3996.55 MB
Available Pagefile: 3361.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:66 GB) (Free:5.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Setup) (Fixed) (Total:200.01 GB) (Free:47.3 GB) NTFS
Drive e: (Game) (Fixed) (Total:199.75 GB) (Free:27.13 GB) NTFS
Drive g: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D51228AE)
Partition 1: (Active) - (Size=66 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=399.8 GB) - (Type=05)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)
 
 
LastRegBack: 2015-04-14 06:28
 
==================== End Of Log ============================


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:08 PM

Posted 21 April 2015 - 04:49 PM

Hi,

 

Download the following file => and save it to an USB flash drive.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST the way you did before.

When the tool opens click Yes to disclaimer.

Press the Fix button just once and wait.

The tool will make a log on the USB flash drive named (Fixlog.txt). Please post it to your reply.

Also reboot the computer to Normal Mode and let me know if that was successful.

 

 

Regards,

Georgi


cXfZ4wS.png


#11 The_Killer

The_Killer
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 21 April 2015 - 05:05 PM

After I restart, the long loading time happens again, which means it loads forever. Here is my log btw:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by SYSTEM at 2015-04-21 17:54:16 Run:3
Running from g:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
start
C:\Windows\system32\authuitu.dll
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION!
Reg: reg query HKLM\SOFTWARE\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb} /s
File: C:\Windows\system32\authui.dll
IFEO\ccleaner64.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\hamachi-2-ui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\pictureviewer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\quicktimeplayer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\youcam6.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-30] (TuneUp Software)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
C:\Program Files (x86)\TuneUp Utilities 2013
end
*****************
 
C:\Windows\system32\authuitu.dll => Moved successfully.
HKLM\Software\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb}\InprocServer32\\Default => Value was restored successfully.
 
========= reg query HKLM\SOFTWARE\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb} /s =========
 
 
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb}
    (Default)    REG_SZ    Authentication UI Logon UI
 
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb}\InProcServer32
    (Default)    REG_EXPAND_SZ    %SystemRoot%\system32\authui.dll
    ThreadingModel    REG_SZ    Apartment
    {00711705-12C5-420B-A4E5-6413F2AB3C7B}    REG_SZ    authui.dll
 
 
 
========= End of Reg: =========
 
 
========================= File: C:\Windows\system32\authui.dll ========================
 
MD5: 44D68D30151F7A3B6A3B1D0FEF383F52
Creation and modification date: 2013-05-22 11:06 - 2013-05-22 11:06
Size: 1931776
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: AUTHUI
Original Name: AUTHUI.DLL.MUI
Product Name: Microsoft?Windows?Operating System
Description: Windows Authentication UI
File Version: 6.1.7601.22269 (win7sp1_ldr.130226-1433)
Product Version: 6.1.7601.22269
Copyright: ?Microsoft Corporation. All rights reserved.
 
====== End Of File: ======
 
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccleaner64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\effectextractor.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hamachi-2-ui.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pictureviewer.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\quicktimeplayer.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uninst.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\youcam6.exe" => Key deleted successfully.
TuneUp.UtilitiesSvc => Service deleted successfully.
TuneUpUtilitiesDrv => Service deleted successfully.
C:\Program Files (x86)\TuneUp Utilities 2013 => Moved successfully.
 
==== End of Fixlog 17:54:18 ====


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:08 PM

Posted 21 April 2015 - 05:18 PM

Hi,

 

Please try this one => and then let me know about the results.

 

 

Regards,

Georgi


cXfZ4wS.png


#13 The_Killer

The_Killer
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 21 April 2015 - 06:25 PM

Hi, the problem remains and my computer doesn't even run or load anything, it just hangs at the welcome screen.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by SYSTEM at 2015-04-21 19:18:20 Run:4
Running from g:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
start
Reg: reg delete HKLM\SOFTWARE\Classes\CLSID\{00711705-12C5-420B-A4E5-6413F2AB3C7B} /f
Reg: reg delete HKLM\SOFTWARE\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb}\InprocServer32 /v {00711705-12C5-420B-A4E5-6413F2AB3C7B} /f
Reg: reg query HKLM\SOFTWARE\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb} /s
end
*****************
 
 
========= reg delete HKLM\SOFTWARE\Classes\CLSID\{00711705-12C5-420B-A4E5-6413F2AB3C7B} /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete HKLM\SOFTWARE\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb}\InprocServer32 /v {00711705-12C5-420B-A4E5-6413F2AB3C7B} /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg query HKLM\SOFTWARE\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb} /s =========
 
 
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb}
    (Default)    REG_SZ    Authentication UI Logon UI
 
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb}\InProcServer32
    (Default)    REG_EXPAND_SZ    %SystemRoot%\system32\authui.dll
    ThreadingModel    REG_SZ    Apartment
 
 
 
========= End of Reg: =========
 
 
==== End of Fixlog 19:18:20 ====


#14 The_Killer

The_Killer
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 21 April 2015 - 07:43 PM

After a super long time, the black screen shows up with a movable mouse. The computer does not respond to Ctrl+Alt+Delete or Alt+F4 or Ctrl+Shift+Escape (the hotkeys to open Task Manager). Later it showed that the "logon process" cannot open and cannot respond to Ctrl+Alt+Delete. This has already happened since the first time I reported it here.

Edited by The_Killer, 21 April 2015 - 07:56 PM.


#15 The_Killer

The_Killer
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 21 April 2015 - 08:04 PM

After about 10 mins, the Task Manager pops up. It seem like everything is super slow and "delayed" although my computer doesn't even load hard. I cannot click on anything in Task Manager at this time but I think after a while my click will have effect. I will try to end the explorer.exe process. This issue only happens during normal boot, for Safe Mode it works just fine.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users