Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

utrack.pw internet redirection virus


  • This topic is locked This topic is locked
16 replies to this topic

#1 akitokunx

akitokunx

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 13 August 2015 - 08:30 PM

Hello,
 
I have the same problem as the user here,
http://www.bleepingcomputer.com/forums/t/585954/utrackpw-chrome-redirect/
for malware/spyware redirection.
 
However, for me, it isn't just chrome. It occurs on anything I do browser-related; even my Steam Browser (from the game program Steam) occasionally gets redirected!
 
Occasionally, when I browse the web, I will be taken to http...//...utrack.pw...// which will then immediately redirect me to spam websites and advertisements. It happens on any browser I own! Even the ones I have installed recently after infection.
 
The user who has the same problem as I do has not yet been able to solve the problem. He has had custom scripts made for him as well, but to no avail.
 
I'm wondering how I could remove it? Before seeing this forum, I tried to remove it on my own with Kaspersky Virus Removal Tool, Windows Defender, Hitman Pro, Junkware Removal Tool, Microsoft Security Essentials, and Malwarebytes Anti-malware. I have also tried cleaning my registry and clearing my temporary files with CCleaner, and checked the extensions installed within Chrome. There were no detections or signs of suspicious viruses.
 
I have also used something I found on this website called AdwCleaner and it removed a "proxy" in my registry. I unfortunately no longer have the log file for it though (at least, I don't know where it is), but in the end, the virus wasn't removed.
 
Thanks to anyone who can help me out! I've attached the Farbar Recovery Scan Tool logs as per the instructions.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-08-2015
Ran by Tai (administrator) on TAI-PC (13-08-2015 18:27:05)
Running from D:\Personal Files\Downloads
Loaded Profiles: Tai (Available Profiles: Tai)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files (x86)\puush\puush.exe
(Flux Software LLC) C:\Users\Tai\AppData\Local\FluxSoftware\Flux\flux.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(RAIDCALL.COM) C:\Program Files (x86)\RaidCall\raidcall.exe
(Valve Corporation) D:\Steam\Steam.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-02-05] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-01] (Logitech Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-08-03] (LogMeIn Inc.)
HKU\S-1-5-21-1255276462-290586800-1570087596-1000\...\Run: [Steam] => D:\Steam\steam.exe [2899136 2015-08-12] (Valve Corporation)
HKU\S-1-5-21-1255276462-290586800-1570087596-1000\...\Run: [TrueCrypt] => C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe [1516496 2015-03-13] (TrueCrypt Foundation)
HKU\S-1-5-21-1255276462-290586800-1570087596-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-04-13] ()
HKU\S-1-5-21-1255276462-290586800-1570087596-1000\...\Run: [f.lux] => C:\Users\Tai\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
GroupPolicyScripts: Group Policy detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1255276462-290586800-1570087596-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.nexon.com
HKU\S-1-5-21-1255276462-290586800-1570087596-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-08-07] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-08-07] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
DPF: HKLM-x32 {063F7D71-5E0B-48F2-87D5-F63C5917947E} hxxps://platform.nexon.com/activex/ahnlab/aosmgr.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{C01821D6-52BF-4CBF-AA69-5546EBE85FC4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EFB47DB5-1470-4660-B007-545244668285}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-08-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-08-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npNxGame.dll [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Tai\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-13]
CHR Extension: (Google Docs) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-13]
CHR Extension: (Google Drive) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-13]
CHR Extension: (Steins;Gate) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Default\Extensions\biifpihbbpcnknicmpogjmkpefkkpced [2015-03-13]
CHR Extension: (YouTube) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-13]
CHR Extension: (Google Search) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-13]
CHR Extension: (Google Sheets) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-13]
CHR Extension: (Gmail) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-13]
CHR Profile: C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (BetterTTV) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-08-01]
CHR Extension: (Google Docs) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-13]
CHR Extension: (Google Drive) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-13]
CHR Extension: (Steins;Gate) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\biifpihbbpcnknicmpogjmkpefkkpced [2015-03-13]
CHR Extension: (YouTube) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-13]
CHR Extension: (Adblock Plus) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-13]
CHR Extension: (Google Search) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-13]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-04-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-13]
CHR Extension: (Gmail) - C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-02-05] (NVIDIA Corporation)
S4 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-03] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-02-05] (NVIDIA Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12730048 2015-02-06] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-30] (Windows ® Win 7 DDK provider)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-08-09] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 Mkd2Bthf; C:\Windows\System32\drivers\Mkd2Bthf.sys [106912 2014-08-01] (AhnLab, Inc.)
S3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [137368 2014-12-09] (AhnLab, Inc.)
S3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [179240 2014-12-09] (AhnLab, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
S3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [25088 2015-01-27] (SteelSeries ApS)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31936 2015-02-06] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
S3 CEDRIVER60; \??\C:\Users\Tai\Desktop\cheatengine64_NoSetup\dbk64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-13 18:25 - 2015-08-13 18:27 - 00000000 ____D C:\FRST
2015-08-13 17:57 - 2015-08-13 17:57 - 00000000 ____D C:\KVRT_Data
2015-08-13 17:33 - 2015-08-13 17:33 - 00090256 _____ C:\Users\Tai\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-13 17:32 - 2015-08-13 17:32 - 00365896 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 17:32 - 2015-08-13 17:32 - 00000168 _____ C:\Windows\setupact.log
2015-08-13 17:32 - 2015-08-13 17:32 - 00000000 _____ C:\Windows\setuperr.log
2015-08-12 23:37 - 2015-08-12 23:37 - 00000575 _____ C:\Users\Tai\Desktop\osu!.lnk
2015-08-12 23:37 - 2015-08-12 23:37 - 00000575 _____ C:\Users\Tai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2015-08-11 20:39 - 2015-08-11 20:39 - 00000054 _____ C:\Users\Tai\Desktop\New Text Document.txt
2015-08-11 19:09 - 2015-08-11 19:09 - 00000000 ____D C:\Users\Tai\AppData\Roaming\NekoWorks
2015-08-11 19:04 - 2015-08-11 19:04 - 00000202 _____ C:\Users\Tai\Desktop\NEKOPARA Vol. 1.url
2015-08-10 20:53 - 2015-08-10 20:53 - 00000202 _____ C:\Users\Tai\Desktop\Fairy Fencer F.url
2015-08-09 22:54 - 2015-08-09 22:54 - 00043664 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-08-09 18:33 - 2015-08-09 18:33 - 00001316 _____ C:\Users\Tai\Desktop\JRT.txt
2015-08-09 18:29 - 2015-08-09 18:29 - 00000000 ____D C:\Windows\system32\Drivers\etc\bklup
2015-08-09 17:25 - 2015-08-09 17:25 - 00000036 _____ C:\Users\Tai\Desktop\sdfsd.txt
2015-08-09 16:45 - 2015-08-13 18:15 - 00000000 ____D C:\AdwCleaner
2015-08-09 16:19 - 2015-08-09 16:22 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-08-09 16:17 - 2015-08-09 16:20 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-09 16:02 - 2015-08-09 16:02 - 00000000 ____D C:\Users\Tai\AppData\Roaming\Steam
2015-08-09 15:41 - 2015-08-09 15:41 - 00000000 ____D C:\Users\Tai\AppData\Roaming\Pro Cycling Manager 2015
2015-08-09 15:41 - 2015-08-09 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fairy Fencer F
2015-08-09 15:39 - 2015-08-09 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-08-09 15:39 - 2015-08-09 15:39 - 00000000 ____D C:\ProgramData\LogiShrd
2015-08-09 15:39 - 2015-08-09 15:39 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2015-08-09 15:38 - 2015-08-09 15:38 - 00000000 ____D C:\Users\Tai\AppData\Roaming\Logishrd
2015-08-09 00:58 - 2015-08-09 00:58 - 00001214 _____ C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
2015-08-09 00:48 - 2015-08-09 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
2015-08-08 15:36 - 2015-08-08 15:39 - 00000411 _____ C:\Users\Tai\Desktop\fghgfghfghgf.txt
2015-08-07 17:31 - 2015-08-07 17:31 - 00000032 _____ C:\Users\Tai\Desktop\car.txt
2015-08-07 14:07 - 2015-08-07 14:07 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-08-07 14:07 - 2015-08-07 14:07 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-08-07 14:07 - 2015-08-07 14:07 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-08-07 14:07 - 2015-08-07 14:07 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-08-07 14:07 - 2015-08-07 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-08-07 14:07 - 2015-08-07 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-07 14:07 - 2015-08-07 14:07 - 00000000 ____D C:\Program Files\Java
2015-08-07 01:15 - 2015-08-07 01:22 - 00000000 ____D C:\Users\Tai\AppData\Roaming\vlc
2015-08-06 17:36 - 2015-08-06 17:36 - 00000202 _____ C:\Users\Tai\Desktop\Primal Carnage.url
2015-08-05 01:13 - 2015-08-05 01:13 - 00006195 _____ C:\Users\Tai\Desktop\Munch.xml
2015-08-04 22:03 - 2015-08-13 03:42 - 00000000 ____D C:\Program Files\Common Files\Logitech
2015-08-04 22:00 - 2015-08-04 22:00 - 00003138 _____ C:\Windows\System32\Tasks\{E8A302BF-9771-45EE-87F7-6D4B0769682D}
2015-08-04 21:06 - 2015-08-04 21:06 - 00000185 _____ C:\Users\Tai\Desktop\Oddworld Munch's Oddysee.url
2015-08-04 11:29 - 2015-08-04 11:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-08-04 11:29 - 2015-08-03 12:12 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-08-04 11:28 - 2015-08-04 11:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-08-03 12:25 - 2015-08-03 12:25 - 00000199 _____ C:\Users\Tai\Desktop\Dota 2.url
2015-08-02 16:25 - 2015-08-02 16:26 - 00000000 ____D C:\Users\Tai\AppData\Roaming\Tera_Awesomium
2015-08-01 22:12 - 2015-08-02 16:24 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-08-01 22:12 - 2015-08-01 22:12 - 00000000 ____D C:\Users\Tai\AppData\Local\TERA
2015-08-01 20:51 - 2015-08-01 20:51 - 00000202 _____ C:\Users\Tai\Desktop\TERA.url
2015-07-22 03:00 - 2015-07-22 03:00 - 00000000 ____D C:\Users\Tai\AppData\Local\CEF
2015-07-20 05:25 - 2015-07-20 05:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2015-07-20 05:25 - 2015-07-20 05:25 - 00000000 ____D C:\ProgramData\Samsung
2015-07-20 05:25 - 2015-07-20 05:25 - 00000000 ____D C:\Program Files\SAMSUNG
2015-07-20 05:25 - 2013-06-04 22:18 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2015-07-20 05:25 - 2013-06-04 22:18 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2015-07-20 05:25 - 2013-06-04 22:18 - 00203672 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2015-07-20 05:25 - 2013-06-04 22:18 - 00103448 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2015-07-20 04:15 - 2015-07-20 04:15 - 00000000 ____D C:\Users\Tai\AppData\Local\pip
2015-07-20 01:25 - 2015-07-20 01:25 - 00000009 _____ C:\Windows\system32\ls.bat
2015-07-18 05:39 - 2015-07-18 05:40 - 00000000 ____D C:\ProgramData\Oracle
2015-07-17 09:07 - 2015-07-17 09:07 - 00000000 ____D C:\Users\Tai\Documents\Graphics
2015-07-17 06:50 - 2015-07-17 06:51 - 00000000 ____D C:\Users\Tai\Documents\Terraria TShock
2015-07-15 05:05 - 2015-07-15 05:06 - 00000000 ____D C:\Users\Tai\Documents\Orcs Must Die
2015-07-14 16:08 - 2015-08-05 23:40 - 00000000 ____D C:\Users\Tai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-07-14 16:08 - 2015-07-14 16:08 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-14 11:44 - 2015-07-14 11:44 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\Drivers\hamachi.sys
2015-07-14 05:50 - 2015-08-07 13:56 - 00000000 ____D C:\Users\Tai\AppData\Roaming\MySQL
2015-07-14 05:49 - 2015-07-14 05:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2015-07-14 05:49 - 2015-07-14 05:49 - 00000000 ____D C:\Program Files (x86)\MySQL
2015-07-14 05:41 - 2015-08-13 17:32 - 00000000 ____D C:\Users\Tai\AppData\Local\LogMeIn Hamachi
2015-07-14 05:41 - 2015-07-14 05:41 - 00000000 ____D C:\Users\Tai\AppData\Local\LogMeIn
2015-07-14 05:41 - 2015-07-14 05:41 - 00000000 ____D C:\ProgramData\LogMeIn

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-13 18:04 - 2015-03-13 06:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-13 17:42 - 2015-03-13 07:31 - 01122764 _____ C:\Windows\WindowsUpdate.log
2015-08-13 17:39 - 2009-07-13 22:13 - 00787262 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-13 17:38 - 2015-06-20 14:36 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CB712AA8-32E7-4895-92C0-B015512FE2B4}
2015-08-13 17:37 - 2009-07-13 21:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-13 17:37 - 2009-07-13 21:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-13 17:32 - 2015-05-26 12:56 - 00000000 ____D C:\ProgramData\VMware
2015-08-13 17:32 - 2015-03-13 06:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-13 17:32 - 2015-03-13 05:09 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-13 17:32 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-12 03:05 - 2015-03-13 08:55 - 00000000 ____D C:\Users\Tai\AppData\Roaming\tixati
2015-08-12 02:39 - 2015-03-20 04:35 - 00000193 _____ C:\Windows\WORDPAD.INI
2015-08-11 20:04 - 2015-03-13 06:43 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-11 15:59 - 2015-05-26 12:58 - 00000000 ____D C:\Users\Tai\AppData\Roaming\VMware
2015-08-11 15:59 - 2015-05-26 12:58 - 00000000 ____D C:\Users\Tai\AppData\Local\VMware
2015-08-11 01:04 - 2015-06-30 13:58 - 00000000 ____D C:\Users\Tai\Documents\My Games
2015-08-10 19:14 - 2015-07-13 07:45 - 00000000 ____D C:\Users\Tai\Documents\Gunz2
2015-08-09 16:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-09 16:19 - 2015-04-23 07:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet
2015-08-09 16:16 - 2015-03-13 08:05 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-09 16:10 - 2015-06-22 08:44 - 00000000 ____D C:\Users\Tai\AppData\Local\CrashDumps
2015-08-09 00:48 - 2015-03-13 03:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-08 18:30 - 2015-06-10 21:37 - 00000000 ____D C:\Users\Tai\AppData\Roaming\Skype
2015-08-05 23:01 - 2015-07-13 09:25 - 00000000 ____D C:\Users\Tai\AppData\Roaming\TEdit
2015-08-05 22:52 - 2015-07-13 09:25 - 00000000 ____D C:\Users\Tai\AppData\Local\TEditXna
2015-08-04 22:05 - 2015-03-13 07:58 - 00000000 ____D C:\Users\Tai\AppData\Local\Logitech
2015-07-20 04:18 - 2015-06-20 12:30 - 00000000 ____D C:\Users\Tai\.idlerc
2015-07-18 03:31 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Cursors
2015-07-17 07:11 - 2015-04-28 13:23 - 00000000 ____D C:\Users\Tai\Documents\Visual Studio 2013
2015-07-15 22:58 - 2015-03-13 06:43 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 22:58 - 2015-03-13 06:43 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 22:11 - 2015-03-13 05:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-14 09:36 - 2014-05-13 17:37 - 00021328 _____ C:\Users\Public\Documents\XL2411Z.icm
2015-07-14 03:18 - 2015-07-12 05:05 - 00000000 ____D C:\Program Files (x86)\RaidCall

==================== Files in the root of some directories =======

2015-03-16 08:51 - 2015-06-26 23:45 - 0000600 _____ () C:\Users\Tai\AppData\Local\PUTTY.RND

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-12 20:43

==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-08-2015
Ran by Tai (2015-08-13 18:27:18)
Running from D:\Personal Files\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1255276462-290586800-1570087596-500 - Administrator - Disabled)
Guest (S-1-5-21-1255276462-290586800-1570087596-501 - Limited - Disabled)
Tai (S-1-5-21-1255276462-290586800-1570087596-1000 - Administrator - Enabled) => C:\Users\Tai

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blur Busters Strobe Util (HKLM-x32\...\{57BDAE81-2BE7-4ABA-8B03-1520FBF41AF9}) (Version: 1.0.0 - Blur Busters)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
f.lux (HKU\S-1-5-21-1255276462-290586800-1570087596-1000\...\Flux) (Version: - )
Fairy Fencer F (HKLM-x32\...\Steam App 347830) (Version: - Idea Factory)
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GunZ 2: The Second Duel (HKLM-x32\...\Steam App 242720) (Version: - MAIET Entertainment)
HF pAppLoc version 1.1.1 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.1.1 - Inquisitor)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech)
Logitech Gaming Software 8.70 (HKLM\...\Logitech Gaming Software) (Version: 8.70.315 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.383 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.383 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2013 with Update 4 (HKLM-x32\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MySQL Query Browser 1.1 (HKLM-x32\...\{1444B16A-766B-4AD1-8AE8-F0C04C782E2F}) (Version: 1.1.20 - MySQL AB)
NEKOPARA Vol. 1 (HKLM-x32\...\Steam App 333600) (Version: - NEKO WORKs)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Oddworld: Munch's Oddysee (HKLM-x32\...\Steam App 15740) (Version: - Oddworld Inhabitants)
osu! (HKLM-x32\...\{6048adf6-dfdc-414e-95f0-462c02996e60}) (Version: latest - ppy Pty Ltd)
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Primal Carnage (HKLM-x32\...\Steam App 215470) (Version: - Lukewarm Media)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation)
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.13004.105 - raidcall.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.3.5 (HKLM\...\SteelSeries Engine 3) (Version: 3.3.5 - SteelSeries ApS)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TERA (HKLM-x32\...\Steam App 323370) (Version: - Bluehole Inc.)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
Tixati (HKLM-x32\...\tixati) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 11.1.0 - VMware, Inc)
VMware Workstation (Version: 11.1.0 - VMware, Inc.) Hidden
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

13-08-2015 00:29:05 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-08-09 16:02 - 00002251 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 mfr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 static.a-ads.com
127.0.0.1 atlas.aamedia.ro
127.0.0.1 abcstats.com
127.0.0.1 ad4.abradio.cz
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 csh.actiondesk.com
127.0.0.1 ads.activepower.net

There are 48 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {252F08BE-8722-48ED-8D55-67ABBF307459} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-13] (Google Inc.)
Task: {2669FF82-8C15-49C4-8780-4CBC61106CAC} - System32\Tasks\{E8A302BF-9771-45EE-87F7-6D4B0769682D} => pcalua.exe -a "D:\Personal Files\Downloads\lgs460enu.exe" -d "D:\Personal Files\Downloads"
Task: {36B9D363-86F6-465E-BBE6-BE4977D9802E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-13] (Google Inc.)
Task: {7F556CAF-C073-47B5-9770-AB6A15D5E047} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-13 05:08 - 2015-02-05 12:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-06 18:14 - 2015-02-06 18:14 - 12730048 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2015-03-06 17:07 - 2015-03-06 17:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-07-01 17:28 - 2015-07-01 17:28 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2012-02-26 23:58 - 2012-02-26 23:58 - 00301912 _____ () C:\Windows\system32\wintab32.dll
2015-07-01 17:28 - 2015-07-01 17:28 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2012-01-10 14:41 - 2015-04-13 05:46 - 00568904 _____ () C:\Program Files (x86)\puush\puush.exe
2015-02-06 18:40 - 2015-02-06 18:40 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-02-06 18:14 - 2015-02-06 18:14 - 00191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-02-06 18:14 - 2015-02-06 18:14 - 00388288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2015-02-06 18:14 - 2015-02-06 18:14 - 00194752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2015-03-02 13:30 - 2015-03-02 13:30 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-08-11 20:04 - 2015-08-07 17:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll
2015-08-11 20:04 - 2015-08-07 17:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll
2015-03-13 06:55 - 2015-03-13 06:55 - 00016384 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\a27af38460d0062945c358671fb66cea\PSIClient.ni.dll
2015-03-13 03:06 - 2012-07-18 06:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-03-05 01:30 - 2013-03-05 01:30 - 00090112 _____ () C:\Program Files (x86)\RaidCall\crashreport.dll
2015-03-13 08:01 - 2015-07-03 09:12 - 00778240 _____ () D:\Steam\SDL2.dll
2015-03-13 08:01 - 2015-07-03 09:12 - 04962816 _____ () D:\Steam\v8.dll
2015-03-13 08:01 - 2015-07-03 09:12 - 01556992 _____ () D:\Steam\icui18n.dll
2015-03-13 08:01 - 2015-07-03 09:12 - 01187840 _____ () D:\Steam\icuuc.dll
2015-03-13 08:01 - 2015-08-12 11:26 - 02413248 _____ () D:\Steam\video.dll
2015-03-13 08:01 - 2014-12-01 14:31 - 02396672 _____ () D:\Steam\libavcodec-56.dll
2015-03-13 08:01 - 2014-12-01 14:31 - 00442880 _____ () D:\Steam\libavutil-54.dll
2015-03-13 08:01 - 2014-12-01 14:31 - 00479744 _____ () D:\Steam\libavformat-56.dll
2015-03-13 08:01 - 2014-12-01 14:31 - 00332800 _____ () D:\Steam\libavresample-2.dll
2015-03-13 08:01 - 2014-12-01 14:31 - 00485888 _____ () D:\Steam\libswscale-3.dll
2015-03-13 08:01 - 2015-08-12 11:26 - 00704192 _____ () D:\Steam\bin\chromehtml.DLL
2015-07-22 03:00 - 2015-07-26 18:13 - 00171008 _____ () D:\Steam\bin\openvr_api.dll
2015-03-13 08:01 - 2015-07-03 09:12 - 39553928 _____ () D:\Steam\bin\libcef.dll
2015-08-11 20:04 - 2015-08-07 17:13 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1255276462-290586800-1570087596-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tai\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
MSCONFIG\startupreg: WTClient => WTClient.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{10CC43D1-43A9-4B62-A908-7E1A68A97041}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{826D9CA3-075F-426E-9CC4-CFFC37318F68}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6BEA512A-883B-4CEC-AE52-4901073AFDB4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{735903D2-524E-4319-A3A1-2AAFD90C0AF1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5709A8FF-00E9-4D38-88C4-BCD0FB6DEEAF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5F43260D-21B6-4FFD-9AB5-B3A302D6FC0D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C1EA2F9B-05E7-4CD1-80D2-D64C7CF16798}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{042BBCA0-10FD-4B43-8F07-62218343B9AB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A58F9D6-43B7-4B65-A07F-B9A92998A9B2}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{47109BCF-5E99-465C-ABC8-0F543A00AA28}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{BFAEEB2D-1C80-4095-962C-4198D4A0C818}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{2BF89A46-63EF-4F35-B4BF-40025BBD1093}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{39C28A0D-931A-4139-A735-FDF4A7C57BC5}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [UDP Query User{8DC62053-3590-4978-A23B-925581A3670C}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [{70CABC49-07C7-4031-894B-9F2B99167C53}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{738C066F-5715-4F63-8619-3D71833C6F44}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F3038D1F-3E54-47D2-8EAE-BDA7F82543E0}] => (Allow) D:\Programming\IDE\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{2FDF1C2E-72FA-49E4-AA4D-D5F13D10BF93}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{051FB842-75B5-42BE-A877-7747D546F6F4}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{0CC1D807-22DA-4924-A458-7F986FEEBB3F}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{766F5B7F-492E-40C8-914F-0CD36B097844}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{B86A42F8-3F65-47D7-8619-7E2922668BEF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FF4C76E9-856F-403D-B201-F97168F725C8}] => (Allow) D:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{0F400F2C-76B0-421F-85A1-7B15E0F880A0}] => (Allow) D:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{8CFD6ED8-BAEB-4F54-B134-EBE86A26A585}D:\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{615E9AAF-1D9D-4C16-8710-C5635771FB00}D:\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{61093239-4ECC-4DC3-98CC-04FD3CF1D531}] => (Allow) LPort=3306
FirewallRules: [{3EFEF97D-F1C5-48B7-B3AE-4418A0477E9A}] => (Allow) LPort=3306
FirewallRules: [{BB82B58E-0366-45BF-A62E-F1D9E4F00906}] => (Allow) D:\Steam\steamapps\common\GunZ 2 The Second Duel\Gunz2_Steam.exe
FirewallRules: [{4C72D6BC-7EE2-4F17-83D9-937734098187}] => (Allow) D:\Steam\steamapps\common\GunZ 2 The Second Duel\Gunz2_Steam.exe
FirewallRules: [TCP Query User{46354AAD-A11B-46AC-B29E-23AF45486BF4}C:\program files (x86)\raidcall\raidcall.exe] => (Allow) C:\program files (x86)\raidcall\raidcall.exe
FirewallRules: [UDP Query User{669BF33D-246D-4103-A0EE-6DB004F0BC3D}C:\program files (x86)\raidcall\raidcall.exe] => (Allow) C:\program files (x86)\raidcall\raidcall.exe
FirewallRules: [{401556F5-2111-4F82-9D64-3CC86998FD8B}] => (Allow) D:\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{11509A30-7234-48F9-8CA9-2F91DBFC42E5}] => (Allow) D:\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{E21D4AFB-BADD-418F-BBEC-0363439772FB}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{DB928070-F77D-454F-A227-3748CA38B50A}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{F184D37D-D33E-4EFE-9C3D-7DB1457E6030}] => (Allow) D:\Steam\steamapps\common\Oddworld Munchs Oddysee\bin\launcher.exe
FirewallRules: [{06BC8BDE-89D6-4C3B-A234-78201C5B4F7D}] => (Allow) D:\Steam\steamapps\common\Oddworld Munchs Oddysee\bin\launcher.exe
FirewallRules: [{D731DF2B-7965-4F5D-9173-DD622DBDEDF8}] => (Allow) D:\Steam\steamapps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{9D6D377C-0CA9-4B1E-8B86-34D6A0567688}] => (Allow) D:\Steam\steamapps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{15F4321A-CDAC-469E-8835-4E422BB4D836}] => (Allow) D:\Games\FF\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{DB426802-3547-48BE-95DF-5396924ACBFC}] => (Allow) D:\Games\FF\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{91834160-2245-43B1-923A-6BF930DC5CCB}] => (Allow) D:\Games\FF\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{AD46470F-EDF1-4A21-9A0E-9539FC9C4C91}] => (Allow) D:\Games\FF\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{37DF833A-BA4D-4832-88D0-E751B32A7AE0}] => (Allow) D:\Steam\steamapps\common\Fairy Fencer F\FairyFencer.exe
FirewallRules: [{4AB39AE8-4969-4E9A-B62C-62510E9BE6D2}] => (Allow) D:\Steam\steamapps\common\Fairy Fencer F\FairyFencer.exe
FirewallRules: [{0BAAE0F4-84A6-454E-B730-1EA9BFE6402F}] => (Allow) D:\Steam\steamapps\common\NEKOPARA Vol. 1\nekopara_vol1.exe
FirewallRules: [{CF5879D6-55F3-4501-8143-EFF67970F32C}] => (Allow) D:\Steam\steamapps\common\NEKOPARA Vol. 1\nekopara_vol1.exe
FirewallRules: [{5D48EED0-2F12-4522-8943-DC1003BF0B5C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2015 05:34:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/13/2015 04:30:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (08/13/2015 05:34:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 19%
Total physical RAM: 16349.2 MB
Available physical RAM: 13220.68 MB
Total Virtual: 32696.58 MB
Available Virtual: 29282.69 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:69.99 GB) (Free:11.99 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:258.09 GB) NTFS
Drive e: (U13002W_001_D01) (CDROM) (Total:6.89 GB) (Free:0 GB) UDF
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:596.17 GB) (Free:39.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 115.2 GB) (Disk ID: 61507788)
Partition 1: (Not Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=70 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 4: (Not Active) - (Size=35.1 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 68B7FE75)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=42)

========================================================
Disk: 2 (Size: 596.2 GB) (Disk ID: 65459DDA)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== End of log ============================

Attached Files


Edited by Oh My!, 14 August 2015 - 01:14 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:13 PM

Posted 14 August 2015 - 01:33 PM

Greetings akitokunx and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please be sure FRST.exe is on your Desktop.

Please do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

No Antivirus Program Installed

-------------------
  • Please download and install an antivirus program, and make sure that you keep it updated.
  • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software. Two good antivirus programs free for non-commercial home use are avast! Free Antivirus and Avira AntiVir Personal - Free Antivirus. You can also use Microsoft Security Essentials as well, which is also free
  • You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may decrease your overall protection.
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
GroupPolicyScripts: Group Policy detected <======= ATTENTION
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npNxGame.dll [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
S3 CEDRIVER60; \??\C:\Users\Tai\Desktop\cheatengine64_NoSetup\dbk64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Zoek by Smeenk

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Copy and paste the following into the main box

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns

  • Verify Scan All Users is selected then click Run Script
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • zoek log
  • Result.txt
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 akitokunx

akitokunx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 14 August 2015 - 09:09 PM

Hello,

Thanks for the quick response and valuable help, Gary. You can call me by my first name as well, which would be Tai.

I have completed all the instructions, as well as uninstalled any P2P programs on my computer (which includes Tixati). I have also ensured that Windows Firewall has been enabled, and I have installed an anti-virus program. To be more specific, Microsoft Security Essentials, and I have run a scan on my computer after updating MSE. No detections were found.

Here are the requested logs to be copy and pasted. Thank you again for helping me out.


Fixlog.txt
Fix result of Farbar Recovery Scan Tool (x64) Version:13-08-2015
Ran by Tai (2015-08-14 18:38:21) Run:1
Running from C:\Users\Tai\Desktop
Loaded Profiles: Tai (Available Profiles: Tai)
Boot Mode: Normal
==============================================

fixlist content:
*****************
GroupPolicyScripts: Group Policy detected <======= ATTENTION
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npNxGame.dll [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
S3 CEDRIVER60; \??\C:\Users\Tai\Desktop\cheatengine64_NoSetup\dbk64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
*****************

C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.com/NxGame" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => key removed successfully
CEDRIVER60 => service removed successfully
EagleX64 => service removed successfully
SliceDisk5 => service removed successfully
Tablet2k => service removed successfully
xhunter1 => service removed successfully


The system needed a reboot..

==== End of Fixlog 18:38:21 ====

Zoek-result.log
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Tai on 08/14/2015 Fri at 18:41:25.96.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Tai\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

8/14/2015 6:41:59 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\NeoSmart Technologies deleted successfully
C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully
C:\Users\Tai\AppData\Roaming\TEdit deleted successfully
C:\Users\Tai\AppData\Local\CrashDumps deleted successfully
C:\Users\Tai\AppData\Local\SymbolSourceSymbols deleted successfully
C:\Users\Tai\AppData\Local\VirtualStore deleted successfully
C:\Users\Tai\AppData\Local\VMware deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\NeoSmart Technologies not found
C:\PROGRA~2\Bonjour deleted
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\GroupPolicy\User deleted
"C:\Windows\Installer\10e469.msi" deleted

==== Chromium Look ======================

Steins;Gate - Tai\AppData\Local\Google\Chrome\User Data\Default\Extensions\biifpihbbpcnknicmpogjmkpefkkpced
Chrome Hotword Shared Module - Tai\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
BTTV - Tai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajopnjidmegmdimjlfnijceegpefgped
Steins;Gate - Tai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\biifpihbbpcnknicmpogjmkpefkkpced
Reddit Enhancement Suite - Tai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb
Chrome Hotword Shared Module - Tai\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://start.nexon.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://start.nexon.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B0163E6D0340BE4183EB2758E9BEDD8 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B0163E6D0340BE4183EB2758E9BEDD8 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Tai\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5 folders=4 3266500 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Tai\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Tai\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 08/14/2015 Fri at 18:51:36.69 ======================

MTB.txt
MiniToolBox by Farbar Version: 25-07-2015 01
Ran by Tai (administrator) on 14-08-2015 at 18:56:48
Running from "C:\Users\Tai\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Model: To Be Filled By O.E.M. Manufacturer: To Be Filled By O.E.M.
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
158.255.238.129 google-analytics.com



127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 0.0.0.0.0
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 mfr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 static.a-ads.com
127.0.0.1 atlas.aamedia.ro
127.0.0.1 abcstats.com
127.0.0.1 ad4.abradio.cz
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg

There are 55 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)
Hamachi Network Interface = Hamachi (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
add address name="VMware Network Adapter VMnet8" address=192.168.207.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet1" address=192.168.233.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Tai-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : BC-5F-F4-4E-86-AF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9d02:f55b:f10b:fecb%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, August 14, 2015 6:51:28 PM
Lease Expires . . . . . . . . . . : Saturday, August 15, 2015 6:51:28 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 247226356
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-94-6F-C0-BC-5F-F4-4E-86-AF
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7cea:6274:2e9:e07d%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.233.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 369119318
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-94-6F-C0-BC-5F-F4-4E-86-AF
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cdc0:d550:4d7e:5101%18(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.207.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 402673750
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-94-6F-C0-BC-5F-F4-4E-86-AF
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-19-55-1D-C0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::1955:1dc0(Preferred)
Link-local IPv6 Address . . . . . : fe80::6d59:8d21:6c2f:e92e%20(Preferred)
IPv4 Address. . . . . . . . . . . : 25.85.29.192(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Friday, August 14, 2015 6:51:26 PM
Lease Expires . . . . . . . . . . : Saturday, August 13, 2016 6:53:34 PM
Default Gateway . . . . . . . . . : 2620:9b::1900:1
25.0.0.1
DHCP Server . . . . . . . . . . . : 25.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 444234200
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-94-6F-C0-BC-5F-F4-4E-86-AF
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{43266FA4-DF21-4C20-B4EF-4F1F95D37BB7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2FA3275A-DEFC-48F9-B870-60C5575789AA}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{AA238085-1BEF-4F4F-9BC0-EE75CB7E4346}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C01821D6-52BF-4CBF-AA69-5546EBE85FC4}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4007:809::200e
216.58.216.14


Pinging google.com [216.58.216.14] with 32 bytes of data:
Reply from 216.58.216.14: bytes=32 time=11ms TTL=52
Reply from 216.58.216.14: bytes=32 time=12ms TTL=52

Ping statistics for 216.58.216.14:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 12ms, Average = 11ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 2001:4998:c:a06::2:4008
2001:4998:58:c02::a9
2001:4998:44:204::a7
98.138.253.109
206.190.36.45
98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=41ms TTL=48
Reply from 206.190.36.45: bytes=32 time=41ms TTL=48

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 41ms, Maximum = 41ms, Average = 41ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...bc 5f f4 4e 86 af ......Realtek PCIe FE Family Controller
16...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
18...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
20...7a 79 19 55 1d c0 ......Hamachi Network Interface
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 25.0.0.1 25.85.29.192 9256
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
25.0.0.0 255.0.0.0 On-link 25.85.29.192 9256
25.85.29.192 255.255.255.255 On-link 25.85.29.192 9256
25.255.255.255 255.255.255.255 On-link 25.85.29.192 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
192.168.207.0 255.255.255.0 On-link 192.168.207.1 276
192.168.207.1 255.255.255.255 On-link 192.168.207.1 276
192.168.207.255 255.255.255.255 On-link 192.168.207.1 276
192.168.233.0 255.255.255.0 On-link 192.168.233.1 276
192.168.233.1 255.255.255.255 On-link 192.168.233.1 276
192.168.233.255 255.255.255.255 On-link 192.168.233.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 25.85.29.192 9256
224.0.0.0 240.0.0.0 On-link 192.168.233.1 276
224.0.0.0 240.0.0.0 On-link 192.168.207.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 25.85.29.192 9256
255.255.255.255 255.255.255.255 On-link 192.168.233.1 276
255.255.255.255 255.255.255.255 On-link 192.168.207.1 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 25.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
20 9020 ::/0 2620:9b::1900:1
1 306 ::1/128 On-link
20 276 2620:9b::/96 On-link
20 276 2620:9b::1955:1dc0/128 On-link
11 276 fe80::/64 On-link
20 276 fe80::/64 On-link
16 276 fe80::/64 On-link
18 276 fe80::/64 On-link
20 276 fe80::6d59:8d21:6c2f:e92e/128
On-link
16 276 fe80::7cea:6274:2e9:e07d/128
On-link
11 276 fe80::9d02:f55b:f10b:fecb/128
On-link
18 276 fe80::cdc0:d550:4d7e:5101/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
20 276 ff00::/8 On-link
16 276 ff00::/8 On-link
18 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
0 9000 ::/0 2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

**** End of log ****

I have also attached the System Summary file: (Attached File  Summary.zip   58.38KB   1 downloads). Again, thank you for helping me out. So far, I have yet to be redirected but I can not say for certain whether or not the virus has been removed yet. This is because it only occasionally redirects me. After I surf the web for a few more hours, I will let you know if I get redirected again.

Thank you,
Tai.

PS: There is a small error in your instructions that confused me for a bit. In your Zoek instructions, you mention that zoek-results.log would appear on the user's Desktop, but for me, it appeared in C:\ along with a "zoeks-backup" folder, even though Zoek.exe was on my desktop when I ran it. It ended up finding it after some searches on its location. It's a trivial error, but it might confuse other users later on. Just a friendly heads-up!

Thank you for helping me again!

Edited by Oh My!, 14 August 2015 - 09:16 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:13 PM

Posted 14 August 2015 - 09:29 PM

Greetings Tai and it is a pleasure to work together on this.

Thanks for the detailed reply and the information regarding the zoek file location. It is a big deal to me if it is not accurate. :)

Are you in Spain?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 akitokunx

akitokunx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 14 August 2015 - 11:13 PM

Greetings Tai and it is a pleasure to work together on this.

Thanks for the detailed reply and the information regarding the zoek file location. It is a big deal to me if it is not accurate. :)

Are you in Spain?

 

 

Hello again!

 

Unfortunately, I am not in Spain. I am located within California, USA.

So far I haven't had any redirects. I tried restarting my computer, because usually the first time I attempt to go to a URL after a reboot, I get redirected. However, there was no redirection! 

 

But something just occurred. I have run a scan on my computer again using Microsoft Security Essentials. But this time, I used a full scan instead of a quick scan. MSE detected something:

 

31b17bc87e.jpg

 

 

Should I remove the threat? Your instructions state that independent actions might confuse you, so I will wait for your opinion.

 

Thanks again for your valuable help!



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:13 PM

Posted 15 August 2015 - 07:02 AM

Gretings Tai,

I am not surprised by that warning and in fact that is why I asked. Although the time indication under your name seems to be west coast time some people don't accurately report their location when they open an account and they are actually in a different time zone. I believe that warning is a result of this entry:
 

========================= Hosts content: =================================
158.255.238.129 google-analytics.com

That IP address comes back to a Spain location.

We will delete that entry one way or another but I would like to take a more in depth look at that issue. Please run this.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 akitokunx

akitokunx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 15 August 2015 - 07:41 PM

Greetings again Gary,

 

Oh, I see. I hope this doesn't turn out to be severe! I have run the program and I will post the log. Again, thank you for your valuable help!

 

RogueKiller V10.10.0.0 [Aug 11 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tai [Administrator]
Started from : C:\Users\Tai\Desktop\RogueKiller.exe
Mode : Scan -- Date : 08/15/2015 17:37:21
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 8 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1255276462-290586800-1570087596-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.nexon.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1255276462-290586800-1570087596-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.nexon.com  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1255276462-290586800-1570087596-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1255276462-290586800-1570087596-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1255276462-290586800-1570087596-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1255276462-290586800-1570087596-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 78 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 m.fr.a2dfp.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 mfr.a2dfp.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad.a8.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 asy.a8ww.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 static.a-ads.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 atlas.aamedia.ro
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 abcstats.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad4.abradio.cz
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 a.abv.bg
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adserver.abv.bg
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adv.abv.bg
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bimg.abv.bg
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ca.abv.bg
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www2.a-counter.kiev.ua
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 track.acclaimnetwork.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 accuserveadsystem.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.accuserveadsystem.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 achmedia.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 csh.actiondesk.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ads.activepower.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 app.activetrail.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 traffic.acwebconnecting.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 office.ad1.ru
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 cms.ad2click.nl
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad2games.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ads.ad2games.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 content.ad20.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 core.ad20.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 banner.ad.nu
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 cl21.v4.adaction.se
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adadvisor.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 tag1.adaptiveads.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adbanner.ro
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wad.adbasket.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad.pop1.adbn.ru
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad.top1.adbn.ru
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad.rich1.adbn.ru
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 james.adbutler.de #[Tracking.Cookie]
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adbutler.de
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adchimp.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 static.adclick.lt
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 engine.adclick.lv
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 show.adclick.lv
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 static.adclick.lv
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adclick.lv
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad-clix.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.ad-clix.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 servedby.adcombination.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adcomplete.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adcomplete.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adhall.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 pool.adhese.be
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adhitzads.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ads.static.adhood.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 app.pubserver.adhood.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 app.winwords.adhood.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ssl3.adhost.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www2.adhost.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adfarm1.adition.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 imagesrv.adition.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adblockplus.org
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 easylist.adblockplus.org
[C:\Windows\System32\drivers\etc\hosts] 158.255.238.129 google-analytics.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adk2cdn.cpmrocket.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 c1.popads.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 yieldmanager.adbooth.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adcash.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ads.adjalauto.com
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA OCZ-VERTEX PLUS SCSI Disk Device +++++
--- User ---
[MBR] 6c61451410200a94c110c798bec18477
[BSP] a87b7142d648570f223f5fe6665c45ea : Linux|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 71669 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 221130752 | Size: 10000 MB
3 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 147499006 | Size: 35953 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ATA Hitachi HDS72105 SCSI Disk Device +++++
--- User ---
[MBR] 0bece158f4812ea85823c1bfb6d07efc
[BSP] 2a72644741ab3c1b95d008ce3b32310a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 476938 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: Seagate FreeAgent GoFlex USB Device +++++
--- User ---
[MBR] 2911a3f812fa852c4c802faea6539d86
[BSP] a3b4dae920585d1710d37e9b8b30b14b : Empty|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 610477 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:13 PM

Posted 15 August 2015 - 08:14 PM

Thanks for the report. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Hosts:
Emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 akitokunx

akitokunx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 16 August 2015 - 02:18 AM

Hello again Gary,

 

Okay. I have followed your instructions. Here are the logs!

 

Fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-08-2015
Ran by Tai (2015-08-15 18:30:18) Run:2
Running from C:\Users\Tai\Desktop
Loaded Profiles: Tai (Available Profiles: Tai)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Hosts:
Emptytemp:
*****************
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 362 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 18:30:26 ====
 
ESET log

No log. There weren't any detections!
 
Security Check log

 Results of screen317's Security Check version 1.007  
 Windows 7 Service Pack 1 x64 
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Visual Studio Extensions for Windows Library for JavaScript 
 Java version 32-bit out of Date!
 Google Chrome (44.0.2403.130) 
 Google Chrome (44.0.2403.155) 
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 7% 
````````````````````End of Log``````````````````````
 
 
How is your computer running?

I haven't been redirected at all ever since I started following your instructions!

I think the virus may have been removed. :D I have been browsing the internet a lot on purpose using Chrome/Firefox, and I haven't encountered utrack.pw anymore.

 

 

Thanks again for all of your help!


Edited by akitokunx, 16 August 2015 - 02:19 AM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:13 PM

Posted 16 August 2015 - 08:40 AM

You are most welcome. I think we have licked this thing. Everything else looks great. :thumbsup2:

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a brief period of time in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 akitokunx

akitokunx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 16 August 2015 - 06:07 PM

Hello Gary,

 

Wow! Thank you so much for your valuable help! I no longer feel insecure when browsing on my computer.

 

I don't have any lingering issues, so you can close the thread anytime you'd like. Again, thank you!

I do have one question though. What exactly was the virus? Was it a browser hijack, or maybe a hosts hijack? I am very curious as to what it was... it eluded many antiviruses I initially had installed, like Malwarebytes.

 

 

Thanks again,

Tai


Edited by akitokunx, 16 August 2015 - 06:19 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:13 PM

Posted 16 August 2015 - 06:24 PM

Greetings Tai,

I am glad we were able to accomplish what we set out to do, namely clean your computer and more importantly help to put your mind more at ease.

Yes, your hosts file was compromised. As far as the browser redirect I can't tell you exactly which entry was responsible for that because reports sometimes reports simply indicate which folders were emptied without identifying the specific entries contained in the folder. There could be hundreds/thousands of entries, most of which may be legitimate but not necessary to keep. Sorry I can't give you a better answer but we are not always told the identity of every entry that is removed.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 akitokunx

akitokunx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 16 August 2015 - 10:42 PM

Greetings Tai,

I am glad we were able to accomplish what we set out to do, namely clean your computer and more importantly help to put your mind more at ease.

Yes, your hosts file was compromised. As far as the browser redirect I can't tell you exactly which entry was responsible for that because reports sometimes reports simply indicate which folders were emptied without identifying the specific entries contained in the folder. There could be hundreds/thousands of entries, most of which may be legitimate but not necessary to keep. Sorry I can't give you a better answer but we are not always told the identity of every entry that is removed.

 

Oh, I see. No need to apologize!

 

Is there a way to... "reset" the hosts file? I am still not sure exactly what the hosts file does; is it possible to give it a "reset" to remove any other potential threats, or is that not a good idea?



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:13 PM

Posted 16 August 2015 - 10:45 PM

We reset the hosts file in Post #8. It is done by the following command in the Fixlist:
 

Hosts:

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 akitokunx

akitokunx
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 17 August 2015 - 05:39 PM

 

We reset the hosts file in Post #8. It is done by the following command in the Fixlist:
 

Hosts:

 

 

Ah, I see! That makes me feel a lot better.

 

Thanks again for your help!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users