Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avira Realtime protection and malwarebytes wont work


  • This topic is locked This topic is locked
13 replies to this topic

#1 McGurten

McGurten

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 21 July 2015 - 05:12 AM

Hello,

I have Windows 8.1 with Avira Free Antivirus and Malware bytes Anti Malware (free)
My problem started a few days ago, when i noticed that my Antivirus. I am not able to turn on the realtime protection, and am not able to update.
I then tried to open Malwarebytes, but it wont open.
I looked online for similar problems, so I tried to run Malwarebytes Chameleon, but when it does work, a BSOD pops up saying critical process died halfway through scanning.
Here are my logs:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by cra1g_000 (administrator) on THEMONSTER on 21-07-2015 17:55:35
Running from C:\Users\cra1g_000\Downloads
Loaded Profiles: cra1g_000 (Available Profiles: cra1g_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(My Digital Life Forums) C:\Users\cra1g_000\AppData\Local\Temp\4CAE.tmp\KMSServerService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Users\cra1g_000\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Spotify Ltd) C:\Users\cra1g_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Microsoft Corporation) C:\Windows\System32\MdRes.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Garena Plus\bbtalk\BBTalk.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-01-24] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-892834855-337164564-54192600-1002\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9984960 2015-07-01] ()
HKU\S-1-5-21-892834855-337164564-54192600-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-892834855-337164564-54192600-1002\...\Run: [Spotify Web Helper] => C:\Users\cra1g_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-08] (Spotify Ltd)
HKU\S-1-5-21-892834855-337164564-54192600-1002\...\Run: [Facebook Update] => C:\Users\cra1g_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-01] (Facebook Inc.)
HKU\S-1-5-21-892834855-337164564-54192600-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-02] (Piriform Ltd)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-07-03] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-07-03] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-09-03]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-892834855-337164564-54192600-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
HKU\S-1-5-21-892834855-337164564-54192600-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKU\S-1-5-21-892834855-337164564-54192600-1002 -> DefaultScope {ACEBC9B8-1711-4CD4-9DD4-B36E2344CF08} URL = 
SearchScopes: HKU\S-1-5-21-892834855-337164564-54192600-1002 -> {ACEBC9B8-1711-4CD4-9DD4-B36E2344CF08} URL = 
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-04] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-04] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A766C09A-4BD1-4FA6-AAA3-63B2DD579285}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CC1B5B3F-E753-4024-AACA-6CC6259DC445}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin HKU\S-1-5-21-892834855-337164564-54192600-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\cra1g_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
 
Chrome: 
=======
CHR Profile: C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-08-07]
CHR Extension: (Simple Pool Game) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjijhekaonkmkedfdabbageicfhhlgo [2014-08-07]
CHR Extension: (Google Docs) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-30]
CHR Extension: (Google Drive) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-30]
CHR Extension: (SPOI Options (Please remove me)) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn [2014-08-07]
CHR Extension: (8-Bit Hits) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjokmbfklgdmfahhfcnbkilomimlnln [2014-08-07]
CHR Extension: (YOUZEEK Free Music) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce [2014-08-07]
CHR Extension: (YouTube) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-30]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-08-07]
CHR Extension: (Scroll To Top Button) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\chiikmhgllekggjhdfjhajkfdkcngplp [2014-08-07]
CHR Extension: (Google Search) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-30]
CHR Extension: (GAIN Fitness) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpompjlmddcnpijabjfcgnpmoibdffoc [2014-08-07]
CHR Extension: (Drop Zone) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlhlgjjdbbhoiiiinkddppmjkpbpbpl [2014-08-07]
CHR Extension: (Coupons at Checkout) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2014-08-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Poppit!) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-07]
CHR Extension: (Spelunky HTML5) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhagnkphcmpkmabhocgimoncfaihkpof [2014-08-07]
CHR Extension: (Google Wallet) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR Extension: (Sinuous) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl [2014-08-07]
CHR Extension: (Gmail) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-30]
CHR Extension: (Cube Slam) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcoeeddamedegogbcmdbadnoifmfipn [2014-08-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-10] (Avira Operations GmbH & Co. KG)
U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-10] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-10] (Avira Operations GmbH & Co. KG)
U4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-10] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-01-24] (Windows ® Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-24] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-25] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-14] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 KMSServerService; C:\Users\cra1g_000\AppData\Local\Temp\4CAE.tmp\KMSServerService.exe [260608 2014-01-27] (My Digital Life Forums) [File not signed]
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-11-02] (Dritek System INC.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)
R2 VSSS; C:\Users\cra1g_000\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [104787264 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-24] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-12] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-01-18] (Disc Soft Ltd)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [93400 2015-07-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-02] (Dritek System Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-21 17:55 - 2015-07-21 17:56 - 00023643 _____ C:\Users\cra1g_000\Downloads\FRST.txt
2015-07-21 17:55 - 2015-07-21 17:55 - 00000000 ____D C:\FRST
2015-07-21 17:54 - 2015-07-21 17:55 - 02135552 _____ (Farbar) C:\Users\cra1g_000\Downloads\FRST64.exe
2015-07-17 16:49 - 2015-07-17 16:49 - 01415680 _____ (wj32) C:\Program Files\KCM6KOM8.exe
2015-07-17 16:49 - 2015-07-17 16:49 - 01415680 _____ (wj32) C:\Program Files\K4LKYEV9.exe
2015-07-16 16:56 - 2015-07-16 17:08 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-16 16:55 - 2015-07-16 16:56 - 11032736 _____ (SurfRight B.V.) C:\Users\cra1g_000\Downloads\HitmanPro_x64.exe
2015-07-14 17:10 - 2015-07-14 17:10 - 01415680 _____ (wj32) C:\Program Files\RRDX1PL5.exe
2015-07-14 17:10 - 2015-07-14 17:10 - 01415680 _____ (wj32) C:\Program Files\KSEYS480.exe
2015-07-14 16:50 - 2015-07-14 16:50 - 01415680 _____ (wj32) C:\Program Files\OE721IA6.exe
2015-07-14 16:49 - 2015-07-14 16:49 - 00296968 _____ C:\WINDOWS\Minidump\071415-19296-01.dmp
2015-07-14 16:43 - 2015-07-14 16:43 - 00000838 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-14 16:43 - 2015-07-14 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-14 16:42 - 2015-07-14 16:42 - 06565736 _____ (Piriform Ltd) C:\Users\cra1g_000\Downloads\ccsetup507.exe
2015-07-14 16:38 - 2015-07-14 16:38 - 01415680 _____ (wj32) C:\Program Files\VYCT67OK.exe
2015-07-14 16:38 - 2015-07-14 16:38 - 00296296 _____ C:\WINDOWS\Minidump\071415-20093-01.dmp
2015-07-14 16:27 - 2015-07-14 16:27 - 01415680 _____ (wj32) C:\Program Files\EGUEGU5C.exe
2015-07-14 15:45 - 2015-07-14 15:45 - 00001136 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-14 14:52 - 2015-07-14 14:53 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\cra1g_000\Downloads\avira_en_av_55a4744765bd5__ws.exe
2015-07-14 14:37 - 2015-07-14 14:37 - 01415680 _____ (wj32) C:\Program Files\CM8U4G0S.exe
2015-07-14 14:25 - 2015-07-14 14:25 - 01415680 _____ (wj32) C:\Program Files\OUE22M6O.exe
2015-07-14 13:54 - 2015-07-14 13:54 - 00294568 _____ C:\WINDOWS\Minidump\071415-20046-01.dmp
2015-07-14 13:48 - 2015-07-14 13:48 - 01415680 _____ (wj32) C:\Program Files\4YIKAYK2.exe
2015-07-14 13:46 - 2015-07-14 13:46 - 01415680 _____ (wj32) C:\Program Files\BDR8AO26.exe
2015-07-14 13:39 - 2015-07-14 13:39 - 00301264 _____ C:\WINDOWS\Minidump\071415-22640-01.dmp
2015-07-14 10:29 - 2015-07-14 10:29 - 00000000 ___HD C:\$SysReset
2015-07-14 10:08 - 2015-07-14 10:08 - 01415680 _____ (wj32) C:\Program Files\FXJJDXRB.exe
2015-07-14 10:08 - 2015-07-14 10:08 - 01415680 _____ (wj32) C:\Program Files\6NP3HUT7.exe
2015-07-13 23:52 - 2015-07-13 23:53 - 00294088 _____ C:\WINDOWS\Minidump\071315-20640-01.dmp
2015-07-13 22:50 - 2015-07-14 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-13 20:44 - 2015-07-13 20:44 - 01415680 _____ (wj32) C:\Program Files\F3BXJBN9.exe
2015-07-10 11:34 - 2015-07-21 17:41 - 00003476 _____ C:\WINDOWS\System32\Tasks\gg_uac_daemon_cra1g_000
2015-07-07 21:42 - 2015-07-07 21:42 - 00091706 _____ C:\Users\cra1g_000\Downloads\personal-experiences-1788-no-peeing-or-beer-6-realities-life-without-kidneys_p2.html
2015-07-05 19:30 - 2015-07-11 17:19 - 00000000 ____D C:\Users\cra1g_000\Downloads\Need.for.Speed.Rivals.EN-RU.Repack.by.z10yded
2015-06-25 21:37 - 2015-06-25 21:37 - 00367136 _____ C:\Users\cra1g_000\Downloads\subscriptions.htm
2015-06-22 22:36 - 2015-06-22 22:36 - 00031694 _____ C:\Users\cra1g_000\Downloads\download (8).htm
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-21 17:55 - 2013-12-30 12:12 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-21 17:51 - 2014-01-03 21:18 - 01250057 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-21 17:51 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-21 17:45 - 2013-12-30 23:46 - 00000000 ____D C:\Users\cra1g_000\AppData\Roaming\GarenaPlus
2015-07-21 17:45 - 2013-12-30 23:44 - 00000000 ____D C:\ProgramData\GarenaMessenger
2015-07-21 17:41 - 2014-01-03 21:50 - 00000000 ___DO C:\Users\cra1g_000\SkyDrive
2015-07-21 17:40 - 2013-12-30 12:12 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-21 17:39 - 2013-08-22 22:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-17 19:44 - 2013-08-22 21:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-17 19:00 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-17 17:36 - 2014-10-01 23:31 - 00000966 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-892834855-337164564-54192600-1002UA.job
2015-07-17 16:53 - 2013-12-30 23:53 - 00000000 ____D C:\Users\cra1g_000\AppData\Roaming\vlc
2015-07-17 16:51 - 2014-06-12 23:04 - 02591744 ___SH C:\Users\cra1g_000\Downloads\Thumbs.db
2015-07-16 17:41 - 2013-12-30 12:13 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-892834855-337164564-54192600-1002
2015-07-16 16:56 - 2013-12-30 12:23 - 00002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-16 16:50 - 2013-12-30 12:12 - 00003900 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 16:50 - 2013-12-30 12:12 - 00003664 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-14 16:51 - 2014-01-03 21:23 - 00000000 ____D C:\Users\cra1g_000
2015-07-14 16:49 - 2014-05-14 16:07 - 779763610 _____ C:\WINDOWS\MEMORY.DMP
2015-07-14 16:49 - 2014-02-19 02:31 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-14 16:47 - 2014-10-27 18:35 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-14 16:46 - 2014-02-04 23:23 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-14 16:46 - 2013-12-30 12:48 - 00000000 ____D C:\Users\cra1g_000\AppData\Roaming\uTorrent
2015-07-14 16:43 - 2014-03-30 13:48 - 00000000 ____D C:\Program Files\CCleaner
2015-07-14 16:27 - 2014-05-14 12:41 - 00346934 _____ C:\WINDOWS\PFRO.log
2015-07-14 16:27 - 2014-03-01 20:57 - 00000000 ____D C:\ProgramData\Avira
2015-07-14 15:45 - 2014-03-01 20:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-14 15:45 - 2014-03-01 20:57 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-14 13:39 - 2014-10-27 18:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-14 13:29 - 2014-05-15 01:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-14 13:09 - 2013-12-30 23:06 - 00000000 ____D C:\Users\cra1g_000\Documents\APPLICATIONS
2015-07-14 10:32 - 2012-07-26 15:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-13 23:53 - 2013-08-22 21:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-13 23:36 - 2014-10-01 23:31 - 00000944 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-892834855-337164564-54192600-1002Core.job
2015-07-10 16:21 - 2014-05-15 17:10 - 00000000 ____D C:\Users\cra1g_000\AppData\Roaming\Spotify
2015-07-10 15:33 - 2014-05-15 17:17 - 00000000 ____D C:\Users\cra1g_000\AppData\Local\Spotify
2015-07-09 15:07 - 2013-12-30 23:44 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2015-07-05 19:27 - 2013-12-31 01:32 - 00000000 ____D C:\Users\cra1g_000\AppData\Local\CrashDumps
2015-07-02 10:51 - 2014-03-30 14:50 - 00094534 _____ C:\WINDOWS\setupact.log
2015-06-30 12:46 - 2015-05-05 23:54 - 00000000 ____D C:\Users\cra1g_000\Downloads\Lets Try Anal - Daisy Haze (AKA Daisy Summers) in Going Down South for Anal - [720p]
2015-06-26 10:14 - 2014-01-19 18:28 - 00000000 ____D C:\Users\cra1g_000\AppData\Local\Deployment
 
==================== Files in the root of some directories =======
 
2015-07-14 13:48 - 2015-07-14 13:48 - 1415680 _____ (wj32) C:\Program Files\4YIKAYK2.exe
2015-07-14 10:08 - 2015-07-14 10:08 - 1415680 _____ (wj32) C:\Program Files\6NP3HUT7.exe
2015-07-14 13:46 - 2015-07-14 13:46 - 1415680 _____ (wj32) C:\Program Files\BDR8AO26.exe
2015-07-14 14:37 - 2015-07-14 14:37 - 1415680 _____ (wj32) C:\Program Files\CM8U4G0S.exe
2015-07-14 16:27 - 2015-07-14 16:27 - 1415680 _____ (wj32) C:\Program Files\EGUEGU5C.exe
2015-07-13 20:44 - 2015-07-13 20:44 - 1415680 _____ (wj32) C:\Program Files\F3BXJBN9.exe
2015-07-14 10:08 - 2015-07-14 10:08 - 1415680 _____ (wj32) C:\Program Files\FXJJDXRB.exe
2015-07-17 16:49 - 2015-07-17 16:49 - 1415680 _____ (wj32) C:\Program Files\K4LKYEV9.exe
2015-07-17 16:49 - 2015-07-17 16:49 - 1415680 _____ (wj32) C:\Program Files\KCM6KOM8.exe
2015-07-14 17:10 - 2015-07-14 17:10 - 1415680 _____ (wj32) C:\Program Files\KSEYS480.exe
2015-07-14 16:50 - 2015-07-14 16:50 - 1415680 _____ (wj32) C:\Program Files\OE721IA6.exe
2015-07-14 14:25 - 2015-07-14 14:25 - 1415680 _____ (wj32) C:\Program Files\OUE22M6O.exe
2015-07-14 17:10 - 2015-07-14 17:10 - 1415680 _____ (wj32) C:\Program Files\RRDX1PL5.exe
2015-07-14 16:38 - 2015-07-14 16:38 - 1415680 _____ (wj32) C:\Program Files\VYCT67OK.exe
2014-02-04 22:57 - 2014-02-04 22:57 - 0045270 _____ () C:\Users\cra1g_000\AppData\Roaming\room_v3.dat
2014-12-23 22:19 - 2014-12-23 22:23 - 0001456 _____ () C:\Users\cra1g_000\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-01-23 22:19 - 2014-08-26 14:27 - 0007621 _____ () C:\Users\cra1g_000\AppData\Local\Resmon.ResmonCfg
2012-11-02 13:15 - 2012-11-02 13:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-08-22 11:56 - 2013-08-22 11:56 - 80257024 ___SH () C:\ProgramData\msjhrud.exe
 
Files to move or delete:
====================
C:\ProgramData\msjhrud.exe
 
 
Some files in TEMP:
====================
C:\Users\cra1g_000\AppData\Local\Temp\avgnt.exe
C:\Users\cra1g_000\AppData\Local\Temp\cdo1322939677.dll
C:\Users\cra1g_000\AppData\Local\Temp\cdo1647247008.dll
C:\Users\cra1g_000\AppData\Local\Temp\cdo2968053891.dll
C:\Users\cra1g_000\AppData\Local\Temp\cdo4182159660.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-14 13:25
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:02 AM

Posted 22 July 2015 - 08:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled

Turn System Restore on - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

(Microsoft Corporation) C:\Users\cra1g_000\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
HKLM-x32\...\Run: [LManager] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
CHR Extension: (Poppit!) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-07]
R2 VSSS; C:\Users\cra1g_000\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [104787264 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
C:\Users\cra1g_000\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

#3 McGurten

McGurten
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 23 July 2015 - 12:49 AM

Hello, ive turned on my system restore, used farbar tool, and ran the zeok tool. after using the farbar tool, my avira was working again, and after the zeok tool, my computer seems to be working slower. thank you. here are the logs:
 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by cra1g_000 at 2015-07-23 13:09:55 Run:1
Running from C:\Users\cra1g_000\Downloads
Loaded Profiles: cra1g_000 (Available Profiles: cra1g_000)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CloseProcesses:
 
(Microsoft Corporation) C:\Users\cra1g_000\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
HKLM-x32\...\Run: [LManager] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
CHR Extension: (Poppit!) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-07]
R2 VSSS; C:\Users\cra1g_000\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [104787264 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
C:\Users\cra1g_000\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
End
*****************
 
Processes closed successfully.
C:\Users\cra1g_000\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => value removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi => moved successfully.
VSSS => Service removed successfully
GGSAFERDriver => Service removed successfully
KProcessHacker2 => Unable to stop service.
KProcessHacker2 => Service removed successfully
C:\Users\cra1g_000\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe => moved successfully.
"C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi" => File/Folder not found.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 13:10:01 ====

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:02 AM

Posted 23 July 2015 - 07:43 AM

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

How is the computer running now?

#5 McGurten

McGurten
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 23 July 2015 - 08:31 AM

Hello, Ive noticed that when i start my laptop, a popup saying explorer.EXE with nothing inside but an okay button appears.
but my laptop is running a bit faster 
here's my log:
 

# AdwCleaner v4.208 - Logfile created 23/07/2015 at 21:25:55
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : cra1g_000 - THEMONSTER
# Running from : C:\Users\cra1g_000\Downloads\adwcleaner_4.208.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\f2948415daacee3c
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v43.0.2357.134
 
[C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2801948
[C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://blekko.com/ws/+{searchTerms}
[C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://ask.com/web?q={searchTerms}&search=&qsrc=2980&o=0&l=dir
[C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1787 bytes] - [23/07/2015 21:23:01]
AdwCleaner[R1].txt - [1846 bytes] - [23/07/2015 21:25:22]
AdwCleaner[S0].txt - [1787 bytes] - [23/07/2015 21:25:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1846  bytes] ##########


Thank You


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:02 AM

Posted 23 July 2015 - 09:51 AM

Please run the Farbar tool and post a fresh FRST log for my review.

#7 McGurten

McGurten
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 24 July 2015 - 07:43 AM

hello again. this is the new FRST log
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by cra1g_000 (administrator) on THEMONSTER on 24-07-2015 20:41:16
Running from C:\Users\cra1g_000\Downloads
Loaded Profiles: cra1g_000 (Available Profiles: cra1g_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Users\cra1g_000\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Spotify Ltd) C:\Users\cra1g_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Microsoft Corporation) C:\Windows\System32\MdRes.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-07-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-01-24] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-892834855-337164564-54192600-1002\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9984960 2015-07-01] ()
HKU\S-1-5-21-892834855-337164564-54192600-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-892834855-337164564-54192600-1002\...\Run: [Spotify Web Helper] => C:\Users\cra1g_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-08] (Spotify Ltd)
HKU\S-1-5-21-892834855-337164564-54192600-1002\...\Run: [Facebook Update] => C:\Users\cra1g_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-01] (Facebook Inc.)
HKU\S-1-5-21-892834855-337164564-54192600-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-02] (Piriform Ltd)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-07-03] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-07-03] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-09-03]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-892834855-337164564-54192600-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
HKU\S-1-5-21-892834855-337164564-54192600-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-892834855-337164564-54192600-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-04] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-04] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A766C09A-4BD1-4FA6-AAA3-63B2DD579285}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CC1B5B3F-E753-4024-AACA-6CC6259DC445}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin HKU\S-1-5-21-892834855-337164564-54192600-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\cra1g_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
 
Chrome: 
=======
CHR Profile: C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-08-07]
CHR Extension: (Simple Pool Game) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjijhekaonkmkedfdabbageicfhhlgo [2014-08-07]
CHR Extension: (Google Docs) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-30]
CHR Extension: (Google Drive) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-30]
CHR Extension: (SPOI Options (Please remove me)) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn [2014-08-07]
CHR Extension: (8-Bit Hits) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjokmbfklgdmfahhfcnbkilomimlnln [2014-08-07]
CHR Extension: (YOUZEEK Free Music) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce [2014-08-07]
CHR Extension: (YouTube) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-30]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-08-07]
CHR Extension: (Scroll To Top Button) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\chiikmhgllekggjhdfjhajkfdkcngplp [2014-08-07]
CHR Extension: (Google Search) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-30]
CHR Extension: (GAIN Fitness) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpompjlmddcnpijabjfcgnpmoibdffoc [2014-08-07]
CHR Extension: (Drop Zone) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdlhlgjjdbbhoiiiinkddppmjkpbpbpl [2014-08-07]
CHR Extension: (No Name) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2015-07-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Spelunky HTML5) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhagnkphcmpkmabhocgimoncfaihkpof [2014-08-07]
CHR Extension: (Google Wallet) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR Extension: (Sinuous) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl [2014-08-07]
CHR Extension: (Gmail) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-30]
CHR Extension: (Cube Slam) - C:\Users\cra1g_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcoeeddamedegogbcmdbadnoifmfipn [2014-08-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-07-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-07-23] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-07-23] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-01-24] (Windows ® Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-24] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-25] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-14] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-11-02] (Dritek System INC.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-24] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-07-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-12] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-01-18] (Disc Soft Ltd)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [93400 2015-07-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-02] (Dritek System Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-23 21:22 - 2015-07-23 21:25 - 00000000 ____D C:\AdwCleaner
2015-07-23 21:14 - 2015-07-23 21:14 - 02248704 _____ C:\Users\cra1g_000\Downloads\adwcleaner_4.208.exe
2015-07-23 13:29 - 2015-07-23 13:29 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-07-23 13:28 - 2015-07-23 13:15 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-07-23 13:26 - 2015-07-23 13:30 - 00000000 ____D C:\zoek
2015-07-23 13:18 - 2015-07-23 13:30 - 00017920 _____ C:\zoek-results.log
2015-07-23 13:15 - 2015-07-23 13:27 - 00000000 ____D C:\zoek_backup
2015-07-23 13:13 - 2015-07-23 13:13 - 01308672 _____ C:\Users\cra1g_000\Desktop\zoek.exe
2015-07-21 17:56 - 2015-07-21 17:56 - 00049554 _____ C:\Users\cra1g_000\Downloads\Addition.txt
2015-07-21 17:55 - 2015-07-24 20:41 - 00022400 _____ C:\Users\cra1g_000\Downloads\FRST.txt
2015-07-21 17:55 - 2015-07-24 20:41 - 00000000 ____D C:\FRST
2015-07-21 17:54 - 2015-07-21 17:55 - 02135552 _____ (Farbar) C:\Users\cra1g_000\Downloads\FRST64.exe
2015-07-17 16:49 - 2015-07-17 16:49 - 01415680 _____ (wj32) C:\Program Files\KCM6KOM8.exe
2015-07-17 16:49 - 2015-07-17 16:49 - 01415680 _____ (wj32) C:\Program Files\K4LKYEV9.exe
2015-07-16 16:56 - 2015-07-16 17:08 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-16 16:55 - 2015-07-16 16:56 - 11032736 _____ (SurfRight B.V.) C:\Users\cra1g_000\Downloads\HitmanPro_x64.exe
2015-07-14 17:10 - 2015-07-14 17:10 - 01415680 _____ (wj32) C:\Program Files\RRDX1PL5.exe
2015-07-14 17:10 - 2015-07-14 17:10 - 01415680 _____ (wj32) C:\Program Files\KSEYS480.exe
2015-07-14 16:50 - 2015-07-14 16:50 - 01415680 _____ (wj32) C:\Program Files\OE721IA6.exe
2015-07-14 16:49 - 2015-07-14 16:49 - 00296968 _____ C:\WINDOWS\Minidump\071415-19296-01.dmp
2015-07-14 16:43 - 2015-07-14 16:43 - 00000838 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-14 16:43 - 2015-07-14 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-14 16:42 - 2015-07-14 16:42 - 06565736 _____ (Piriform Ltd) C:\Users\cra1g_000\Downloads\ccsetup507.exe
2015-07-14 16:38 - 2015-07-14 16:38 - 01415680 _____ (wj32) C:\Program Files\VYCT67OK.exe
2015-07-14 16:38 - 2015-07-14 16:38 - 00296296 _____ C:\WINDOWS\Minidump\071415-20093-01.dmp
2015-07-14 16:27 - 2015-07-14 16:27 - 01415680 _____ (wj32) C:\Program Files\EGUEGU5C.exe
2015-07-14 15:45 - 2015-07-14 15:45 - 00001136 _____ C:\Users\Public\Desktop\Avira.lnk
2015-07-14 14:52 - 2015-07-14 14:53 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\cra1g_000\Downloads\avira_en_av_55a4744765bd5__ws.exe
2015-07-14 14:37 - 2015-07-14 14:37 - 01415680 _____ (wj32) C:\Program Files\CM8U4G0S.exe
2015-07-14 14:25 - 2015-07-14 14:25 - 01415680 _____ (wj32) C:\Program Files\OUE22M6O.exe
2015-07-14 13:54 - 2015-07-14 13:54 - 00294568 _____ C:\WINDOWS\Minidump\071415-20046-01.dmp
2015-07-14 13:48 - 2015-07-14 13:48 - 01415680 _____ (wj32) C:\Program Files\4YIKAYK2.exe
2015-07-14 13:46 - 2015-07-14 13:46 - 01415680 _____ (wj32) C:\Program Files\BDR8AO26.exe
2015-07-14 13:39 - 2015-07-14 13:39 - 00301264 _____ C:\WINDOWS\Minidump\071415-22640-01.dmp
2015-07-14 10:29 - 2015-07-14 10:29 - 00000000 ___HD C:\$SysReset
2015-07-14 10:08 - 2015-07-14 10:08 - 01415680 _____ (wj32) C:\Program Files\FXJJDXRB.exe
2015-07-14 10:08 - 2015-07-14 10:08 - 01415680 _____ (wj32) C:\Program Files\6NP3HUT7.exe
2015-07-13 23:52 - 2015-07-13 23:53 - 00294088 _____ C:\WINDOWS\Minidump\071315-20640-01.dmp
2015-07-13 22:50 - 2015-07-23 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-13 20:44 - 2015-07-13 20:44 - 01415680 _____ (wj32) C:\Program Files\F3BXJBN9.exe
2015-07-10 11:34 - 2015-07-24 20:40 - 00003476 _____ C:\WINDOWS\System32\Tasks\gg_uac_daemon_cra1g_000
2015-07-07 21:42 - 2015-07-07 21:42 - 00091706 _____ C:\Users\cra1g_000\Downloads\personal-experiences-1788-no-peeing-or-beer-6-realities-life-without-kidneys_p2.html
2015-07-05 19:30 - 2015-07-11 17:19 - 00000000 ____D C:\Users\cra1g_000\Downloads\Need.for.Speed.Rivals.EN-RU.Repack.by.z10yded
2015-06-25 21:37 - 2015-06-25 21:37 - 00367136 _____ C:\Users\cra1g_000\Downloads\subscriptions.htm
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-24 20:40 - 2014-01-03 21:50 - 00000000 __RDO C:\Users\cra1g_000\SkyDrive
2015-07-24 20:38 - 2013-12-30 12:12 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-24 20:38 - 2013-08-22 22:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-24 00:40 - 2013-08-22 21:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-24 00:16 - 2013-12-31 01:32 - 00000000 ____D C:\Users\cra1g_000\AppData\Local\CrashDumps
2015-07-24 00:00 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-23 23:55 - 2013-12-30 12:12 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-23 23:36 - 2014-10-01 23:31 - 00000966 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-892834855-337164564-54192600-1002UA.job
2015-07-23 23:36 - 2014-10-01 23:31 - 00000944 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-892834855-337164564-54192600-1002Core.job
2015-07-23 23:28 - 2013-12-30 12:13 - 00003590 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-892834855-337164564-54192600-1002
2015-07-23 23:22 - 2014-03-01 22:47 - 00148632 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-07-23 23:22 - 2014-03-01 22:47 - 00137288 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-07-23 22:44 - 2013-12-30 23:46 - 00000000 ____D C:\Users\cra1g_000\AppData\Roaming\GarenaPlus
2015-07-23 22:44 - 2013-12-30 23:44 - 00000000 ____D C:\ProgramData\GarenaMessenger
2015-07-23 13:52 - 2013-12-30 23:44 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2015-07-23 13:32 - 2014-01-19 18:28 - 00000000 ____D C:\Users\cra1g_000\AppData\Local\Deployment
2015-07-23 13:29 - 2014-05-14 12:41 - 00347274 _____ C:\WINDOWS\PFRO.log
2015-07-23 13:10 - 2014-01-03 21:18 - 01284529 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-23 12:58 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-17 16:53 - 2013-12-30 23:53 - 00000000 ____D C:\Users\cra1g_000\AppData\Roaming\vlc
2015-07-17 16:51 - 2014-06-12 23:04 - 02591744 ___SH C:\Users\cra1g_000\Downloads\Thumbs.db
2015-07-16 16:56 - 2013-12-30 12:23 - 00002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-16 16:50 - 2013-12-30 12:12 - 00003900 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 16:50 - 2013-12-30 12:12 - 00003664 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-14 16:51 - 2014-01-03 21:23 - 00000000 ____D C:\Users\cra1g_000
2015-07-14 16:49 - 2014-05-14 16:07 - 779763610 _____ C:\WINDOWS\MEMORY.DMP
2015-07-14 16:49 - 2014-02-19 02:31 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-14 16:47 - 2014-10-27 18:35 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-14 16:46 - 2014-02-04 23:23 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-14 16:46 - 2013-12-30 12:48 - 00000000 ____D C:\Users\cra1g_000\AppData\Roaming\uTorrent
2015-07-14 16:43 - 2014-03-30 13:48 - 00000000 ____D C:\Program Files\CCleaner
2015-07-14 16:27 - 2014-03-01 20:57 - 00000000 ____D C:\ProgramData\Avira
2015-07-14 15:45 - 2014-03-01 20:57 - 00000000 ____D C:\Program Files (x86)\Avira
2015-07-14 13:39 - 2014-10-27 18:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-14 13:29 - 2014-05-15 01:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-14 13:09 - 2013-12-30 23:06 - 00000000 ____D C:\Users\cra1g_000\Documents\APPLICATIONS
2015-07-14 10:32 - 2012-07-26 15:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-13 23:53 - 2013-08-22 21:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-10 16:21 - 2014-05-15 17:10 - 00000000 ____D C:\Users\cra1g_000\AppData\Roaming\Spotify
2015-07-10 15:33 - 2014-05-15 17:17 - 00000000 ____D C:\Users\cra1g_000\AppData\Local\Spotify
2015-07-02 10:51 - 2014-03-30 14:50 - 00094534 _____ C:\WINDOWS\setupact.log
2015-06-30 12:46 - 2015-05-05 23:54 - 00000000 ____D C:\Users\cra1g_000\Downloads\Lets Try Anal - Daisy Haze (AKA Daisy Summers) in Going Down South for Anal - [720p]
 
==================== Files in the root of some directories =======
 
2015-07-14 13:48 - 2015-07-14 13:48 - 1415680 _____ (wj32) C:\Program Files\4YIKAYK2.exe
2015-07-14 10:08 - 2015-07-14 10:08 - 1415680 _____ (wj32) C:\Program Files\6NP3HUT7.exe
2015-07-14 13:46 - 2015-07-14 13:46 - 1415680 _____ (wj32) C:\Program Files\BDR8AO26.exe
2015-07-14 14:37 - 2015-07-14 14:37 - 1415680 _____ (wj32) C:\Program Files\CM8U4G0S.exe
2015-07-14 16:27 - 2015-07-14 16:27 - 1415680 _____ (wj32) C:\Program Files\EGUEGU5C.exe
2015-07-13 20:44 - 2015-07-13 20:44 - 1415680 _____ (wj32) C:\Program Files\F3BXJBN9.exe
2015-07-14 10:08 - 2015-07-14 10:08 - 1415680 _____ (wj32) C:\Program Files\FXJJDXRB.exe
2015-07-17 16:49 - 2015-07-17 16:49 - 1415680 _____ (wj32) C:\Program Files\K4LKYEV9.exe
2015-07-17 16:49 - 2015-07-17 16:49 - 1415680 _____ (wj32) C:\Program Files\KCM6KOM8.exe
2015-07-14 17:10 - 2015-07-14 17:10 - 1415680 _____ (wj32) C:\Program Files\KSEYS480.exe
2015-07-14 16:50 - 2015-07-14 16:50 - 1415680 _____ (wj32) C:\Program Files\OE721IA6.exe
2015-07-14 14:25 - 2015-07-14 14:25 - 1415680 _____ (wj32) C:\Program Files\OUE22M6O.exe
2015-07-14 17:10 - 2015-07-14 17:10 - 1415680 _____ (wj32) C:\Program Files\RRDX1PL5.exe
2015-07-14 16:38 - 2015-07-14 16:38 - 1415680 _____ (wj32) C:\Program Files\VYCT67OK.exe
2014-02-04 22:57 - 2014-02-04 22:57 - 0045270 _____ () C:\Users\cra1g_000\AppData\Roaming\room_v3.dat
2014-12-23 22:19 - 2014-12-23 22:23 - 0001456 _____ () C:\Users\cra1g_000\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-01-23 22:19 - 2014-08-26 14:27 - 0007621 _____ () C:\Users\cra1g_000\AppData\Local\Resmon.ResmonCfg
2012-11-02 13:15 - 2012-11-02 13:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\cra1g_000\AppData\Local\Temp\avgnt.exe
C:\Users\cra1g_000\AppData\Local\Temp\Quarantine.exe
C:\Users\cra1g_000\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-23 14:31
 
==================== End of log ============================


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:02 AM

Posted 24 July 2015 - 09:10 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

C:\Program Files\4YIKAYK2.exe
C:\Program Files\6NP3HUT7.exe
C:\Program Files\BDR8AO26.exe
C:\Program Files\CM8U4G0S.exe
C:\Program Files\EGUEGU5C.exe
C:\Program Files\F3BXJBN9.exe
C:\Program Files\FXJJDXRB.exe
C:\Program Files\K4LKYEV9.exe
C:\Program Files\KCM6KOM8.exe
C:\Program Files\KSEYS480.exe
C:\Program Files\OE721IA6.exe
C:\Program Files\OUE22M6O.exe
C:\Program Files\RRDX1PL5.exe
C:\Program Files\VYCT67OK.exe

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#9 McGurten

McGurten
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 28 July 2015 - 07:52 AM

Hi. Sorry im only able to reply now, was gone for a couple of days. 
I followed the instructions, and i noticed that the startup was slow and the popup saying explorer.EXE with nothing inside but an okay button still appears.

here's my log

Fix result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by cra1g_000 at 2015-07-28 20:39:42 Run:2
Running from C:\Users\cra1g_000\Downloads
Loaded Profiles: cra1g_000 (Available Profiles: cra1g_000)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
C:\Program Files\4YIKAYK2.exe
C:\Program Files\6NP3HUT7.exe
C:\Program Files\BDR8AO26.exe
C:\Program Files\CM8U4G0S.exe
C:\Program Files\EGUEGU5C.exe
C:\Program Files\F3BXJBN9.exe
C:\Program Files\FXJJDXRB.exe
C:\Program Files\K4LKYEV9.exe
C:\Program Files\KCM6KOM8.exe
C:\Program Files\KSEYS480.exe
C:\Program Files\OE721IA6.exe
C:\Program Files\OUE22M6O.exe
C:\Program Files\RRDX1PL5.exe
C:\Program Files\VYCT67OK.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files\4YIKAYK2.exe => moved successfully.
C:\Program Files\6NP3HUT7.exe => moved successfully.
C:\Program Files\BDR8AO26.exe => moved successfully.
C:\Program Files\CM8U4G0S.exe => moved successfully.
C:\Program Files\EGUEGU5C.exe => moved successfully.
C:\Program Files\F3BXJBN9.exe => moved successfully.
C:\Program Files\FXJJDXRB.exe => moved successfully.
C:\Program Files\K4LKYEV9.exe => moved successfully.
C:\Program Files\KCM6KOM8.exe => moved successfully.
C:\Program Files\KSEYS480.exe => moved successfully.
C:\Program Files\OE721IA6.exe => moved successfully.
C:\Program Files\OUE22M6O.exe => moved successfully.
C:\Program Files\RRDX1PL5.exe => moved successfully.
C:\Program Files\VYCT67OK.exe => moved successfully.
EmptyTemp: => 1.1 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 20:41:25 ====


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:02 AM

Posted 28 July 2015 - 09:04 AM


I hope this is the solution. Check the Load key in the Windows registry list.

https://social.technet.microsoft.com/Forums/windows/en-US/629f3b82-f9e6-4ab2-905e-f58df5ae61a9/explorerexe-error-on-windows-8-with-blank-message-and-a-yellow-warning-with-ok-button?forum=w8itprogeneral

Keep me posted.

#11 McGurten

McGurten
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 31 July 2015 - 05:44 AM

hi there. i did as it said, but i am unable to delete it, saying that UNABLE TO DELETE ALL SPECIFIED VALUES, should I use the tool they're saying in the comments? thanks



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:02 AM

Posted 31 July 2015 - 07:24 AM

Please run the Farbar Recovery Scan Tool. Enter Load in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:02 AM

Posted 06 August 2015 - 08:30 AM

Are you still with me?

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:02 AM

Posted 12 August 2015 - 09:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users