Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible hidden virus/malware


  • Please log in to reply
15 replies to this topic

#1 Strem

Strem

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:22 PM

Posted 22 May 2015 - 04:50 PM

A few days ago I had a big problem with a malware that downloaded a lot of weird things to my computer at an alarming rate it also replaced my default browser with something I unfortunately don't remember the name of. I somehow managed to stop it and then ran MalwareBytes and got rid of a lot of of stuff including the new browser. A day or two after this incident MalwareBytes found 7 new threats and I removed them and now none of the anti virus programs I have detects anything.

 

However something weird has started to happen. When I turn off my computer a window flashes up right before it turns off, usually it's been too quick for me to catch however yesterday I got enough time to see that it was Internet Explorer (not my default browser) and it had several tabs open. I barely had enough time to read a word on the top tab which said something about Drugs. After that I've run Avast scans and MalwareBytes scans and neither picks anything up. I can't help but worry that there are some rests from the previous virus attack I had but I don't know what to do about it.

 

My OS is Windows 7



BC AdBot (Login to Remove)

 


m

#2 Strem

Strem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:22 PM

Posted 22 May 2015 - 05:16 PM

I just now ran another scan with mbam and it found 6 threats. Wajam (which was one i had removed during the first day), YorkNewCin, and HighDefAction. So it seems like these things keep coming back somehow.

 

Btw in case I should be more specific about my OS it's Windows 7 Home Premium.



#3 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 22 May 2015 - 05:29 PM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#4 Strem

Strem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:22 PM

Posted 23 May 2015 - 07:35 AM

Thank you for the help.

I ran all the scans you asked for. Zemana found JRT as a threat but I did not let it remove JRT as I know what it is. Everything else Zemano found I let it remove.

After the last restart after the Adware Cleaner scan I did not experience the issue with IE appearing and when the computer came back on I tested to turn it off to do an extra check, it did not appear that time either. I will test a few more times but for now I'll post the logs you asked for.

 

eScan

 
23 maj 2015 12:20:24 [0c28] - Source: D:\eScanAV\mwav.exe
23 maj 2015 12:20:24 [0c28] - Version 14.0.178 (C:\USERS\EMELIE\APPDATA\LOCAL\TEMP\MEXE.COM)
23 maj 2015 12:20:24 [0c28] - Loggfil: C:\Users\Emelie\AppData\Local\Temp\MWAV.LOG
23 maj 2015 12:20:24 [0c28] - MWAV Registered: TRUE
23 maj 2015 12:20:24 [0c28] - User Account: Emelie (Administrator Mode)
23 maj 2015 12:20:24 [0c28] - OS Type: Windows Workstation [InstallType: Client]
23 maj 2015 12:20:24 [0c28] - OS: Windows 7 64-Bit [OS Install Date: 17 Jan 2014 21:21:25]
23 maj 2015 12:20:24 [0c28] - Ver: Personal Service Pack 1 (Build 7601)
23 maj 2015 12:20:24 [0c28] - System Up Time: 5 Minutes, 42 Seconds
 
 
23 maj 2015 12:20:24 [0c28] - Parent Process Name : D:\eScanAV\mwav.exe
23 maj 2015 12:20:24 [0c28] - Windows Root  Folder: C:\Windows
23 maj 2015 12:20:24 [0c28] - Windows Sys32 Folder: C:\Windows\system32
23 maj 2015 12:20:24 [0c28] - DHCP NameServer: 193.11.164.10 193.11.164.11
23 maj 2015 12:20:24 [0c28] - Interface0 DHCPNameServer: 193.11.164.10 193.11.164.11
23 maj 2015 12:20:24 [0c28] - Interface1 DHCPNameServer: 192.168.42.129
23 maj 2015 12:20:24 [0c28] - Interface2 DHCPNameServer: 192.168.42.129
23 maj 2015 12:20:24 [0c28] - Interface3 DHCPNameServer: 192.168.42.129
23 maj 2015 12:20:24 [0c28] - Local Fixed Drives: c:\,d:\
23 maj 2015 12:20:24 [0c28] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
23 maj 2015 12:20:24 [0c28] - [CREATED ZIP FILE: C:\Users\Emelie\AppData\Local\Temp\pinfect.zip]
23 maj 2015 12:20:24 [0c28] - Senaste datum för filerna i MWAV: Mon Mar  2 17:13:53 2015.
23 maj 2015 12:20:26 [0c28] - ** Changed Value of "Path"
23 maj 2015 12:20:26 [0c28] - ** Changed Value of "HKEY_CLASSES_ROOT\.htm" from "ChromeHTML" to "htmlfile"
23 maj 2015 12:20:26 [0c28] - ** Changed Value of "HKEY_CLASSES_ROOT\.html" from "ChromeHTML" to "htmlfile"
23 maj 2015 12:20:26 [0c28] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Emelie\AppData\Local\Temp\ESCANDB.LOG]
23 maj 2015 12:20:30 [0c28] - Loaded/Created FileScan Cache Database...
23 maj 2015 12:20:30 [0c28] - Loading AV Library [DB]...
23 maj 2015 12:20:47 [0c28] - ArchiveScan: DISABLED
23 maj 2015 12:20:47 [0c28] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
23 maj 2015 12:20:47 [0c28] - MWAV doing self scanning...
23 maj 2015 12:20:48 [0c28] - MWAV files are clean.
23 maj 2015 12:20:57 [0c28] - ArchiveScan: DISABLED
23 maj 2015 12:20:57 [0c28] - Virus Database Date: 02 Mar 2015
23 maj 2015 12:20:57 [0c28] - Virus Database Count: 6701505
23 maj 2015 12:20:57 [0c28] - Sign Version: 7.59505 [518257]
23 maj 2015 12:21:08 [0c28] - Downloading AntiVirus and Anti-Spyware Databases...
23 maj 2015 12:22:56 [0c28] - Downloads Aborted!
23 maj 2015 12:22:59 [0c28] - Downloading AntiVirus and Anti-Spyware Databases...
23 maj 2015 12:28:38 [0c28] - Update Successful...
23 maj 2015 12:29:03 [0c28] - Indexed Spyware Databases Successfully Created...
23 maj 2015 12:29:03 [0c28] - Old Sign Version: 7.59505 New Sign Version: 7.60710
23 maj 2015 12:29:17 [0c28] - Reload of AntiVirus Signatures successfully done.
23 maj 2015 12:29:17 [0c28] - Virus Database Date: 23 May 2015
23 maj 2015 12:29:17 [0c28] - Virus Database Count: 5546829
23 maj 2015 12:29:17 [0c28] - Sign Version: 7.60710 [519462]
 
23 maj 2015 12:35:54 [0c28] - **********************************************************
23 maj 2015 12:35:54 [0c28] - MWAV - eScanAV AntiVirus Toolkit.
23 maj 2015 12:35:54 [0c28] - Copyright © MicroWorld Technologies
23 maj 2015 12:35:54 [0c28] - 
23 maj 2015 12:35:54 [0c28] - Support: support@escanav.com
23 maj 2015 12:35:54 [0c28] - Web: http://www.escanav.com
23 maj 2015 12:35:54 [0c28] - **********************************************************
23 maj 2015 12:35:54 [0c28] - Version 14.0.178[DB] (C:\USERS\EMELIE\APPDATA\LOCAL\TEMP\MEXE.COM)
23 maj 2015 12:35:54 [0c28] - Log File: C:\Users\Emelie\AppData\Local\Temp\MWAV.LOG
23 maj 2015 12:35:54 [0c28] - User Account: Emelie (Administrator Mode)
23 maj 2015 12:35:54 [0c28] - Parent Process Name : D:\eScanAV\mwav.exe
23 maj 2015 12:35:54 [0c28] - Windows Root  Folder: C:\Windows
23 maj 2015 12:35:54 [0c28] - Windows Sys32 Folder: C:\Windows\system32
23 maj 2015 12:35:54 [0c28] - OS: Windows 7 64-Bit [OS Install Date: 17 Jan 2014 21:21:25]
23 maj 2015 12:35:54 [0c28] - Ver: Personal Service Pack 1 (Build 7601)
23 maj 2015 12:35:54 [0c28] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
23 maj 2015 12:35:54 [0728] - Options Selected by User:
23 maj 2015 12:35:54 [0728] - Memory Check: Enabled
23 maj 2015 12:35:54 [0728] - Registry Check: Enabled
23 maj 2015 12:35:54 [0728] - StartUp Folder Check: Enabled
23 maj 2015 12:35:54 [0728] - System Folder Check: Enabled
23 maj 2015 12:35:54 [0728] - Services Check: Enabled
23 maj 2015 12:35:54 [0728] - Scan Spyware: Enabled
23 maj 2015 12:35:54 [0728] - Scan Archives: Disabled
23 maj 2015 12:35:54 [0728] - Drive Check: Enabled
23 maj 2015 12:35:54 [0728] - All Drive Check :Disabled
23 maj 2015 12:35:54 [0728] - Drive Selected = C:\
23 maj 2015 12:35:54 [0728] - Folder Check: Disabled
23 maj 2015 12:35:54 [0728] - SCAN: All_Files [ANSI]
23 maj 2015 12:35:54 [0728] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
23 maj 2015 12:35:54 [0728] - Scanning DNS Records...
23 maj 2015 12:35:54 [0728] - Scanning Master Boot Record (User)...
23 maj 2015 12:35:54 [0728] - Scanning Logical Boot Records...
23 maj 2015 12:35:55 [0728] - ***** Scanning For Hidden Rootkit Processes *****
23 maj 2015 12:35:55 [0728] - ***** Scanning For Hidden Rootkit Services *****
 
23 maj 2015 12:35:58 [0728] - ***** Scanning Memory Files *****
23 maj 2015 12:36:00 [0728] - Scanning File C:\Users\Emelie\AppData\Roaming\wpoduqtm\encecal.dll
23 maj 2015 12:36:00 [0728] - Module C:\Users\Emelie\AppData\Roaming\wpoduqtm\encecal.dll found loaded in Memory...
23 maj 2015 12:36:00 [0728] - Parent Process: D:\Antivirus\AVAST\avastui.exe
23 maj 2015 12:36:00 [0728] - Parent Process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
23 maj 2015 12:36:00 [0728] - List of all Processes Sharing [encecal.dll] : D:\Antivirus\AVAST\avastui.exe,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
23 maj 2015 12:36:00 [0728] - *** Terminating Infected Process D:\Antivirus\AVAST\avastui.exe,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe...
23 maj 2015 12:36:03 [0728] - *** Process still running!!! Trying again to Terminate D:\Antivirus\AVAST\avastui.exe,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe...
23 maj 2015 12:36:05 [0728] - *** Process still running!!! Trying again to Terminate D:\Antivirus\AVAST\avastui.exe,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe...
23 maj 2015 12:36:07 [0728] - *** Process still running!!! Trying again to Terminate D:\Antivirus\AVAST\avastui.exe,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe...
23 maj 2015 12:36:10 [0728] - *** Process still running!!! Trying again to Terminate D:\Antivirus\AVAST\avastui.exe,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe...
23 maj 2015 12:36:12 [0728] - *** Process still running!!! Trying again to Terminate D:\Antivirus\AVAST\avastui.exe,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe...
23 maj 2015 12:36:15 [0728] - *** Process still running!!! Trying again to Terminate D:\Antivirus\AVAST\avastui.exe,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe...
23 maj 2015 12:36:17 [0728] - *** Process still running!!! Trying again to Terminate D:\Antivirus\AVAST\avastui.exe,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe...
23 maj 2015 12:36:20 [0728] - *** Process still running!!! Trying again to Terminate D:\Antivirus\AVAST\avastui.exe,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe...
23 maj 2015 12:36:22 [0728] - *** Process still running!!! Trying again to Terminate D:\Antivirus\AVAST\avastui.exe,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe...
23 maj 2015 12:36:25 [0728] - *** Process still running!!! Trying again to Terminate D:\Antivirus\AVAST\avastui.exe,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe...
23 maj 2015 12:36:25 [0728] - *** Unable to Terminate process :-( Virus still in memory!
23 maj 2015 12:36:25 [0728] - File C:\Users\Emelie\AppData\Roaming\wpoduqtm\encecal.dll infected by "Application.Generic.1281625 (DB)" Virus! Action Taken: File Renamed.
 
23 maj 2015 12:36:25 [0728] - Dummy folder [C:\Users\Emelie\AppData\Roaming\wpoduqtm\encecal.dll] made to prevent virus recreation(3).
 
23 maj 2015 12:36:26 [0728] - ***** Scanning Registry Files *****
23 maj 2015 12:36:27 [0728] - ERROR(l)!!! Invalid Entry AppInit_DLLs = 90 (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken.
23 maj 2015 12:36:27 [0728] - ERROR(l)!!! Invalid Entry AppInit_DLLs = 90 (in key HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken.
 
23 maj 2015 12:36:28 [0728] - ***** Scanning StartUp Folders *****
23 maj 2015 12:36:48 [1108] - Scanning File C:\Users\Emelie\AppData\Roaming\4ftBUx2jHt
23 maj 2015 12:36:48 [1108] - File C:\Users\Emelie\AppData\Roaming\4ftBUx2jHt infected by "Adware.Agent.PMG[ZP] (DB)" Virus! Action Taken: File Deleted.
 
23 maj 2015 12:36:52 [1018] - Scanning File C:\Users\Emelie\AppData\Roaming\sursenel\encecal.dll
23 maj 2015 12:36:52 [1018] - File C:\Users\Emelie\AppData\Roaming\sursenel\encecal.dll infected by "Application.Generic.1281625 (DB)" Virus! Action Taken: File Deleted.
 
 
23 maj 2015 12:37:14 [0728] - ***** Scanning Service Files *****
23 maj 2015 12:37:22 [0728] - ERROR(2)!!! Invalid Entry \SystemRoot\system32\drivers\nvstusb.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\NvStUSB.
23 maj 2015 12:37:23 [0728] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
 
23 maj 2015 12:37:25 [0728] - ***** Scanning Registry and File system for Adware/Spyware *****
23 maj 2015 12:37:25 [0728] - Loading Spyware Signatures from new External Database [Name: C:\Users\Emelie\AppData\Local\Temp\spydb.avs, Size: 464724]...
23 maj 2015 12:37:25 [0728] - Indexed Spyware Databases Successfully Created...
 
 
23 maj 2015 12:37:27 [0728] - ***** Scanning Registry Files *****
23 maj 2015 12:37:28 [0728] - ERROR(l)!!! Invalid Entry AppInit_DLLs = 90 (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken.
23 maj 2015 12:37:28 [0728] - ERROR(l)!!! Invalid Entry AppInit_DLLs = 90 (in key HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken.
23 maj 2015 12:37:28 [0728] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
23 maj 2015 12:37:28 [0728] - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
23 maj 2015 12:37:28 [0728] - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
23 maj 2015 12:37:28 [0728] - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
23 maj 2015 12:37:28 [0728] - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
23 maj 2015 12:37:28 [0728] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
 
23 maj 2015 12:37:28 [0728] - ***** Scanning System32 Folders *****
 
 
23 maj 2015 12:38:54 [0728] - ***** Scanning Drive C:\ *****
23 maj 2015 12:43:00 [0e98] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{1F75D269-6D95-4B11-87F5-5552A9DBA59A}\nvoglv32.dl_) took 6162 ms
23 maj 2015 12:43:00 [1600] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{1F75D269-6D95-4B11-87F5-5552A9DBA59A}\nvcompiler.dl_) took 11888 ms
23 maj 2015 12:43:07 [0e98] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{5987CE13-6DF7-49D3-940B-B6F3AA70DF99}\nvoglv32.dl_) took 5273 ms
23 maj 2015 12:43:07 [1108] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{1F75D269-6D95-4B11-87F5-5552A9DBA59A}\nvoglv64.dl_) took 13260 ms
23 maj 2015 12:43:08 [0160] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{5987CE13-6DF7-49D3-940B-B6F3AA70DF99}\nvwgf2umx.dl_) took 5476 ms
23 maj 2015 12:43:08 [15e0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{5987CE13-6DF7-49D3-940B-B6F3AA70DF99}\nvcompiler.dl_) took 11388 ms
23 maj 2015 12:43:14 [0e98] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{7ACEA90C-1A94-4313-9AE3-D808DCBF9F73}\nvd3dumx.dl_) took 5413 ms
23 maj 2015 12:43:17 [17dc] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{5987CE13-6DF7-49D3-940B-B6F3AA70DF99}\nvoglv64.dl_) took 15865 ms
23 maj 2015 12:43:17 [1108] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{7ACEA90C-1A94-4313-9AE3-D808DCBF9F73}\nvoglv32.dl_) took 6989 ms
23 maj 2015 12:43:20 [0160] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{7ACEA90C-1A94-4313-9AE3-D808DCBF9F73}\nvwgf2umx.dl_) took 8408 ms
23 maj 2015 12:43:23 [1018] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{881BE1E6-F1EB-465E-95ED-9412C6E934C9}\nvcompiler.dl_) took 9235 ms
23 maj 2015 12:43:27 [15e0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{7ACEA90C-1A94-4313-9AE3-D808DCBF9F73}\nvoglv64.dl_) took 16068 ms
23 maj 2015 12:43:29 [0160] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{881BE1E6-F1EB-465E-95ED-9412C6E934C9}\nvoglv32.dl_) took 8705 ms
23 maj 2015 12:43:31 [1108] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{881BE1E6-F1EB-465E-95ED-9412C6E934C9}\nvwgf2umx.dl_) took 8470 ms
23 maj 2015 12:43:34 [0e98] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{B0B2CE5F-1828-4C62-9EB6-2E6E72EA4B50}\nvcompiler32.dl_) took 9937 ms
23 maj 2015 12:43:39 [15e0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{B0B2CE5F-1828-4C62-9EB6-2E6E72EA4B50}\nvd3dum.dl_) took 10125 ms
23 maj 2015 12:43:39 [1600] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{B0B2CE5F-1828-4C62-9EB6-2E6E72EA4B50}\nvd3dumx.dl_) took 10296 ms
23 maj 2015 12:43:39 [0924] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{881BE1E6-F1EB-465E-95ED-9412C6E934C9}\nvoglv64.dl_) took 19219 ms
23 maj 2015 12:43:40 [17dc] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{B0B2CE5F-1828-4C62-9EB6-2E6E72EA4B50}\nvcompiler.dl_) took 15771 ms
23 maj 2015 12:43:46 [0924] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{B0B2CE5F-1828-4C62-9EB6-2E6E72EA4B50}\nvwgf2um.dl_) took 6147 ms
23 maj 2015 12:43:48 [1108] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{B0B2CE5F-1828-4C62-9EB6-2E6E72EA4B50}\nvopencl64.dl_) took 8595 ms
23 maj 2015 12:43:49 [1018] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C04C1F8E-1F81-49D4-A394-148F62B675BE}\nvcompiler32.dl_) took 5834 ms
23 maj 2015 12:43:51 [0160] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{B0B2CE5F-1828-4C62-9EB6-2E6E72EA4B50}\nvoglv32.dl_) took 15819 ms
23 maj 2015 12:43:51 [17dc] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{B0B2CE5F-1828-4C62-9EB6-2E6E72EA4B50}\nvwgf2umx.dl_) took 10811 ms
23 maj 2015 12:43:56 [0e98] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{B0B2CE5F-1828-4C62-9EB6-2E6E72EA4B50}\nvoglv64.dl_) took 20608 ms
23 maj 2015 12:43:56 [0e98] - Scanning of C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{B0B2CE5F-1828-4C62-9EB6-2E6E72EA4B50}\nvoglv64.dl_ Timed out!!!
23 maj 2015 12:44:00 [17dc] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C04C1F8E-1F81-49D4-A394-148F62B675BE}\nvoglv32.dl_) took 8190 ms
23 maj 2015 12:44:05 [1600] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C04C1F8E-1F81-49D4-A394-148F62B675BE}\nvcompiler.dl_) took 22183 ms
23 maj 2015 12:44:05 [1600] - Scanning of C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C04C1F8E-1F81-49D4-A394-148F62B675BE}\nvcompiler.dl_ Timed out!!!
23 maj 2015 12:44:41 [15e0] - ScanFile (C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C04C1F8E-1F81-49D4-A394-148F62B675BE}\nvoglv64.dl_) took 48766 ms
23 maj 2015 12:44:41 [15e0] - Scanning of C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{C04C1F8E-1F81-49D4-A394-148F62B675BE}\nvoglv64.dl_ Timed out!!!
23 maj 2015 12:45:02 [1600] - ScanFile (C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroExt\libcef.dll) took 10639 ms
23 maj 2015 12:46:23 [1600] - ScanFile (C:\Program Files (x86)\Overwolf\0.81.34.0\libcef.dll) took 7020 ms
23 maj 2015 12:46:33 [0160] - ScanFile (C:\Program Files (x86)\Overwolf\0.84.95.0\libcef.dll) took 10094 ms
23 maj 2015 12:46:57 [17dc] - Scanning File C:\System Volume Information\{11fe79d8-ff2b-11e4-b79f-448a5b243a27}{3808876b-c176-4e48-b7ae-04046e6cc752}
23 maj 2015 12:46:57 [1108] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
23 maj 2015 12:46:57 [1600] - Scanning File C:\System Volume Information\{c7a6f6ee-0017-11e5-89e5-448a5b243a27}{3808876b-c176-4e48-b7ae-04046e6cc752}
23 maj 2015 12:46:57 [0924] - Scanning File C:\System Volume Information\{cf24d9d1-00c5-11e5-91bb-448a5b243a27}{3808876b-c176-4e48-b7ae-04046e6cc752}
23 maj 2015 12:46:57 [1018] - Scanning File C:\System Volume Information\{f8412293-001a-11e5-944b-448a5b243a27}{3808876b-c176-4e48-b7ae-04046e6cc752}
23 maj 2015 12:46:57 [0160] - Scanning File C:\System Volume Information\{cb286a0f-fec1-11e4-87e8-448a5b243a27}{3808876b-c176-4e48-b7ae-04046e6cc752}
23 maj 2015 12:46:57 [0e98] - Scanning File C:\System Volume Information\{feb77b64-fbc5-11e4-b5ea-448a5b243a27}{3808876b-c176-4e48-b7ae-04046e6cc752}
23 maj 2015 12:46:57 [15e0] - Scanning File C:\System Volume Information\{35389118-f951-11e4-8932-448a5b243a27}{3808876b-c176-4e48-b7ae-04046e6cc752}
23 maj 2015 13:05:08 [0e98] - ScanFile (C:\Windows\Drv\nvidia\Display.Driver\nvoglv32.dl_) took 5601 ms
23 maj 2015 13:05:13 [1018] - ScanFile (C:\Windows\Drv\nvidia\Display.Driver\nvcompiler.dl_) took 11513 ms
23 maj 2015 13:05:13 [15e0] - ScanFile (C:\Windows\Drv\nvidia\Display.Driver\nvoglv64.dl_) took 10094 ms
23 maj 2015 13:11:19 [1108] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_neutral_670c59f8be49c7d8\NvCplSetupInt.exe) took 6989 ms
23 maj 2015 13:12:14 [0e98] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_neutral_9c1e973d9668f4c2\NvCplSetupInt.exe) took 5647 ms
 
23 maj 2015 13:37:34 [0728] - ***** Checking for specific ITW Viruses *****
 
23 maj 2015 13:37:34 [0728] - ***** Scanning complete. *****
 
23 maj 2015 13:37:34 [0728] - *** Terminating Process EXPLORER.EXE as one of its child processes libraries was infected...
23 maj 2015 13:37:35 [0728] - Memory/System Found Infected!!! Rescanning all objects to ensure that system is clean...
 
23 maj 2015 13:37:35 [0728] - Options Selected by User:
23 maj 2015 13:37:35 [0728] - Memory Check: Enabled
23 maj 2015 13:37:35 [0728] - Registry Check: Enabled
23 maj 2015 13:37:35 [0728] - StartUp Folder Check: Enabled
23 maj 2015 13:37:35 [0728] - System Folder Check: Enabled
23 maj 2015 13:37:35 [0728] - Services Check: Enabled
23 maj 2015 13:37:35 [0728] - Scan Spyware: Enabled
23 maj 2015 13:37:35 [0728] - Scan Archives: Disabled
23 maj 2015 13:37:35 [0728] - Drive Check: Enabled
23 maj 2015 13:37:35 [0728] - All Drive Check :Disabled
23 maj 2015 13:37:35 [0728] - Drive Selected = C:\
23 maj 2015 13:37:35 [0728] - Folder Check: Disabled
23 maj 2015 13:37:35 [0728] - SCAN: All_Files [ANSI]
23 maj 2015 13:37:35 [0728] - MWAV Mode(B): Scan and Clean files (for viruses, adware and spyware)
 
23 maj 2015 13:37:35 [0728] - Scanning Master Boot Record (User)...
23 maj 2015 13:37:35 [0728] - Scanning Logical Boot Records...
23 maj 2015 13:37:37 [0728] - ***** Scanning For Hidden Rootkit Processes *****
23 maj 2015 13:37:37 [0728] - ***** Scanning For Hidden Rootkit Services *****
 
23 maj 2015 13:37:42 [0728] - ***** Scanning Memory Files *****
 
23 maj 2015 13:37:43 [0728] - ***** Scanning Registry Files *****
23 maj 2015 13:37:44 [0728] - ERROR(l)!!! Invalid Entry AppInit_DLLs = 90 (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken.
23 maj 2015 13:37:44 [0728] - ERROR(l)!!! Invalid Entry AppInit_DLLs = 90 (in key HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken.
 
23 maj 2015 13:37:46 [0728] - ***** Scanning StartUp Folders *****
 
23 maj 2015 13:37:49 [0728] - ***** Scanning Service Files *****
 
23 maj 2015 13:38:04 [0728] - ***** Scanning Registry and File system for Adware/Spyware *****
23 maj 2015 13:38:04 [0728] - Loading Spyware Signatures from new External Database [Name: C:\Users\Emelie\AppData\Local\Temp\spydb.avs, Size: 464724]...
23 maj 2015 13:38:04 [0728] - Indexed Spyware Databases Successfully Created...
 
 
23 maj 2015 13:38:05 [0728] - ***** Scanning Registry Files *****
23 maj 2015 13:38:06 [0728] - ERROR(l)!!! Invalid Entry AppInit_DLLs = 90 (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken.
23 maj 2015 13:38:06 [0728] - ERROR(l)!!! Invalid Entry AppInit_DLLs = 90 (in key HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken.
23 maj 2015 13:38:07 [0728] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
23 maj 2015 13:38:07 [0728] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
 
23 maj 2015 13:38:07 [0728] - ***** Scanning System32 Folders *****
 
 
23 maj 2015 13:38:54 [0728] - ***** Scanning Drive C:\ *****
23 maj 2015 13:39:22 [0924] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
23 maj 2015 13:39:22 [1108] - Scanning File C:\System Volume Information\{11fe79d8-ff2b-11e4-b79f-448a5b243a27}{3808876b-c176-4e48-b7ae-04046e6cc752}
23 maj 2015 13:39:22 [1018] - Scanning File C:\System Volume Information\{cf24d9d1-00c5-11e5-91bb-448a5b243a27}{3808876b-c176-4e48-b7ae-04046e6cc752}
23 maj 2015 13:39:22 [0e98] - Scanning File C:\System Volume Information\{c7a6f6ee-0017-11e5-89e5-448a5b243a27}{3808876b-c176-4e48-b7ae-04046e6cc752}
23 maj 2015 13:39:22 [0160] - Scanning File C:\System Volume Information\{f8412293-001a-11e5-944b-448a5b243a27}{3808876b-c176-4e48-b7ae-04046e6cc752}
23 maj 2015 13:39:22 [1600] - Scanning File C:\System Volume Information\{cb286a0f-fec1-11e4-87e8-448a5b243a27}{3808876b-c176-4e48-b7ae-04046e6cc752}
23 maj 2015 13:39:22 [15e0] - Scanning File C:\System Volume Information\{feb77b64-fbc5-11e4-b5ea-448a5b243a27}{3808876b-c176-4e48-b7ae-04046e6cc752}
23 maj 2015 13:39:22 [17dc] - Scanning File C:\System Volume Information\{35389118-f951-11e4-8932-448a5b243a27}{3808876b-c176-4e48-b7ae-04046e6cc752}
 
23 maj 2015 13:45:28 [0728] - ***** Checking for specific ITW Viruses *****
 
23 maj 2015 13:45:28 [0728] - ***** Scanning complete. *****
 
23 maj 2015 13:45:28 [0728] - Total Objects Scanned: 401338
23 maj 2015 13:45:28 [0728] - Total Critical Objects: 3
23 maj 2015 13:45:28 [0728] - Total Disinfected Objects: 0
23 maj 2015 13:45:28 [0728] - Total Objects Renamed: 1
23 maj 2015 13:45:28 [0728] - Total Deleted Objects: 2
23 maj 2015 13:45:28 [0728] - Total Errors: 9
23 maj 2015 13:45:28 [0728] - Time Elapsed: 00:56:23
23 maj 2015 13:45:28 [0728] - Virus Database Date: 23 May 2015
23 maj 2015 13:45:28 [0728] - Virus Database Count: 5546829
23 maj 2015 13:45:28 [0728] - Sign Version: 7.60710 [519462]
 
23 maj 2015 13:45:28 [0728] - Scan Completed.

 

 
Zemana
 
Zemana AntiMalware 2.14.2.667 (Installed)
-------------------------------------------------------
Scan Result           : Completed
Scan Date             : 2015-5-23
Operating System      : Windows 7 64-bit
Processor             : 4X Intel® Core™ i5-4570 CPU @ 3.20GHz
BIOS Mode             : Legacy
CUID                  : 0015B0138BB0614123B27A
Scan Type             : Deep Scan
Duration              : 16m 32s
Scanned Objects       : 35368
Detected Objects      : 9
Excluded Objects      : 0
Read Level            : SCSI
Auto Upload           : Yes
Show All Extensions   : No
Scan Documents        : No
Domain Info           : WORKGROUP,1,2
 
 
Detected Objects
-------------------------------------------------------
ninja-setup-3.0.6.exe
   Status             : Scanned
   Object             : D:\System Ninja\ninja-setup-3.0.6.exe
   MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
   Publisher          : -
   Size               : 2507200
   Version            : 0.0.0.0
   Detection          : Adware:Win32/OpenCandy
   Cleaning Action    : Quarantine
   Traces             :
                File - D:\System Ninja\ninja-setup-3.0.6.exe
 
JRT.exe
   Status             : Scanned
   Object             : D:\Junkware Removal Tool\JRT.exe
   MD5                : DE09A47A67B431663FB04037D30AD018
   Publisher          : -
   Size               : 2721010
   Version            : 1.2.0.715
   Detection          : Heur.Malicious!Pb
   Cleaning Action    : Quarantine
   Traces             :
                File - D:\Junkware Removal Tool\JRT.exe
 
JRT_NEW.exe
   Status             : Scanned
   Object             : %userprofile%\desktop\jrt_new.exe
   MD5                : 9EDE42D03EBE452AF3316ECC935DF4B9
   Publisher          : -
   Size               : 2720636
   Version            : 1.2.0.715
   Detection          : Heur.Malicious!Pb
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\desktop\jrt_new.exe
 
Edu App 1.0.1
   Status             : Scanned
   Object             : %appdata%\mozilla\firefox\profiles\zlogp3kh.default-1418236806722\extensions\{11944e07-3e46-4956-b8c7-7e52c7a44c1d}.xpi
   MD5                : 87F547DAE268A0FC2B43867B68C46B72
   Publisher          : -
   Size               : 9636
   Version            : -
   Detection          : Adware:Windows/Generic!Reee
   Cleaning Action    : Repair
   Traces             :
                File - %appdata%\mozilla\firefox\profiles\zlogp3kh.default-1418236806722\extensions\{11944e07-3e46-4956-b8c7-7e52c7a44c1d}.xpi
                Extension - Edu App 1.0.1
 
ticyver.dll
   Status             : Scanned
   Object             : %appdata%\wpoduqtm\ticyver.dll
   MD5                : 936DF537F21E98B4E3A9EC80D8AE1A00
   Publisher          : -
   Size               : 168960
   Version            : -
   Detection          : Adware:Win64/Blackoat.A!Eclr
   Cleaning Action    : Quarantine
   Traces             :
                File - %appdata%\wpoduqtm\ticyver.dll
 
encecal.dll.mwt
   Status             : Scanned
   Object             : %appdata%\wpoduqtm\encecal.dll.mwt
   MD5                : 78E1C1134DAFF65C33432CB711A9CD0B
   Publisher          : -
   Size               : 140800
   Version            : -
   Detection          : Adware:Win32/Vorniac.A!Aaak
   Cleaning Action    : Quarantine
   Traces             :
                File - %appdata%\wpoduqtm\encecal.dll.mwt
 
ticyver.dll
   Status             : Scanned
   Object             : %appdata%\sursenel\ticyver.dll
   MD5                : 936DF537F21E98B4E3A9EC80D8AE1A00
   Publisher          : -
   Size               : 168960
   Version            : -
   Detection          : Adware:Win64/Blackoat.A!Eclr
   Cleaning Action    : Quarantine
   Traces             :
                File - %appdata%\sursenel\ticyver.dll
                Registry - HKCU\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32\@
 
JRT.exe
   Status             : Scanned
   Object             : %temp%\jrt\jrt.exe
   MD5                : 9EDE42D03EBE452AF3316ECC935DF4B9
   Publisher          : -
   Size               : 2720636
   Version            : 1.2.0.715
   Detection          : Heur.Malicious!Pb
   Cleaning Action    : Quarantine
   Traces             :
                File - %temp%\jrt\jrt.exe
 
DAO.18491361.exe
   Status             : Scanned
   Object             : %localappdata%\nvidia\nvbackend\packages\00005af9\dao.18491361.exe
   MD5                : 1F4C7D1FDA53C41D7EC15D649A07A4F5
   Publisher          : -
   Size               : 12678
   Version            : -
   Detection          : Malware:Win32/Cognito.A!Kiee
   Cleaning Action    : Quarantine
   Traces             :
                File - %localappdata%\nvidia\nvbackend\packages\00005af9\dao.18491361.exe
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 9
Reported as safe      : 0
Failed                : 0
 
Junkware Removal Tool
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1218495941-2024567449-385090058-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Edu App
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Edu App
 
 
 
~~~ Files
 
Failed to delete: [File] C:\Users\Emelie\AppData\Roaming\wpoduqtm\encecal.dll [Adware.AdPeak?]
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files (x86)\globalupdate
Successfully deleted: [Folder] C:\Program Files (x86)\predm
Successfully deleted: [Folder] C:\Users\Emelie\appdata\local\crashrpt
Successfully deleted: [Folder] C:\Users\Emelie\appdata\local\globalupdate
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin
Successfully deleted: [Folder] C:\Users\Emelie\AppData\Roaming\wpoduqtm [Adware.AdPeak?]
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Emelie\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-05-23 at 14:13:26,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Adware Cleaner
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Emelie\AppData\Local\00000000-1431798516-0000-0000-448A5B243A27
Folder Deleted : C:\Users\Emelie\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\Emelie\AppData\Roaming\sursenel
File Deleted : C:\Users\Emelie\AppData\Roaming\BsduhdRIP5ChG
File Deleted : C:\Users\Emelie\AppData\Roaming\Mozilla\Firefox\Profiles\zlogp3kh.default-1418236806722\user.js
 
***** [ Scheduled tasks ] *****
 
Task Deleted : SmartWeb Upgrade Trigger Task
Task Deleted : amiupdaterExd
Task Deleted : amiupdaterExi
Task Deleted : SuperClick Auto Updater 1.10.0.16 Pending Update
Task Deleted : SuperClick Auto Updater 1.10.0.16 Core
Task Deleted : BsduhdRIP5ChG
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\c4230cd8-79e4-4237-bfc3-d66601998b88
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\sidecom
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7d0ff442-6ee9-4afb-74ec-015a61fc9fd0}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Mozilla Firefox v36.0.1 (x86 sv-SE)
 
[zlogp3kh.default-1418236806722\prefs.js] - Line Deleted : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
 
-\\ Google Chrome v43.0.2357.65
 
 
*************************
 
AdwCleaner[R0].txt - [4140 bytes] - [23/05/2015 14:16:54]
AdwCleaner[S0].txt - [3967 bytes] - [23/05/2015 14:18:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4026  bytes] ##########
 


#5 Strem

Strem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:22 PM

Posted 23 May 2015 - 07:49 AM

I've tried turning the computer off a few times and the only thing that happens now when I do, is that the screen blinks black once before it fades out to turn off. Still no IE in sight.



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 23 May 2015 - 05:38 PM

\

 

 

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Source: http://www.techsupportall.com/adware-removal-tool/

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan

http://www.eset.com/us/online-scanner/
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#7 Strem

Strem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:22 PM

Posted 24 May 2015 - 08:00 AM

I could not do the Eset Scan because I am not a resident of North America.

I've tried turning the computer off a few times again after the scans and it still blinks black once before it fades from the desktop to the windows logo or sometimes it goes black immediately and then the windows logo fades in.

 

Adware Removal Tool

 
Adware Removal Tool v3.9
Time: 2015_05_24_13_19_20
OS: Windows 7 - 64 Bit
Account Name: Emelie
U0L0S11
 
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
 
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}
 

 

\\ Finished
 
ZHP Cleaner

~ ZHPCleaner v2015.5.22.248 by Nicolas Coolman (2015\05\22)
~ Run by Emelie (Administrator)  (24/05/2015 14:15:27)
~ State version : No network file
~ Type : Repair
~ Report : C:\Users\Emelie\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Emelie\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (0)
~ No malicious items found.
 
 
---\\  Browser internet (4)
DELETED: [zlogp3kh.default-1418236806722] - user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__defu[...] (PUP.CrossBrowser)
DELETED: [zlogp3kh.default-1418236806722] - user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.moneti[...] (PUP.Monetization)
DELETED: [zlogp3kh.default-1418236806722] - user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.name", "CinemaPlu[...] (Adware.CrossRider)
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyHttp1.1 [Bad : 1]  (Hijacker.Proxy)
 
 
---\\  Hosts file (0)
~ No malicious items found.
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious items found.
 
 
---\\  Explorer ( File, Folder) (2)
MOVED file: C:\Windows\Installer\bce597.msi [sidecom - Advanced Installer 10.8 build 54215] (PUP.Sidecom)
MOVED folder*: C:\Program Files (x86)\13bacac9-e099-4050-ad50-3a3900410092 (Adware.CrossRider)
 
 
---\\  Registry ( Key, Value, Data) (5)
REPLACED data: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope \\\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} (Hijacker.SearchScopes)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinCheck [C:\Users\Emelie\AppData\Local\00000000-1431798516-0000-0000-448A5B243A27\bnsh410C.exe (Not File)] (PUP.Wincheck)
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Registry Helper Service [] (PUP.RegistryHelper)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1218495941-2024567449-385090058-1001\Products\244ff0d79ee6bfa447ce10a516cff90d [sursenel] (PUP.Sidecom)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 34270 [SEGA Genesis & Mega Drive Classics] (PUP.Genesis)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 1134
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 19
 
 
End of clean at 14:15:42
===================
ZHPCleaner-[R]-24052015-14_15_42.txt
ZHPCleaner-[S]-24052015-14_14_56.txt
 
Security Check

 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Zemana AntiMalware    
  Adobe Flash Player 16.0.0.235 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox 36.0.1 Firefox out of Date!  
 Google Chrome (43.0.2357.65) 
 Google Chrome (Plugins...) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST AvastSvc.exe   
 AVAST avastui.exe   
 AVAST ng vbox AvastVBoxSVC.exe 
 AVAST ng ngservice.exe  
 Zemana AntiMalware ZAM.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2 Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 

 

MiniToolBox

I noticed there are a lot of swedish in this log probably due to my os being set to swedish? eventhough that has not been an issue in previous logs. I hope you can still get the information you need out of this and if not I can translate the swedish the best i can if you want.

 

MiniToolBox by Farbar  Version: 11-05-2015 01

Ran by Emelie (administrator) on 24-05-2015 at 14:28:09
Running from "D:\MiniToolBox"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: MS-7821 Manufacturer: MSI
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
IP-konfiguration f�r Windows
 
DNS-matcharens cacheminne har rensats.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
Hosts file not detected in the default directory
========================= IP Configuration: ================================
 
Killer e2200 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Anslutning till lokalt nätverk (Connected)
 
 
# ----------------------------------
# IPv4-konfiguration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# Slut p� IPv4-konfigurationen
 
 
 
IP-konfiguration f�r Windows
 
   V�rddatornamn . . . . . . . . . . : emme
   Prim�rt DNS-suffix. . . . . . . . : 
   Nodtyp. . . . . . . . . . . . . . : Hybrid
   IP-routning aktiverat . . . . . . : Nej
   WINS-proxy aktiverat. . . . . . . : Nej
   S�klista f�r DNS-suffix . . . . . : studentnatet.se
 
Ethernet-anslutning Anslutning till lokalt n�tverk:
 
   Anslutningsspecifika DNS-suffix . : studentnatet.se
   Beskrivning . . . . . . . . . . . : Killer e2200 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Fysisk adress . . . . . . . . . . : 44-8A-5B-24-3A-27
   DHCP aktiverat. . . . . . . . . . : Ja
   Autokonfiguration aktiverat . . . : Ja
   L�nklokal IPv6-adress . . . . . . : fe80::b551:c80e:d2a7:fefa%11(Standard) 
   IPv4-adress . . . . . . . . . . . : 193.11.161.97(Standard) 
   N�tmask . . . . . . . . . . . . . : 255.255.255.0
   L�net erh�lls . . . . . . . . . . : den 24 maj 2015 14:17:22
   L�net upph�r. . . . . . . . . . . : den 24 maj 2015 14:42:22
   Standard-gateway. . . . . . . . . : 193.11.161.1
   DHCP-server . . . . . . . . . . . : 10.2.1.18
   IAID f�r DHCPv6 . . . . . . . . . : 239372891
   DUID f�r DHCPv6-klient. . . . . . : 00-01-00-01-1A-6B-37-F7-44-8A-5B-24-3A-27
   DNS-servrar . . . . . . . . . . . : 193.11.164.10
                                       193.11.164.11
   NetBIOS �ver TCP/IP . . . . . . . : Aktiverat
Server:  ns1.studentnatet.se
Address:  193.11.164.10
Aliases:  10.164.11.193.in-addr.arpa
 
Namn:    google.com
Addresses:  2a00:1450:400f:805::200e
 216.58.209.110
 
 
Skickar ping-signal till google.com [216.58.209.110] med 32 byte data:
Svar fr�n 216.58.209.110: byte=32 tid=9ms TTL=56
Svar fr�n 216.58.209.110: byte=32 tid=12ms TTL=56
 
Ping-statistik f�r 216.58.209.110:
    Paket: Skickade = 2, Mottagna = 2, F�rlorade = 0 (0 %),
Ungef�rlig �verf�ringstid i millisekunder:
    L�gsta = 9 ms, H�gsta = 12 ms, Medel = 10 ms
Server:  ns1.studentnatet.se
Address:  193.11.164.10
Aliases:  10.164.11.193.in-addr.arpa
 
Namn:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Skickar ping-signal till yahoo.com [98.138.253.109] med 32 byte data:
Svar fr�n 98.138.253.109: byte=32 tid=154ms TTL=48
Svar fr�n 98.138.253.109: byte=32 tid=154ms TTL=48
 
Ping-statistik f�r 98.138.253.109:
    Paket: Skickade = 2, Mottagna = 2, F�rlorade = 0 (0 %),
Ungef�rlig �verf�ringstid i millisekunder:
    L�gsta = 154 ms, H�gsta = 154 ms, Medel = 154 ms
 
Skickar ping-signal till 127.0.0.1 med 32 byte data:
Svar fr�n 127.0.0.1: byte=32 tid < 1 ms TTL=128
Svar fr�n 127.0.0.1: byte=32 tid < 1 ms TTL=128
 
Ping-statistik f�r 127.0.0.1:
    Paket: Skickade = 2, Mottagna = 2, F�rlorade = 0 (0 %),
Ungef�rlig �verf�ringstid i millisekunder:
    L�gsta = 0 ms, H�gsta = 0 ms, Medel = 0 ms
===========================================================================
Gr�nssnittslista
 11...44 8a 5b 24 3a 27 ......Killer e2200 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
===========================================================================
 
V�gtabell f�r IPv4
===========================================================================
Aktiva v�gar:
   N�tverksadress          N�tmask   Gateway-adress      Gr�nssnitt    M�tt
          0.0.0.0          0.0.0.0     193.11.161.1    193.11.161.97     20
        127.0.0.0        255.0.0.0         Vid lan         127.0.0.1    306
        127.0.0.1  255.255.255.255         Vid lan         127.0.0.1    306
  127.255.255.255  255.255.255.255         Vid lan         127.0.0.1    306
     193.11.161.0    255.255.255.0         Vid lan     193.11.161.97    276
    193.11.161.97  255.255.255.255         Vid lan     193.11.161.97    276
   193.11.161.255  255.255.255.255         Vid lan     193.11.161.97    276
        224.0.0.0        240.0.0.0         Vid lan         127.0.0.1    306
        224.0.0.0        240.0.0.0         Vid lan     193.11.161.97    276
  255.255.255.255  255.255.255.255         Vid lan         127.0.0.1    306
  255.255.255.255  255.255.255.255         Vid lan     193.11.161.97    276
===========================================================================
Best�ndiga v�gar:
  Inga
 
V�gtabell f�r IPv6
===========================================================================
Aktiva v�gar:
 Gr M�tt   N�tverk M�l              Gateway
  1    306 ::1/128                  Vid lan
 11    276 fe80::/64                Vid lan
 11    276 fe80::b551:c80e:d2a7:fefa/128
                                    Vid lan
  1    306 ff00::/8                 Vid lan
 11    276 ff00::/8                 Vid lan
===========================================================================
Best�ndiga v�gar:
  Inga
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/24/2015 02:18:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/24/2015 02:18:06 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (05/24/2015 02:18:06 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (05/24/2015 01:50:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/24/2015 01:50:52 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (05/24/2015 01:50:52 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (05/24/2015 10:40:58 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (05/24/2015 10:40:58 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (05/24/2015 10:40:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/23/2015 02:46:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (05/24/2015 02:25:42 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT instans)
Description: Det uppstod ett fel när det gjordes ett försök att läsa den lokala hosts-filen.
 
Error: (05/24/2015 02:18:18 PM) (Source: Service Control Manager) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten ZAM Controller Service skulle ansluta.
 
Error: (05/24/2015 02:17:36 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT instans)
Description: Det uppstod ett fel när det gjordes ett försök att läsa den lokala hosts-filen.
 
Error: (05/24/2015 02:07:15 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT instans)
Description: Det uppstod ett fel när det gjordes ett försök att läsa den lokala hosts-filen.
 
Error: (05/24/2015 01:58:40 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT instans)
Description: Det uppstod ett fel när det gjordes ett försök att läsa den lokala hosts-filen.
 
Error: (05/24/2015 01:50:29 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT instans)
Description: Det uppstod ett fel när det gjordes ett försök att läsa den lokala hosts-filen.
 
Error: (05/24/2015 01:47:29 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT instans)
Description: Det uppstod ett fel när det gjordes ett försök att läsa den lokala hosts-filen.
 
Error: (05/24/2015 01:38:32 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT instans)
Description: Det uppstod ett fel när det gjordes ett försök att läsa den lokala hosts-filen.
 
Error: (05/24/2015 01:30:00 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT instans)
Description: Det uppstod ett fel när det gjordes ett försök att läsa den lokala hosts-filen.
 
Error: (05/24/2015 01:22:56 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT instans)
Description: Det uppstod ett fel när det gjordes ett försök att läsa den lokala hosts-filen.
 
 
Microsoft Office Sessions:
=========================
Error: (05/24/2015 02:18:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/24/2015 02:18:06 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (05/24/2015 02:18:06 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (05/24/2015 01:50:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/24/2015 01:50:52 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (05/24/2015 01:50:52 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (05/24/2015 10:40:58 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (05/24/2015 10:40:58 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (05/24/2015 10:40:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/23/2015 02:46:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.3.39944 - BitTorrent Inc.)
140 (HKLM-x32\...\Steam App 242820) (Version:  - Carlsen Games)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
Autodesk Composite 2014 (HKLM\...\{5AAB972C-FF31-4B01-8445-50C42860EC02}) (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk DirectConnect 2014 64-bit (HKLM\...\{8FC7C2B2-0F64-4B35-AA3D-2B051D009243}) (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk MatchMover 2014 (HKLM\...\{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}) (Version: 14.00.0000 - Autodesk)
Autodesk Maya 2014 (HKLM\...\{7FA8BC5D-7CE4-42F3-8EAE-32DF5BAB53A7}) (Version: 16.0.0.0 - Autodesk) Hidden
Autodesk Maya 2014 (HKLM\...\Autodesk Maya 2014) (Version: 16.0.0.0 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Beneath a Steel Sky (HKLM-x32\...\Beneath a Steel Sky_is1) (Version:  - GOG.com)
BioShock 2 (HKLM-x32\...\{4A8B461A-9336-4CF9-98F4-14DD38E673F0}) (Version: 1.00.0000 - 2K Games)
BioShock 2 (HKLM-x32\...\{5454085C-129F-416C-9C0B-8B1000058301}) (Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version:  - Gaijin Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Braid (HKLM-x32\...\Steam App 26800) (Version:  - Number None)
Bridge Constructor (HKLM-x32\...\Steam App 250460) (Version:  - )
Brothers - A Tale of Two Sons (HKLM-x32\...\Steam App 225080) (Version:  - Starbreeze Studios AB)
Call of Juarez (HKLM-x32\...\Steam App 3020) (Version:  - Techland)
Casio SMF Conveter (HKLM-x32\...\{4AF6FE63-53AB-4D03-A4D0-8D42AC0A7856}) (Version: 1.00.0000 - Your Company Name) Hidden
Casio SMF Conveter (HKLM-x32\...\InstallShield_{4AF6FE63-53AB-4D03-A4D0-8D42AC0A7856}) (Version: 1.00.0000 - Your Company Name)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Electronic Super Joy (HKLM-x32\...\Steam App 244870) (Version:  - Michael Todd Games)
Electronic Super Joy: Groove City (HKLM-x32\...\Steam App 301460) (Version:  - Michael Todd Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GeForce Experience NvStream Client Components (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC) (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
I Have No Mouth, and I Must Scream (HKLM-x32\...\GOGPACKIHAVENOMOUTH_is1) (Version: 2.0.0.7 - GOG.com)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3131 - Intel Corporation)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
Little Big Adventure (HKLM-x32\...\1207658971_is1) (Version: 2.1.0.22 - GOG.com)
Little Big Adventure 2 (HKLM-x32\...\1207658974_is1) (Version: 2.1.0.8 - GOG.com)
Livestream Producer (HKLM-x32\...\{D33E7A89-F009-4389-A05A-7A076F87E153}) (Version: 1.0.3 - Livestream)
Machinarium (HKLM-x32\...\GOGPACKMACHINARIUM_is1) (Version: 2.0.0.6 - GOG.com)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
mental ray renderer for Autodesk Maya 2014 (HKLM\...\{4F5AD3FF-38C6-43FB-BB6F-8EF830DEDF16}) (Version: 13.0.0.0 - mental ray)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Montague's Mount (HKLM-x32\...\GOGPACKMONTAGUESMOUNT_is1) (Version: 2.0.0.5 - GOG.com)
Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version:  - Virtual Heroes)
Mozilla Firefox 36.0.1 (x86 sv-SE) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 sv-SE)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Neverwinter Nights 2: Platinum (HKLM-x32\...\Steam App 2760) (Version:  - Obsidian Entertainment)
NVIDIA 3D Vision drivrutin 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA 3D Vision drivrutin för styrenhet 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafikdrivrutin 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD audiodrivrutin 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX systemprogramvara 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Octodad (HKLM-x32\...\Octodad) (Version:  - )
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.85.190.0 - Overwolf Ltd.)
Probability 0 (HKLM-x32\...\Steam App 258070) (Version:  - Droqen)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.)
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
RollerCoaster Tycoon Deluxe (HKLM-x32\...\GOGPACKRTC_is1) (Version: 2.1.0.18 - GOG.com)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
ScummVM 0.10.0 (HKLM-x32\...\ScummVM_is1) (Version:  - )
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version:  - Raven Software)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version:  - BioWare)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
System Ninja version 3.0.6 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.6 - SingularLabs)
Tales from the Borderlands (HKLM-x32\...\Steam App 330830) (Version:  - Telltale Games)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Wacom Tablet (HKLM-x32\...\Wacom Tablet Driver) (Version:  - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.4 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.3 - Wacom Technology Corp.)
Widevine Media Optimizer Chrome 6.0.0 (HKCU\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Widevine Media Optimizer Chrome 6.0.0 (HKLM-x32\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Windows Driver Package - CASIO (CCUSBMIDI) MEDIA  (02/24/2012 1.00.00.0004) (HKLM\...\74347E8ACBB0CD4B3A12C89F2E2FAA6CEFBE40CA) (Version: 02/24/2012 1.00.00.0004 - CASIO)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wipe (HKLM\...\wipe) (Version: 2015.05 - PrivacyRoot.com)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.14.667 - Zemana Ltd.)
 
========================= Devices: ================================
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*TEREDO\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 21%
Total physical RAM: 8070.01 MB
Available physical RAM: 6358.77 MB
Total Pagefile: 16138.23 MB
Available Pagefile: 14281.59 MB
Total Virtual: 4095.88 MB
Available Virtual: 3981 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:97.66 GB) (Free:29.67 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:368.1 GB) (Free:104.45 GB) NTFS
 
========================= Users: ========================================
 
Anv„ndarkonton f”r \\EMME
 
Administrat”r            Emelie                   G„st                     
Kommandot har utf”rts.
 
 
**** End of log ****


#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 24 May 2015 - 03:29 PM

 

I could not do the Eset Scan because I am not a resident of North America...

 

 

https://chrome.google.com/webstore/detail/hola-better-internet/gkojfkhlekighikafcpjkiklfbnlmeio?hl=en

 

Install the Hola extension, download eset scan with American ip...



#9 Strem

Strem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:22 PM

Posted 24 May 2015 - 06:41 PM

Eset Scan

C:\AdwCleaner\Quarantine\C\Users\Emelie\AppData\Local\00000000-1431798516-0000-0000-448A5B243A27\bnsh410C.exe.vir a variant of Win32/Adware.ConvertAd.OU application cleaned by deleting - quarantined
C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan cleaned by deleting - quarantined
D:\CCleaner\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
D:\Spel\Child of Light\Child of Light\steam_api.dll a variant of Win32/HackTool.Crack.CS potentially unsafe application deleted - quarantined
D:\System Ninja\ninja-setup-3.0.6.exe Win32/OpenCandy potentially unsafe application deleted - quarantined


#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 24 May 2015 - 08:04 PM

  • Click here to download  RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.

r7b6F8y.png

After you run this tool, make a new scan with minitoolbox and tick only list hosts.  Post that log, in your next reply.

 

 

 

 

 

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 

 

9-Lab Scan
 
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
 

http://9-lab.com/download/

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.

ZT1y9rP.png

Now go to the scanner tab and select Full Scan.

k68m97f.png

Upon Scan Completion Click Show Results.

FihDIFx.png

Now click the Clean button.

eCCJKcA.png

Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.

 

 

Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt


#11 Strem

Strem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:22 PM

Posted 25 May 2015 - 07:29 AM

Malwarebyte Anti-Rootkit found nothing.

 

Minitoolbox

MiniToolBox by Farbar  Version: 11-05-2015 01

Ran by Emelie (administrator) on 25-05-2015 at 12:49:05
Running from "C:\Users\Emelie\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: MS-7821 Manufacturer: MSI
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================
 
::1             localhost
127.0.0.1       localhost
 
 
**** End of log ****
 

 

Malwarebytes

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Skanningsdatum: 2015-05-25
Skanningstid: 12:50:50
Loggfil: malwarebytes.txt
Administratör: Ja
 
Version: 2.01.6.1022
Databas med skadliga program: v2015.05.25.03
Databas med rootkit: v2015.05.24.01
Licens: Gratis
Skydd mot skadliga program: Inaktiverat
Skydd mot skadliga webbplatser: Inaktiverat
Självförsvar: Inaktiverat
 
OS: Windows 7 Service Pack 1
CPU: x64
Filsystem: NTFS
Användare: Emelie
 
Skanningstyp: Hotskanning
Resultat: Slutförd
Skannade objekt: 380456
Förfluten tid: 5 min, 59 sek
 
Minne: Aktiverat
Autostart: Aktiverat
Filsystem: Aktiverat
Arkivfiler: Aktiverat
Rootkits: Inaktiverat
Heuristik: Aktiverat
PUP: Aktiverat
PUM: Aktiverat
 
Processer: 0
(Inga skadliga poster upptäckta)
 
Moduler: 0
(Inga skadliga poster upptäckta)
 
Registernycklar: 0
(Inga skadliga poster upptäckta)
 
Registervärden: 0
(Inga skadliga poster upptäckta)
 
Registerdata: 0
(Inga skadliga poster upptäckta)
 
Mappar: 0
(Inga skadliga poster upptäckta)
 
Filer: 0
(Inga skadliga poster upptäckta)
 
Fysiska sektorer: 0
(Inga skadliga poster upptäckta)
 
 
(end)
 
9-Lab

9-lab Removal Tool 1.0.0.34 BETA
9-lab.com
 
Database version: 104.31387
 
Windows 7 Service Pack 1 (Version 6.1, Build 7601, 64-bit Edition)
Internet Explorer 9.11.9600.17801
Emelie :: EMME
 
2015-05-25 13:04:01
9lab-log-2015-05-25 (13-04-01).txt
 
Scan type: Full
Objects scanned: 46939
Time Elapsed: 1 h 2 m
 
Registry Keys detected: 26
Adware.RPL.Wajam.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.google.oneclickctrl.10]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A6D54287-7939-466A-8579-92546D946C8C}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}]
Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}]
Adware.RPL.Crossrider.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AppDataLow\Software\_CrossriderRegNamePlaceHolder_]
Adware.RPL.Boxore.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
Adware.RPL.Boxore.vb [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}]
 
 
Files detected: 11
[031EC0A5106F1DD7EDDDEFE566D0C95A] Trojan.FPL.Rotbrow.vb [c:\users\emelie\appdata\roaming\ZHP\Quarantine]
[39BB5E1787E2DBA4FE0AE133598793A3] Trojan.FPL.Rotbrow.vb [c:\users\emelie\appdata\roaming\ZHP\ZHPCleaner-[R]-24052015-14_15_42.txt]
[3EA52DC3E17628C5525210314F60E1C0] Trojan.FPL.Rotbrow.vb [c:\users\emelie\appdata\roaming\ZHP\ZHPCleaner-[S]-24052015-14_14_56.txt]
[3C0E0A84434A1AB1B1A521B0FCBA4806] Trojan.FPL.Rotbrow.vb [c:\users\emelie\appdata\roaming\ZHP\ZHPCleaner.txt]
[8EA1EEB404DE1C6C224B254B12C9C60A] Trojan.FPL.Rotbrow.vb [c:\users\emelie\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt]
[A218E9623B0F30A816423847E4BAC850] Trojan.FPL.Rotbrow.vb [c:\users\emelie\appdata\roaming\ZHP\ZHPQ_Files.txt]
[5B73E70C3FD8EBFC6F284001C615749C] Malware.Win32.Gen.sm [D:\AdwCleaner\adwcleaner_4.205.exe]
[45153830FE14DC7770E3CEC6E765AB89] Malware.Win32.Gen.sm!s1 [D:\Spel\Child of Light\Child of Light\ChildofLight.exe]
[47F799D1B8571B70E16A5DCAF22ECB64] Malware.Win32.Gen.sm!s1 [D:\Spel\LOOOOL\LeagueofLegends_EUNE_Installer_9_15_2014.exe]
[0A170D9B50B29C5209248D95417C16DA] Malware.Win32.Gen.sm [C:\Users\Emelie\Desktop\rsthosts_2.0.exe]
[034B175599A2396343900850D4EF21A9] Malware.Win32.Gen.sm [D:\Spel\Steam\SteamApps\common\Skyrim\TESV.exe]
 

Edited by Strem, 25 May 2015 - 07:31 AM.


#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 25 May 2015 - 09:52 AM

How is your machine running now?



#13 Strem

Strem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:22 PM

Posted 25 May 2015 - 04:33 PM

I have not experienced anything weird so far. Have not seen internet explorer pop up when I turn it off since I went through the very first batch of scans.


Thank you so much for the help. :)



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 25 May 2015 - 05:55 PM

Update your software.

https://patchmypc.net/freeupdater/PatchMyPC.exe

 

https://patchmypc.net/download

 

 

Qualys BrowserCheck To update plugins.

Safe Browsing Tool Web of trust to keep away from shady sites.

Unchecky  To avoid bundled software.

Adblock Plus  To browse the web ad free.

Malwarebytes Anti-Exploit To block Zero day attacks.

Malwarebytes | StartUpLITE To disable un-needed start ups.

Add Ultimate list.

https://www.fanboy.co.nz/filters.html

http://www.toolwiz.com/en/products/toolwiz-smart-defrag/ Defrag your machine.

adguard use with adblock for basically zero ads

https://chrome.google.com/webstore/detail/adguard-adblocker/bgnkhhnnamicmpeenaelnjfhikgbkllg?hl=en

https://addons.mozilla.org/en-uS/firefox/addon/adguard-adblocker/

 

 

 

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt



#15 Strem

Strem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:22 PM

Posted 27 May 2015 - 05:00 PM

I will look into this soon, I have been swamped with school and have had very little time to look over my personal computer. It seems like it is running as smoothly as it did before the virus hit.

 

again, thank you so much for your help. :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users