Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I accidentally went to a odd website and don't if Windows is safe


  • This topic is locked This topic is locked
8 replies to this topic

#1 SuperSapien64

SuperSapien64

  • Members
  • 974 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 PM

Posted 21 July 2015 - 09:46 PM

A few days ago I accidentally went to a strange website that appears to be pretending to be a parked domain and I'm not sure if it infected my system or not. I ran a Farbar scan so I'll attach the results hope it helps.

Attached Files



BC AdBot (Login to Remove)

 


#2 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:06:24 PM

Posted 23 July 2015 - 10:33 AM

Hi, SuperSapien64! I'm going to try to help you out. :)

Before we get started, here are some things I need you to remember:

  • Please don't make any changes to your computer, or run programs, without asking me first! This will make it practically impossible for me to assist you.
  • Always read my posts completely before doing anything, and follow the instructions in the order I give them to you, unless stated otherwise.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response. Bribing me with candy for faster replies is not advised.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

I see nothing of notable alarm, but I would like you to run a FRST fix to clean up some minor things, and an MBAM scan for a basic checkup.

Farbar Recovery Scan Tool

I need you to run a fix with FRST.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF SearchPlugin: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\yyycpasv.default\searchplugins\ixquick-https.xml [2015-05-13]
    FF SearchPlugin: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\yyycpasv.default\searchplugins\startpage-https.xml [2015-05-13]
    C:\Users\MK\Downloads\ataclock.exe
    C:\Users\MK\Downloads\audacity-win-2.1.0.exe
    C:\ProgramData\DP45977C.lfl
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Junk Mail filter update (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvaudcap64v.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvaudcap32v.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\nvvad64v.sys:$CmdTcID
    AlternateDataStreams: C:\Users\MK\Downloads\Palemoon-Portable-25.5.0.win64.exe:$CmdTcID
    AlternateDataStreams: C:\Users\MK\Downloads\SeaMonkeyPortable_2.33.1_English.paf.exe:$CmdTcID
    Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

Malwarebytes

I need you to run a scan with Malwarebytes Anti-Malware.

  • Double-click the MBAM shortcut on your desktop (or single-click the one in your start menu) to open MBAM.
  • Click Update Now >>, and check for updates. If a new version of MBAM is included in the update, follow the prompts and install it.
  • Once the program is done updating, click Scan at the top of the main interface. Then tick the Custom Scan option, and hit the Scan Now >> button. On this screen, make sure every box is checked, then start the scan. If there is an update available, allow MBAM to update.
  • Once the scan is finished, click Apply Actions to any found malware. If MBAM asks you to reboot, do so immediately.
  • When done, retrieve the log by clicking History on the main interface, then Application logs. View the log of the scan you just ran, then click the Copy to Clipboard button, and paste it into your reply.

Having any issues?

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#3 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 974 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 PM

Posted 23 July 2015 - 12:57 PM

Hi, SuperSapien64! I'm going to try to help you out. :)

Before we get started, here are some things I need you to remember:

  • Please don't make any changes to your computer, or run programs, without asking me first! This will make it practically impossible for me to assist you.
  • Always read my posts completely before doing anything, and follow the instructions in the order I give them to you, unless stated otherwise.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response. Bribing me with candy for faster replies is not advised.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

I see nothing of notable alarm, but I would like you to run a FRST fix to clean up some minor things, and an MBAM scan for a basic checkup.

Farbar Recovery Scan Tool

I need you to run a fix with FRST.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF SearchPlugin: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\yyycpasv.default\searchplugins\ixquick-https.xml [2015-05-13]
    FF SearchPlugin: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\yyycpasv.default\searchplugins\startpage-https.xml [2015-05-13]
    C:\Users\MK\Downloads\ataclock.exe
    C:\Users\MK\Downloads\audacity-win-2.1.0.exe
    C:\ProgramData\DP45977C.lfl
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Junk Mail filter update (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\nvaudcap64v.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\nvaudcap32v.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
    AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\nvvad64v.sys:$CmdTcID
    AlternateDataStreams: C:\Users\MK\Downloads\Palemoon-Portable-25.5.0.win64.exe:$CmdTcID
    AlternateDataStreams: C:\Users\MK\Downloads\SeaMonkeyPortable_2.33.1_English.paf.exe:$CmdTcID
    Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

Malwarebytes

I need you to run a scan with Malwarebytes Anti-Malware.

  • Double-click the MBAM shortcut on your desktop (or single-click the one in your start menu) to open MBAM.
  • Click Update Now >>, and check for updates. If a new version of MBAM is included in the update, follow the prompts and install it.
  • Once the program is done updating, click Scan at the top of the main interface. Then tick the Custom Scan option, and hit the Scan Now >> button. On this screen, make sure every box is checked, then start the scan. If there is an update available, allow MBAM to update.
  • Once the scan is finished, click Apply Actions to any found malware. If MBAM asks you to reboot, do so immediately.
  • When done, retrieve the log by clicking History on the main interface, then Application logs. View the log of the scan you just ran, then click the Copy to Clipboard button, and paste it into your reply.

Having any issues?

Gunto

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by MK at 2015-07-23 11:54:56 Run:1
Running from C:\Users\MK\Desktop
Loaded Profiles: MK (Available Profiles: MK & Rob)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\yyycpasv.default\searchplugins\ixquick-https.xml [2015-05-13]
FF SearchPlugin: C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\yyycpasv.default\searchplugins\startpage-https.xml [2015-05-13]
C:\Users\MK\Downloads\ataclock.exe
C:\Users\MK\Downloads\audacity-win-2.1.0.exe
C:\ProgramData\DP45977C.lfl
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Junk Mail filter update (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvaudcap64v.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvaudcap32v.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvvad64v.sys:$CmdTcID
AlternateDataStreams: C:\Users\MK\Downloads\Palemoon-Portable-25.5.0.win64.exe:$CmdTcID
AlternateDataStreams: C:\Users\MK\Downloads\SeaMonkeyPortable_2.33.1_English.paf.exe:$CmdTcID
*****************

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\yyycpasv.default\searchplugins\ixquick-https.xml => moved successfully.
C:\Users\MK\AppData\Roaming\Mozilla\Firefox\Profiles\yyycpasv.default\searchplugins\startpage-https.xml => moved successfully.
C:\Users\MK\Downloads\ataclock.exe => moved successfully.
C:\Users\MK\Downloads\audacity-win-2.1.0.exe => moved successfully.
C:\ProgramData\DP45977C.lfl => moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController\\SystemComponent => value removed successfully
"C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dxmasf.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\gdi32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msdxm.ocx" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mstscax.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvaudcap64v.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ole32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rdvidcrl.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\spwmp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\tsgqec.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wksprt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wmp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wmploc.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\dxmasf.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\gdi32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\instnm.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\jscript9.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\jscript9diag.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msdxm.ocx" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mstscax.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\nvaudcap32v.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ole32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\rdvidcrl.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\spwmp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\tsgqec.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\user.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wmp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wmploc.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\nvvad64v.sys" => ":$CmdTcID" ADS not found.
"C:\Users\MK\Downloads\Palemoon-Portable-25.5.0.win64.exe" => ":$CmdTcID" ADS not found.
"C:\Users\MK\Downloads\SeaMonkeyPortable_2.33.1_English.paf.exe" => ":$CmdTcID" ADS not found.

==== End of Fixlog 11:54:57 ====

 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/23/2015
Scan Time: 11:58 AM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.23.04
Rootkit Database: v2015.07.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: MK

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 525360
Time Elapsed: 39 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#4 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:06:24 PM

Posted 24 July 2015 - 07:38 AM

Hi,

 

Well, assuming you're not having any problems, you appear to be clean. :)

 

Let's just have you update Firefox.

 

Firefox

Your Mozilla Firefox installation is outdated. Newer versions have security and bug fixes that older versions didn't, so you need to update.

  • Download the latest version of Firefox from here, and save it to your desktop.
  • Double click the installer to start the installation. Feel free to uncheck offers to install third-party toolbars or software, as they aren't required for the Firefox installation. Otherwise, follow the prompts and let the program install.

And with that, congrats! Your computer looks free of malware! :woot:

However, we'll need to clean up the tools we used to make it that way.

  • Download DelFix from here, and save it to your desktop.
  • Double click the file to run it. On the main screen, make sure the following options are checked:
    Remove disinfection tools
    Purge system restore

    Click the Run button after ensuring the above options are selected.
  • Once the program is done running, a log will pop up. Please copy and paste it into your final reply.

Here are some steps to improve how your computer works, and to help you from getting infected again.

Keep all of your software updated. This is especially true for your antivirus. Keeping your software up-to-date is one of the most important steps to keeping malware out of your system. Old versions of many different programs have security vulnerabilities that malware targets to infect your system, whereas many of these would be fixed in updates. In addition to that, outdated definitions for your antivirus (and other security programs) may fail to detect newer malware that has since been added to the database. For new software version updates, I recommend FileHippo App Manager. However, FH doesn't find all updates, so be sure to manually check for updates as well.

Browse safely. Much of the time, malware gets in because the user isn't cautious. Examples of safe browsing include:

  • Don't open emails from people you don't know, especially if it has an attachment. Files (especially those with a .bat, .com, .exe and .scr extension) should never be trusted unless you know for a fact that you can trust the source. You should also be careful with these files even from friends, since their emails might actually be from bots using their addresses.
  • Don't install things that you don't trust. For example, some websites will ask you to install programs in order to use a certain functionality, especially supposed updates to programs such as Flash and Java. If your software is up-to-date, it's probably a fake.
  • In addition to the above, be careful even when installing programs that you recognize. Sometimes, programs will install other software when a user doesn't pay attention, so always make sure to decline offers for programs you don't want or recognize.

Happy surfing! :)

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#5 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 974 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 PM

Posted 24 July 2015 - 11:12 AM

Hi,

 

Well, assuming you're not having any problems, you appear to be clean. :)

 

Let's just have you update Firefox.

 

Firefox

Your Mozilla Firefox installation is outdated. Newer versions have security and bug fixes that older versions didn't, so you need to update.

  • Download the latest version of Firefox from here, and save it to your desktop.
  • Double click the installer to start the installation. Feel free to uncheck offers to install third-party toolbars or software, as they aren't required for the Firefox installation. Otherwise, follow the prompts and let the program install.

And with that, congrats! Your computer looks free of malware! :woot:

However, we'll need to clean up the tools we used to make it that way.

  • Download DelFix from here, and save it to your desktop.
  • Double click the file to run it. On the main screen, make sure the following options are checked:
    Remove disinfection tools
    Purge system restore

    Click the Run button after ensuring the above options are selected.
  • Once the program is done running, a log will pop up. Please copy and paste it into your final reply.

Here are some steps to improve how your computer works, and to help you from getting infected again.

Keep all of your software updated. This is especially true for your antivirus. Keeping your software up-to-date is one of the most important steps to keeping malware out of your system. Old versions of many different programs have security vulnerabilities that malware targets to infect your system, whereas many of these would be fixed in updates. In addition to that, outdated definitions for your antivirus (and other security programs) may fail to detect newer malware that has since been added to the database. For new software version updates, I recommend FileHippo App Manager. However, FH doesn't find all updates, so be sure to manually check for updates as well.

Browse safely. Much of the time, malware gets in because the user isn't cautious. Examples of safe browsing include:

  • Don't open emails from people you don't know, especially if it has an attachment. Files (especially those with a .bat, .com, .exe and .scr extension) should never be trusted unless you know for a fact that you can trust the source. You should also be careful with these files even from friends, since their emails might actually be from bots using their addresses.
  • Don't install things that you don't trust. For example, some websites will ask you to install programs in order to use a certain functionality, especially supposed updates to programs such as Flash and Java. If your software is up-to-date, it's probably a fake.
  • In addition to the above, be careful even when installing programs that you recognize. Sometimes, programs will install other software when a user doesn't pay attention, so always make sure to decline offers for programs you don't want or recognize.

Happy surfing! :)

Gunto

Thanks I already have the latest version of Firefox. And BTW why not link me to this site for the DelFix app?


Edited by SuperSapien64, 24 July 2015 - 11:12 AM.


#6 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:06:24 PM

Posted 24 July 2015 - 12:44 PM

Hi,

 

No problem. :)

 

Well, your Addition.txt says you're using Firefox 39, whereas I'm using 40. If you updated it while I was helping you, I wouldn't have known.

 

Not sure what you mean by that; I provided a direct download link in my post. If you're asking why I do that, it's to make my instructions briefer and to make things easier on the people I'm helping. Anyone who wants to learn more about the program and/or site they're downloading from can ask me, or simply explore the site itself, as I never link to untrustworthy software/websites. :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#7 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 974 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 PM

Posted 24 July 2015 - 04:41 PM

Hi,

 

No problem. :)

 

Well, your Addition.txt says you're using Firefox 39, whereas I'm using 40. If you updated it while I was helping you, I wouldn't have known.

 

Not sure what you mean by that; I provided a direct download link in my post. If you're asking why I do that, it's to make my instructions briefer and to make things easier on the people I'm helping. Anyone who wants to learn more about the program and/or site they're downloading from can ask me, or simply explore the site itself, as I never link to untrustworthy software/websites. :)

 

Gunto

 

Hi,

 

No problem. :)

 

Well, your Addition.txt says you're using Firefox 39, whereas I'm using 40. If you updated it while I was helping you, I wouldn't have known.

 

Not sure what you mean by that; I provided a direct download link in my post. If you're asking why I do that, it's to make my instructions briefer and to make things easier on the people I'm helping. Anyone who wants to learn more about the program and/or site they're downloading from can ask me, or simply explore the site itself, as I never link to untrustworthy software/websites. :)

 

Gunto

Well I'm using Firefox 39 on Windows 7 64bit and when I check for updates for it FF tells I'm up to date and the same with the website I think 40 is a beta still.  And I mean downloading DelFix from Bleeping Computers but maybe thats because its an older version.

 

I'm typically very cautious about what sites I go to especially if I'm not sandboxed even though I have Noscript & Request Policy installed there not bulletproof and I'm glad I dual boot with Linux because I was able to do some financial stuff online while I waited for assistance my Windows security setup is Avast free, MBAM Premium,Comodo Firewall free, Sandboxie, Zemana Antikeylogger free plus I ran CCleaner after going to that strange website and I might have ran it a couple of days before making this thread.

 

BTW do take donations?



#8 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:06:24 PM

Posted 24 July 2015 - 05:21 PM

Hi,

 

Ah, understood. :) And yes, I prefer to use the links where the newest version is most likely to be hosted. Of course, as I said, the link I provided is safe; in fact, it's where AdwCleaner and DelFix's developer officially hosts his software.

 

A very good setup. :thumbup2:

 

I do not take donations currently, and really, I don't exactly feel morally comfortable taking your money, since I feel like I barely did anything to help you. Nevertheless, I sincerely appreciate the offer.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#9 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:06:24 PM

Posted 27 July 2015 - 08:47 AM

Since your problems seem to be solved, I'm locking this topic. However, if you still need help, please send me (or any moderator if I am unavailable) a PM asking for this topic to be unlocked.


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users