Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Malware/Virus Help Please


  • Please log in to reply
10 replies to this topic

#1 CompuhelpNC

CompuhelpNC

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 23 June 2015 - 11:39 PM

Hello all,

 

I recently tried to download a program and am now infected. Forgive my ignorance, I'm not quite sure the difference between malware, spyware, or an actual virus, but I have a few issues going on that I would greatly appreciate help with if possible!

 

- Computer functions normally outside of internet use (Chrome, IE, Firefox all have been uninstalled / re-installed and issues have persisted)

- "Virus" doesn't seem to affect Google searches, but on any other webpage, the screen goes dark (still visible in the background) and an "x" in a circle is in the middle of the screen. When clicked - a new tab opens with a bogus virus removal page. 

         - A new tab with "virus removal" info pops up when any link is clicked on any website. 

- Words are underlined and highlighted on websites linking to ads and pop ups.

- Any new website I visit automatically downloads a file named "Setup", and the Type is "Pinned Site Shortcut" 1 KB.

 

I have McAfee and nothing shows up when running a Full System scan, and have run Malwarebytes several times, and it often finds spyware to remove, but unfortunately the problem persists even afterwards.

 

McAfee recently found and "removed" Multiplug-fxw, but the problem still persists. 

 

Any help that can be provided would be so, extremely helpful! Thank you!!


Edited by CompuhelpNC, 23 June 2015 - 11:43 PM.


BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:03:21 AM

Posted 24 June 2015 - 03:01 AM

Hello  :hello: ,

 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

§  Flush DNS

§  Report IE Proxy Settings

§  Reset IE Proxy Settings

§  Report FF Proxy Settings

§  Reset FF Proxy Settings

§  List content of Hosts

§  List IP configuration

§  List Winsock Entries

§  List last 10 Event Viewer log

§  List Installed Programs

§  List Devices

§  List Users, Partitions and Memory size.

§  List Minidump Files

§  List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

---------------

 

If you already have MBAM 2.0 installed, run it again:

 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

 

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

 

-----

 

Download AdwCleaner by "Xplode", and save it on Desktop. 

 

* Double click to run program. 

* Click on [Scan] button and wait for program to finish. 

* Click on button [Cleaning].

Program will close all active windows. Click Ok to confirm. 

* After restart log will appear (C:\AdwCleaner[S0].txt). Copy log into this topic.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 CompuhelpNC

CompuhelpNC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 02 July 2015 - 10:22 PM

Serverac,

 

Thank you so much for offering to help me with this problem. 

 

I apologize for the delay in response, I've been away on business and not with the infected laptop.


The MiniToolBox log is as follows:

 

MiniToolBox by Farbar  Version: 01-07-2015
Ran by broju_000 (administrator) on 02-07-2015 at 23:18:05
Running from "C:\Users\broju_000\Desktop"
Microsoft Windows 8.1  (X64)
Model: 20270 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Broadcom 802.11ac Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Lenovo-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : B8-EE-65-4A-9C-CF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1A-CF-5E-5B-19-CD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : C4-54-44-13-CC-8C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom 802.11ac Network Adapter
   Physical Address. . . . . . . . . : 18-CF-5E-5B-19-CD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, July 2, 2015 11:15:54 PM
   Lease Expires . . . . . . . . . . : Friday, July 3, 2015 11:15:58 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:400d:c04::66
 4.34.16.24
 4.34.16.30
 4.34.16.54
 4.34.16.25
 4.34.16.45
 4.34.16.40
 4.34.16.20
 4.34.16.49
 4.34.16.29
 4.34.16.44
 4.34.16.34
 4.34.16.39
 4.34.16.59
 4.34.16.55
 4.34.16.35
 4.34.16.50
 
 
Pinging google.com [4.34.16.24] with 32 bytes of data:
Reply from 4.34.16.24: bytes=32 time=3ms TTL=61
Reply from 4.34.16.24: bytes=32 time=3ms TTL=61
 
Ping statistics for 4.34.16.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 3ms, Maximum = 3ms, Average = 3ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 2001:4998:58:c02::a9
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=77ms TTL=54
Reply from 98.139.183.24: bytes=32 time=77ms TTL=54
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 77ms, Maximum = 77ms, Average = 77ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...b8 ee 65 4a 9c cf ......Bluetooth Device (Personal Area Network)
  5...1a cf 5e 5b 19 cd ......Microsoft Wi-Fi Direct Virtual Adapter
  4...c4 54 44 13 cc 8c ......Realtek PCIe GBE Family Controller
  3...18 cf 5e 5b 19 cd ......Broadcom 802.11ac Network Adapter
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.4     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.4    281
      192.168.1.4  255.255.255.255         On-link       192.168.1.4    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.4    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.4    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\windows\System32\Umerto64.dll [File Not found] ()
x64-Catalog9 02 C:\windows\System32\Umerto64.dll [File Not found] ()
x64-Catalog9 03 C:\windows\System32\Umerto64.dll [File Not found] ()
x64-Catalog9 04 C:\windows\System32\Umerto64.dll [File Not found] ()
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 15 C:\windows\System32\Umerto64.dll [File Not found] ()
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/02/2015 11:14:27 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-07-03T04:20:27Z. Error Code: 0x80040154.
 
Error: (07/02/2015 11:13:57 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-07-03T04:20:57Z. Error Code: 0x80040154.
 
Error: (07/02/2015 11:13:27 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-07-03T04:20:27Z. Error Code: 0x80040154.
 
Error: (07/02/2015 11:12:57 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-07-03T04:20:57Z. Error Code: 0x80040154.
 
Error: (07/02/2015 11:12:27 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-07-03T04:20:27Z. Error Code: 0x80040154.
 
Error: (07/02/2015 11:11:57 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-07-03T04:20:57Z. Error Code: 0x80040154.
 
Error: (07/02/2015 11:11:27 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-07-03T04:20:27Z. Error Code: 0x80040154.
 
Error: (07/02/2015 11:10:57 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-07-03T04:20:57Z. Error Code: 0x80040154.
 
Error: (07/02/2015 11:10:27 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-07-03T04:20:27Z. Error Code: 0x80040154.
 
Error: (07/02/2015 11:09:57 PM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-07-03T04:20:57Z. Error Code: 0x80040154.
 
 
System errors:
=============
Error: (07/02/2015 11:17:55 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070057
 
Error: (07/02/2015 11:17:55 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0xc00d4268
 
Error: (07/02/2015 11:17:55 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070057
 
Error: (07/02/2015 11:17:55 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0xc00d4268
 
Error: (07/02/2015 11:17:55 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0xc00d4268
 
Error: (07/02/2015 11:17:51 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following service-specific error: 
%%2147952506
 
Error: (07/02/2015 11:17:51 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147952506.
 
Error: (07/02/2015 11:17:50 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following service-specific error: 
%%2147952506
 
Error: (07/02/2015 11:17:50 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147952506.
 
Error: (07/02/2015 11:17:12 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
 
Microsoft Office Sessions:
=========================
Error: (07/02/2015 11:14:27 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542015-07-03T04:20:27Z
 
Error: (07/02/2015 11:13:57 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542015-07-03T04:20:57Z
 
Error: (07/02/2015 11:13:27 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542015-07-03T04:20:27Z
 
Error: (07/02/2015 11:12:57 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542015-07-03T04:20:57Z
 
Error: (07/02/2015 11:12:27 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542015-07-03T04:20:27Z
 
Error: (07/02/2015 11:11:57 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542015-07-03T04:20:57Z
 
Error: (07/02/2015 11:11:27 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542015-07-03T04:20:27Z
 
Error: (07/02/2015 11:10:57 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542015-07-03T04:20:57Z
 
Error: (07/02/2015 11:10:27 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542015-07-03T04:20:27Z
 
Error: (07/02/2015 11:09:57 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542015-07-03T04:20:57Z
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-07-02 23:15:49.275
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-01 09:24:17.068
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-24 22:22:19.923
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-24 22:04:08.502
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-24 21:25:51.895
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-24 09:14:12.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-24 01:41:34.208
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-22 23:06:03.341
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-22 19:24:42.768
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-18 16:37:25.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
64 Bit HP CIO Components Installer (HKLM\...\{F8F948EA-5AEA-4158-8821-A2F788ECE936}) (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9B3B4129-220E-42C7-9C5B-91C65E0885B4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - )
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.228 - Broadcom Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B865FDD4-E96E-4166-BB69-6E8C207E3E29}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\{B865FDD4-E96E-4166-BB69-6E8C207E3E29}) (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (HKLM\...\{9464C064-AAC7-4416-BFE4-4C3C0232FC71}) (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (HKLM-x32\...\{5D0275EA-F3CE-450A-A5A3-F852E30CA46F}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (HKLM-x32\...\{994F3055-8433-46A7-8E1F-6CC7B68B01F0}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (HKLM-x32\...\{EFB8E269-0619-475B-8C5B-96F98551AA33}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (HKLM-x32\...\{84749C5C-FA80-4779-BD96-544165A8CD31}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (HKLM-x32\...\{30FAE453-9F77-4F70-928E-042BEF00D011}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (HKLM-x32\...\{41263A64-D276-484F-9056-AD58C8995E35}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (HKLM-x32\...\{8DADD35F-49CE-4D18-AE6D-135DD150E74F}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (HKLM-x32\...\{7F5DE3F2-5865-4D4A-89D1-AAEFE1F96E50}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (HKLM-x32\...\{657EAD32-8E7A-43C0-A794-3BB31B00DC34}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (HKLM-x32\...\{D29A4F85-0FB7-4E54-B591-044652C4295F}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (HKLM-x32\...\{0A0143FF-ECB5-4960-A2E0-DC3150ABBBE0}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (HKLM-x32\...\{950055ED-DC61-4874-8EDB-E5CDE1D218CD}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (HKLM-x32\...\{F3286FA3-DF68-4948-8D1D-ED3A539077B3}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (HKLM-x32\...\{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (HKLM-x32\...\{877522BE-A318-4603-9B00-DF319C6FA2B1}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (HKLM-x32\...\{4C614BD3-607E-4289-BB51-4D87EC7BBD62}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (HKLM-x32\...\{246FE426-2661-4DD6-9603-DF2E6832387C}) (Version: 17.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (HKLM-x32\...\_{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.0.0.491 - Corel Corporation)
CorelDRAW Graphics Suite X7 (HKLM-x32\...\{08A60D9D-C206-46BF-9602-1F2616878CF7}) (Version: 17.0 - Corel Corporation) Hidden
CyberLink BD_3D Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.6410 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dragon Assistant version 1.5.22 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.22 - Nuance Communications, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.32 - Lenovo)
Flixster (HKCU\...\cde6baecc037497b) (Version: 2.2.0.304 - Flixster)
FrostWire 6.1.2 (HKLM-x32\...\FrostWire 6) (Version: 6.1.2.2 - FrostWire LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iExplorer 3.7.6.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel Experience Center - Configuration (HKLM-x32\...\{C73A16B7-AC35-4262-9BAF-DA9B2039A563}) (Version: 1.9.0.8 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{5D239A92-31A4-4FCA-967D-F9EA8E1FDF6A}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9800 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.3.5000 - Maxthon International Limited)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\safekey) (Version: 2.2.3 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.6.0.202 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.316 - McAfee, Inc.)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 en-US)) (Version: 31.2.0 - Mozilla)
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
Nuance Speech Component DA-A en-US version 1.5.22 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.22 - Nuance Communications, Inc.)
Nuance Speech Component DA-C version 1.1.22 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.22 - Nuance Communications, Inc.)
Nuance Speech Component DA-L en-US version 1.1.5 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.5 - Nuance Communications, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Pokki (HKCU\...\Pokki) (Version: 0.269.2.405 - Pokki)
Prezi (HKLM-x32\...\{63B8F931-2BF3-4D5D-9C28-E2EF88D83DFD}) (Version: 5.2.7 - Prezi.com)
PriceMinus (HKLM-x32\...\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}) (Version:  - )
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.1.0.10 - Lenovo, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
Select Search (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - )
Stagelight (HKLM\...\StageLight) (Version: 2.0.0.5015 - Open Labs, LLC.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.9.1 - Synaptics Incorporated)
USBFast (HKLM-x32\...\{AED142A8-96EA-42DE-B212-60BFC98D6CC7}) (Version: 1.3.0.30 - Prolific Technology Inc.)
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 25%
Total physical RAM: 8115.27 MB
Available physical RAM: 6073.91 MB
Total Virtual: 9395.27 MB
Available Virtual: 7357.36 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows8_OS) (Fixed) (Total:423.07 GB) (Free:140.94 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.59 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\LENOVO-PC
 
Administrator            broju_000                Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
09-06-2015 03:49:36 McAfee Vulnerability Scanner
13-06-2015 19:20:03 McAfee Vulnerability Scanner
21-06-2015 16:10:25 Scheduled Checkpoint
25-06-2015 01:17:08 Removed QuickTime 7
29-06-2015 15:25:59 Installed Decipher TextMessage
 
**** End of log ****

Malwarebytes Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/2/2015
Scan Time: 10:09 PM
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.02.05
Rootkit Database: v2015.07.01.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: broju_000
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 449266
Time Elapsed: 1 hr, 4 min, 6 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.OpenCandy, C:\Program Files (x86)\FrostWire\frostwire-installer.exe, Quarantined, [817c18c40d7d979f6d212e4b0afc916f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 CompuhelpNC

CompuhelpNC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 02 July 2015 - 10:29 PM

Adware log:

 

# AdwCleaner v4.207 - Logfile created 02/07/2015 at 23:24:24
# Updated 21/06/2015 by Xplode
# Database : 2015-07-02.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : broju_000 - LENOVO-PC
# Running from : C:\Users\broju_000\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\PriceMuInus
Folder Deleted : C:\Users\broju_000\AppData\Local\pokki
Folder Deleted : C:\Users\broju_000\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\broju_000\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\broju_000\Documents\Updater
 
***** [ Scheduled tasks ] *****
 
Task Deleted : amiupdaterExd
Task Deleted : amiupdaterExi
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DesktopSearch]
Key Deleted : HKLM\SOFTWARE\33f3354f-ae36-1504-2dd0-2b0eb82f1882
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\Boost
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Appscion
Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\Boost
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;*.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v38.0.5 (x86 en-US)
 
 
-\\ Google Chrome v43.0.2357.130
 
 
*************************
 
AdwCleaner[R0].txt - [4184 bytes] - [02/07/2015 23:23:08]
AdwCleaner[S0].txt - [3681 bytes] - [02/07/2015 23:24:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3740  bytes] ##########

Thank you again so much for your help!!



#5 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:03:21 AM

Posted 03 July 2015 - 02:14 AM

Hello,

 

Please download Junkware Removal Tool to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

 

-----

 

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

§  Make sure the following options are checked:
 

o    Internet Services

o    Windows Firewall

o    System Restore

o    Security Center/Action Center

o    Windows Update

o    Windows Defender

o    Other Services

§  Press "Scan".

§  It will create a log (FSS.txt) in the same directory the tool is run.

§  Please copy and paste the log to your reply.

 

-------

 

Do you still have problems?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#6 CompuhelpNC

CompuhelpNC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 03 July 2015 - 08:53 AM

Serverac,

 

I think that last round of cleanups did the trick, it seems to have returned to normal functionality. Thank you so incredibly much for your help!



#7 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:03:21 AM

Posted 03 July 2015 - 08:58 AM

I also think that it should be OK, but it is important to run all tools. Run JRT.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#8 CompuhelpNC

CompuhelpNC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 04 July 2015 - 09:15 AM

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.9 (07.04.2015:1)
OS: Windows 8.1 x64
Ran by broju_000 on Sat 07/04/2015 at 10:09:40.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DECB756E-70A9-4535-99DE-4F0E0CB53874}
 
 
 
~~~ Files
 
Failed to delete: [File] C:\windows\syswow64\number of results
Successfully deleted: [File] C:\Users\broju_000\appdata\local\9431840b0693a8e3031327a13d09944b
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files (x86)\select search
Successfully deleted: [Folder] C:\Users\broju_000\appdata\local\crashrpt
Successfully deleted: [Folder] C:\Users\broju_000\appdata\locallow\company
 
 
 
~~~ FireFox
 
 
 
 
~~~ Chrome
 
 
[C:\Users\broju_000\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\broju_000\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\broju_000\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\broju_000\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/04/2015 at 10:14:54.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9 CompuhelpNC

CompuhelpNC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 04 July 2015 - 09:21 AM

Farbar log:

 

Farbar Service Scanner Version: 17-01-2015
Ran by broju_000 (administrator) on 04-07-2015 at 10:20:46
Running from "C:\Users\broju_000\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#10 CompuhelpNC

CompuhelpNC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 04 July 2015 - 09:22 AM

And yes, things seem to be working and functioning normally! Again, thank you so very much for your help!



#11 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:03:21 AM

Posted 04 July 2015 - 10:07 AM

Great.  :thumbup2:

 

You need to do this and we are done:

 

Empty your temp folders using TFC (Temporary File Cleaner)

§  Please download TFC by Old Timer and save it to your desktop.
alternate download link

§  Save any unsaved work. (TFC will close ALL open programs including your browser!)

§  Double-click on TFC.exe to run it. (If you are using Vista or above, right-click on the file and choose "Run As Administrator".)

§  Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

§  Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

 

------

This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download  DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

§  Activate UAC (optional; some users prefer to keep it off)

§  Remove disinfection tools

§  Create registry backup

§  Purge System Restore

Now click "Run" and wait patiently.
Once finished, a logfile will be created. You don't have to attach it to your next reply.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users