Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My PC wants a file called wpad.dat from unidentified server


  • This topic is locked This topic is locked
4 replies to this topic

#1 megatronchote

megatronchote

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 18 August 2015 - 05:22 PM

I have Windows 7  and my netstat -ano showed me that there was an instance of svchost.exe trying to connect to the host 72.52.4.121 (which apparently now is offline), so i installed Wireshark and it showed a GET /wpad.dat request, so i googled a little and people say its a virus but noone how to solve it.

 

I hope you can help me, here is my FRST log:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by h4x0r (administrator) on H4X0R-PC (18-08-2015 19:13:36)
Running from C:\Users\h4x0r\Desktop\Arreglando
Loaded Profiles: h4x0r (Available Profiles: h4x0r & Invitado)
Platform: Windows 7 Ultimate (X64) Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The Wireshark developer community, http://www.wireshark.org/) C:\Program Files\Wireshark\Wireshark.exe
(The Wireshark developer community) C:\Program Files\Wireshark\dumpcap.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-06] (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3814108330-3210705316-2379670013-1000] => 50.76.6.154:8080
HKU\S-1-5-21-3814108330-3210705316-2379670013-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.ar/
HKU\S-1-5-21-3814108330-3210705316-2379670013-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ar.msn.com/?ocid=iehp
BHO-x32: FGCatchUrl -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> C:\Program Files (x86)\FlashGet\jccatch.dll [2007-08-06] (www.flashget.com)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-15] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-15] (Oracle Corporation)
BHO-x32: FlashGet GetFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> C:\Program Files (x86)\FlashGet\getflash.dll [2007-05-18] (www.flashget.com)
DPF: HKLM-x32 {688C8675-1834-48FA-9DEF-4755CEFB9EDE} hxxp://pan1.no-ip.org/EDVR.CAB
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 4.4.4.4 8.8.8.8
Tcpip\..\Interfaces\{1B81BF65-79B2-491E-8D22-BACCA4A1D5F2}: [DhcpNameServer] 200.42.4.207 200.49.130.44
Tcpip\..\Interfaces\{22B4FA90-E120-40EC-AFEF-57C7090001D8}: [DhcpNameServer] 200.42.4.207 200.49.130.44
Tcpip\..\Interfaces\{27B3ED68-2E89-44F9-B83E-79BFF057E979}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{27B3ED68-2E89-44F9-B83E-79BFF057E979}: [DhcpNameServer] 4.4.4.4 8.8.8.8
Tcpip\..\Interfaces\{3C5E0BD2-E67C-43EE-BEE8-C41B747CBCE9}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\h4x0r\AppData\Roaming\Mozilla\Firefox\Profiles\vh41aklo.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-01-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3814108330-3210705316-2379670013-1000: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\creativecommons.xml [2014-08-06]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolibre-ar.xml [2014-08-06]
FF Extension: MEGA - C:\Users\h4x0r\AppData\Roaming\Mozilla\Firefox\Profiles\vh41aklo.default\Extensions\firefox@mega.co.nz.xpi [2014-04-05]
FF Extension: Lightbeam - C:\Users\h4x0r\AppData\Roaming\Mozilla\Firefox\Profiles\vh41aklo.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-10-28]
 
Chrome: 
=======
CHR Profile: C:\Users\h4x0r\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\h4x0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-24]
CHR Extension: (YouTube) - C:\Users\h4x0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-24]
CHR Extension: (Adblock Plus) - C:\Users\h4x0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-24]
CHR Extension: (CT4YT) - C:\Users\h4x0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckkcfihdjobckmikhjffmjgolbeajoji [2013-12-22]
CHR Extension: (Google Search) - C:\Users\h4x0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-24]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\h4x0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-05-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\h4x0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-16]
CHR Extension: (Ghostery) - C:\Users\h4x0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-02-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\h4x0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-24]
CHR Extension: (Gmail) - C:\Users\h4x0r\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-24]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-06] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-06] (Avast Software)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3209160 2014-04-02] (INCA Internet Co., Ltd.) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S4 Blackberry Device Manager; no ImagePath
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S4 SwitchBoard; no ImagePath
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-06] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-06] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-06] ()
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-08-15] (Sony Mobile Communications)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-23] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [17280 2014-10-20] (Scott)
S3 ute4nzk5; C:\Windows\SysWOW64\Drivers\ute4nzk5.sys [7168 2015-06-12] () [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-06] (Avast Software)
S3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [308096 2007-06-23] (Vimicro Corporation) [File not signed]
S3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1494656 2007-03-25] (Vimicro Corporation) [File not signed]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MFE_RR; \??\C:\Users\h4x0r\AppData\Local\Temp\mfe_rr.sys [X]
S3 REN2CAP_DRIVER; system32\drivers\ren2cap.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-18 18:59 - 2015-08-18 18:59 - 00050015 _____ C:\Users\h4x0r\Downloads\authrootstl.cab
2015-08-18 18:49 - 2015-08-18 19:13 - 00000000 ____D C:\FRST
2015-08-18 18:48 - 2015-08-18 18:49 - 00001881 _____ C:\Users\h4x0r\Downloads\FSS.txt
2015-08-18 18:48 - 2015-08-18 18:48 - 00899072 _____ (Farbar) C:\Users\h4x0r\Downloads\FSS.exe
2015-08-18 18:47 - 2015-08-18 19:13 - 00000000 ____D C:\Users\h4x0r\Desktop\Arreglando
2015-08-18 18:46 - 2015-08-18 18:46 - 00000000 ____D C:\Users\h4x0r\Downloads\backups
2015-08-18 18:38 - 2015-08-18 18:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\h4x0r\Downloads\HijackThis.exe
2015-08-17 23:44 - 2015-08-18 19:04 - 00000000 ____D C:\Users\h4x0r\AppData\Roaming\Wireshark
2015-08-17 21:54 - 2015-08-18 14:52 - 00001609 _____ C:\Users\Public\Desktop\Wireshark.lnk
2015-08-17 21:54 - 2015-08-17 21:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-08-17 21:54 - 2015-08-17 21:54 - 00000000 ____D C:\Program Files\Wireshark
2015-08-17 21:54 - 2015-08-17 21:54 - 00000000 ____D C:\Program Files (x86)\WinPcap
2015-08-17 21:43 - 2015-08-17 21:43 - 00000296 _____ C:\Users\h4x0r\Downloads\RootkitRemover_20150817_214320.log
2015-08-17 21:42 - 2015-08-17 21:42 - 00783640 _____ (McAfee, Inc.) C:\Users\h4x0r\Downloads\rootkitremover.exe
2015-08-15 10:45 - 2015-08-15 10:45 - 00000019 _____ C:\Users\h4x0r\Desktop\fijo tia silvia.txt
2015-08-11 13:41 - 2015-08-11 13:42 - 00062767 _____ C:\Users\h4x0r\Downloads\plugin.video.stalker-master.zip
2015-08-07 23:29 - 2015-08-07 23:30 - 00000000 ____D C:\Users\h4x0r\Downloads\Ted 2.2015.HC.HDRip.XViD-ETRG
2015-08-07 12:14 - 2015-08-07 12:14 - 00058661 _____ C:\Windows\SysWOW64\CCCInstall_201508071214315645.log
2015-08-07 12:14 - 2015-08-07 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-08-07 12:14 - 2015-08-07 12:14 - 00000000 ____D C:\ProgramData\ATI
2015-08-06 10:25 - 2015-08-06 10:25 - 02920524 _____ C:\Users\h4x0r\Downloads\KMSpico921.rar
2015-08-04 16:18 - 2015-08-04 16:18 - 13490513 _____ C:\Users\h4x0r\Downloads\CF-Auto-Root-m0-m0xx-gti9300.zip
2015-08-04 16:11 - 2015-08-04 16:11 - 08099903 _____ C:\Users\h4x0r\Downloads\philz_touch_6.48.4-i9300.tar.md5
2015-08-04 16:09 - 2015-08-04 16:09 - 08248238 _____ C:\Users\h4x0r\Downloads\philz_touch_6.48.4-i9300.zip
2015-08-04 15:53 - 2015-08-04 15:53 - 05007945 _____ C:\Users\h4x0r\Downloads\Patched_BUUGMJ3_modem.zip
2015-08-04 14:43 - 2015-08-04 14:44 - 917165173 _____ C:\Users\h4x0r\Downloads\ARO-I9300UBUGML1-20140109213042.zip
2015-08-04 13:49 - 2015-08-04 13:49 - 01542508 _____ C:\Users\h4x0r\Downloads\Downloader_10924_i40552794_il345.exe.zip
2015-08-04 11:58 - 2015-08-04 12:01 - 178160642 _____ C:\Users\h4x0r\Downloads\omni-4.4.4-20150521-i9300-FINAL.zip
2015-08-04 11:52 - 2015-08-04 11:52 - 06300235 _____ C:\Users\h4x0r\Downloads\recovery-clockwork-6.0.4.6-serrano3gxx.tar.zip
2015-08-04 11:37 - 2015-08-04 11:37 - 17527651 _____ C:\Users\h4x0r\Downloads\GalaxyNexusRecovery .zip
2015-08-01 10:40 - 2015-08-01 10:40 - 00000038 _____ C:\Users\h4x0r\Desktop\tio chiche.txt
2015-07-31 21:50 - 2015-07-31 21:50 - 00000000 ____D C:\Users\h4x0r\Downloads\Virtual DJ Pro 7.0.5 And Crack
2015-07-31 19:42 - 2015-07-31 19:48 - 115481048 _____ (Lenovo Group Limited ) C:\Users\h4x0r\Downloads\37g501wf.exe
2015-07-31 19:41 - 2015-07-31 20:16 - 689919832 _____ (Lenovo Group Limited ) C:\Users\h4x0r\Downloads\37g301wf.exe
2015-07-31 19:41 - 2015-07-31 19:59 - 313742104 _____ (Lenovo Group Limited ) C:\Users\h4x0r\Downloads\37g201wf.exe
2015-07-31 19:41 - 2015-07-31 19:48 - 66414184 _____ (Lenovo Group Limited ) C:\Users\h4x0r\Downloads\37g101wf.exe
2015-07-31 19:41 - 2015-07-31 19:43 - 46474560 _____ (Lenovo Group Limited ) C:\Users\h4x0r\Downloads\37gb010f.exe
2015-07-31 19:41 - 2015-07-31 19:42 - 04028760 _____ (Lenovo Group Limited ) C:\Users\h4x0r\Downloads\37g001wf.exe
2015-07-31 19:41 - 2015-07-31 19:41 - 05098088 _____ (Lenovo Group Limited ) C:\Users\h4x0r\Downloads\37g401wf.exe
2015-07-31 19:40 - 2015-07-31 20:09 - 619915344 _____ (Lenovo Group Limited ) C:\Users\h4x0r\Downloads\Sin confirmar 184281.crdownload
2015-07-29 22:57 - 2015-07-29 22:57 - 00000000 ____D C:\Users\h4x0r\Downloads\The Strain S01E01 HDTV x264-2HD[ettv]
2015-07-29 00:44 - 2015-07-29 00:44 - 00107784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2015-07-29 00:44 - 2015-07-29 00:44 - 00100568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2015-07-29 00:43 - 2015-07-29 00:43 - 00141792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2015-07-29 00:43 - 2015-07-29 00:43 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2015-07-29 00:43 - 2015-07-29 00:43 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-07-29 00:43 - 2015-07-29 00:43 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-07-29 00:42 - 2015-07-29 00:42 - 00133016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-07-29 00:42 - 2015-07-29 00:42 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-07-29 00:42 - 2015-07-29 00:42 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-07-29 00:42 - 2015-07-29 00:42 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-07-29 00:41 - 2015-07-29 00:41 - 01193904 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-07-29 00:40 - 2015-07-29 00:40 - 10094152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-07-29 00:40 - 2015-07-29 00:40 - 07929616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-07-29 00:40 - 2015-07-29 00:40 - 07408936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-07-29 00:26 - 2015-07-29 00:26 - 00297672 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-07-29 00:15 - 2015-07-29 00:15 - 21622784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-07-29 00:09 - 2015-07-29 00:09 - 47785472 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-07-29 00:09 - 2015-07-29 00:09 - 00235008 _____ C:\Windows\system32\clinfo.exe
2015-07-29 00:08 - 2015-07-29 00:08 - 39714816 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-07-29 00:07 - 2015-07-29 00:07 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-07-29 00:07 - 2015-07-29 00:07 - 00059392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-07-29 00:06 - 2015-07-29 00:06 - 27535872 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2015-07-29 00:05 - 2015-07-29 00:05 - 22318592 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2015-07-28 23:41 - 2015-07-28 23:41 - 06477312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-07-28 23:41 - 2015-07-28 23:41 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-07-28 23:41 - 2015-07-28 23:41 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-07-28 23:36 - 2015-07-28 23:36 - 05068288 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-07-28 23:34 - 2015-07-28 23:34 - 30752256 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-07-28 23:34 - 2015-07-28 23:34 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-07-28 23:34 - 2015-07-28 23:34 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-07-28 23:33 - 2015-07-28 23:33 - 00093696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-07-28 23:33 - 2015-07-28 23:33 - 00086528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-07-28 23:32 - 2015-07-28 23:32 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2015-07-28 23:30 - 2015-07-28 23:30 - 15716864 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-07-28 23:30 - 2015-07-28 23:30 - 00660928 _____ C:\Windows\SysWOW64\atiapfxx.blb
2015-07-28 23:30 - 2015-07-28 23:30 - 00660928 _____ C:\Windows\system32\atiapfxx.blb
2015-07-28 23:30 - 2015-07-28 23:30 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-07-28 23:30 - 2015-07-28 23:30 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-07-28 23:30 - 2015-07-28 23:30 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-07-28 23:30 - 2015-07-28 23:30 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-07-28 23:30 - 2015-07-28 23:30 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-07-28 23:29 - 2015-07-28 23:29 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-07-28 23:28 - 2015-07-28 23:28 - 25299968 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-07-28 23:28 - 2015-07-28 23:28 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2015-07-28 23:26 - 2015-07-28 23:26 - 00672768 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-07-28 23:26 - 2015-07-28 23:26 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-07-28 23:26 - 2015-07-28 23:26 - 00204800 _____ C:\Windows\system32\amdgfxinfo64.dll
2015-07-28 23:26 - 2015-07-28 23:26 - 00189952 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2015-07-28 23:26 - 2015-07-28 23:26 - 00160256 _____ C:\Windows\system32\atieah64.exe
2015-07-28 23:26 - 2015-07-28 23:26 - 00143872 _____ C:\Windows\SysWOW64\atieah32.exe
2015-07-28 23:26 - 2015-07-28 23:26 - 00029696 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-07-28 23:25 - 2015-07-28 23:25 - 00246784 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-07-28 23:25 - 2015-07-28 23:25 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-07-28 23:24 - 2015-07-28 23:24 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2015-07-28 23:24 - 2015-07-28 23:24 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2015-07-28 23:23 - 2015-07-28 23:23 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-07-28 23:22 - 2015-07-28 23:22 - 01247744 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-07-28 23:22 - 2015-07-28 23:22 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-07-28 23:22 - 2015-07-28 23:22 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2015-07-28 23:22 - 2015-07-28 23:22 - 00665088 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-07-28 23:22 - 2015-07-28 23:22 - 00156672 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-07-28 23:22 - 2015-07-28 23:22 - 00141824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-07-28 23:22 - 2015-07-28 23:22 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-07-28 23:22 - 2015-07-28 23:22 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-07-28 23:22 - 2015-07-28 23:22 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-07-28 23:19 - 2015-07-28 23:19 - 00102912 _____ C:\Windows\system32\hsa-thunk64.dll
2015-07-28 23:19 - 2015-07-28 23:19 - 00102400 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2015-07-24 15:33 - 2015-07-24 15:33 - 00058661 _____ C:\Windows\SysWOW64\CCCInstall_201507241533596057.log
2015-07-23 18:31 - 2015-07-29 22:57 - 00000000 ____D C:\Users\h4x0r\Downloads\Wayward Pines S01E10 HDTV XviD-FUM[ettv]
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-18 18:37 - 2013-10-24 15:29 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-18 18:17 - 2014-11-24 14:02 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-18 16:07 - 2013-10-24 15:29 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-18 16:04 - 2013-10-22 22:07 - 00000433 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-08-18 16:04 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 16:03 - 2014-08-27 16:56 - 00091807 _____ C:\Windows\setupact.log
2015-08-18 14:53 - 2015-02-25 19:13 - 00000000 ____D C:\Users\h4x0r\Desktop\IMAGENES ESCRITORIO
2015-08-17 22:10 - 2013-10-22 22:10 - 00000000 ____D C:\Program Files (x86)\Everything
2015-08-16 21:01 - 2013-11-12 20:42 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-11 21:26 - 2013-11-08 14:40 - 00000000 ____D C:\Users\h4x0r\AppData\Roaming\FileZilla
2015-08-11 11:59 - 2009-07-14 01:45 - 00016960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-11 11:59 - 2009-07-14 01:45 - 00016960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-08 20:57 - 2013-10-27 12:09 - 00000000 ____D C:\Users\h4x0r\AppData\Roaming\uTorrent
2015-08-07 23:29 - 2009-07-14 06:31 - 00750994 _____ C:\Windows\system32\perfh00A.dat
2015-08-07 23:29 - 2009-07-14 06:31 - 00160036 _____ C:\Windows\system32\perfc00A.dat
2015-08-07 23:29 - 2009-07-14 02:13 - 01685800 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-07 12:14 - 2013-10-29 16:13 - 00000000 ____D C:\Program Files\AMD
2015-08-07 12:13 - 2013-10-22 20:50 - 00000000 ____D C:\ProgramData\AMD
2015-08-07 12:10 - 2013-06-12 20:20 - 00000000 ____D C:\AMD
2015-08-02 11:05 - 2015-06-12 18:09 - 00000000 ____D C:\Users\h4x0r\AppData\Local\CrashDumps
2015-07-29 20:31 - 2015-06-29 20:03 - 00000000 ____D C:\Users\h4x0r\Desktop\CAPTURAS
2015-07-29 00:42 - 2014-10-09 14:56 - 00152056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-07-29 00:42 - 2014-10-09 14:56 - 00120144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-07-29 00:41 - 2014-10-09 14:56 - 11948704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-07-29 00:41 - 2014-10-09 14:56 - 01445224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-07-29 00:39 - 2014-10-09 14:55 - 08893160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-07-29 00:39 - 2014-10-09 14:55 - 08779872 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-07-28 23:17 - 2015-06-22 22:21 - 00865792 _____ (AMD) C:\Windows\system32\coinst_15.20.dll
2015-07-23 18:31 - 2015-07-18 22:29 - 00000000 ____D C:\Users\h4x0r\Downloads\Wayward.Pines.S01E09.HDTV.x264-LOL[ettv]
 
==================== Files in the root of some directories =======
 
2013-11-08 14:55 - 2015-06-01 18:38 - 0000132 _____ () C:\Users\h4x0r\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-10-28 11:39 - 2014-02-27 11:45 - 0000231 _____ () C:\Users\h4x0r\AppData\Roaming\Rim.Desktop.Exception.log
2013-10-28 11:28 - 2014-04-03 17:29 - 0002021 _____ () C:\Users\h4x0r\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-10-28 11:39 - 2014-02-27 11:45 - 0000231 _____ () C:\Users\h4x0r\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-08-07 14:53 - 2014-08-07 14:53 - 0000001 _____ () C:\Users\h4x0r\AppData\Local\llftool.4.40.agreement
2015-03-01 21:29 - 2015-04-03 15:01 - 0000600 _____ () C:\Users\h4x0r\AppData\Local\PUTTY.RND
2013-11-01 12:38 - 2015-05-16 19:46 - 0007594 _____ () C:\Users\h4x0r\AppData\Local\Resmon.ResmonCfg
2013-10-22 19:23 - 2013-10-22 19:23 - 0000003 _____ () C:\Users\h4x0r\AppData\Local\user_data.ini
2014-12-14 18:59 - 2014-12-14 18:59 - 0000016 _____ () C:\ProgramData\mntemp
 
Some files in TEMP:
====================
C:\Users\h4x0r\AppData\Local\Temp\tmp17E4.exe
C:\Users\h4x0r\AppData\Local\Temp\tmpBE21.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-12 08:35
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:24 AM

Posted 22 August 2015 - 04:24 AM

Hello megatronchote and welcome to BleepingComputer!               :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 3 days, feel free to PM me.                :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 3 days I will bump the topic, if you didn't reply in next 3 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

Please enable your Avast antivirus, I will reply back to you as soon as possible.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:24 AM

Posted 22 August 2015 - 11:22 AM

Hi megatronchote.
 
We need to enable your System Restore.
 
  1. Go to Computer, right click on blank spaces and select Properties.
  2. In the System Window, click on System Protection on the left pane.
  3. Under Protection settings, select Local Disk C: from the list and select Configure...
  4. Select Restore system settings and previous versions of files and click OK. Also click OK on System Protection window.

------------------

 

We need to enable your User Account Control (UAC).

  1. Go to Control Panel > User accounts > Change User Account Control Settings.
  2. Change the slider to second position from the top. On the right pane it will said Default.
  3. Click OK to close the window.

------------------

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

After the fix has been finished, please create a new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:24 AM

Posted 26 August 2015 - 08:55 AM

Are you still there?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:24 AM

Posted 30 August 2015 - 11:04 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users