Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible rootkit on my computer or virus.


  • Please log in to reply
11 replies to this topic

#1 CalusBlade

CalusBlade

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 03 October 2015 - 04:39 PM

So I received an alert saying that I bought something online which I did not buy.  I called my bank as soon as I got the alert.  Now I am wondering if there are things on my computer thats not suppose to be in it.  So just to be safe I am requesting this to be looked into.



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:16 AM

Posted 03 October 2015 - 05:15 PM

Hello,

 

And what the bank said?

 

Please download Rkill to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe
http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 

§  Double-click on the Rkill desktop icon to run the tool.

§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.

§  black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

§  If not, delete the file, then download and use the one provided in Link 2.

§  Do not reboot until instructed.

§  If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from Safe Mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

-----------

 

ESET Online Scanner

§  Click here to download the installer for ESET Online Scanner and save it to your Desktop.

§  Disable all your antivirus and antimalware software - see how to do that here.

§  Right click on esetsmartinstaller_enu.exe and select Run as Administrator.

§  Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.

§  Select Enable detection of potentially unwanted applications.

§  Click Advanced Settings, then place a checkmark in the following:

o    Remove found threats

o    Scan archives

o    Scan for potentially unsafe applications

o    Enable Anti-Stealth technology

§  Click Start to begin scanning.

§  ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.

§  When the scan is done, click List threats (only available if ESET Online Scanner found something).

§  Click Export, then save the file to your desktop.

§  Click Back, then Finish to exit ESET Online Scanner.

--------------

 

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.

NOTE. If you already have MBAM 2.0 installed scroll down.

 

§  Double-click mbam-setup-2.x.x.xxxx.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to the following:
 

o    Launch Malwarebytes Anti-Malware

o    A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

 

§  Click Finish.

§  On the Dashboard, click the 'Update Now >>' link

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the 'Scan Now >>' button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.


If you already have MBAM 2.0 installed:
 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

------

 

Please download AdwCleaner by Xplode onto your desktop.

§  Close all open programs and internet browsers.

§  Double click on adwcleaner.exe to run the tool.

§  In EULA window click I agree.

§  In Options uncheck Reset Winsock settings.

§  Click on Scan button.

§  When the scan has finished click on Cleaning button.

§  Your computer will be rebooted automatically. A text file will open after the restart.

§  Please post the contents of that logfile with your next reply.

§  You can find the logfile at C:\AdwCleaner[C1].txt as well.

-------

 

Please download Junkware Removal Tool  to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, 8 or 10; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.

------


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 CalusBlade

CalusBlade
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 03 October 2015 - 11:20 PM

The bank just closed my card and they're gonna mail me a new one.  I shouldn't be liable for the charges.  The anti mal-ware reset itself before scanning.  A pop up saying something was interfering with the rootkit scan.

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/03/2015 06:23:58 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 10/03/2015 06:29:38 PM
Execution time: 0 hours(s), 5 minute(s), and 40 seconds(s)

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/3/2015
Scan Time: 10:47 PM
Logfile: Malware.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.03.06
Rootkit Database: v2015.10.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Installer

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 573975
Time Elapsed: 46 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

C:\Users\Games\AppData\Roaming\uTorrent\updates\3.4.2_33870.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    
C:\Users\Games\AppData\Roaming\uTorrent\updates\3.4.3_40633.exe    a variant of Win32/OpenCandy.C potentially unsafe application    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\00D7B34957B32262086E72E62586B86F820CE98D    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\01BB9FA9CCEAC0FA1F80B15D2D65E952642D6E00    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\0D300002E3A4AF5A9383928B328FA22CEC923404    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\1D6FE38FBBDE8F2C73B3425514F66183888E3FB5    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\1D781CCCF0B0D9C3CE731FE96162B37C1FE02921    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\2367CD6CACB82521383F2307578B1A3FF8F64718    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\46D6D21D50C59A1309DBFD09B63DA967482788AC    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\47D2EB0050F22C5334CE889D1F08A22770C90776    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\63A117555E12F929084485D393A6D7E51A7C9BC2    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\661C7C7B3A2FAB73F011F392DE28BF67C21CDE0C    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\6D13D650D31E6FC3C884717D02C47EEEA8B3ADF6    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\700052692D74C4FB0F2499744B3E060DE29A3F5C    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\7AECE2551C7DBF2364812D6A1F4F1BB63D183B7C    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\7B5E164E2C5AE9B3A755330F5C90D91067D333F3    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\7CDE9B66B4B5176B40863078DDCEDF32A9DEC1FF    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\7F91E46610FF12CAF436A4DC4177499DB4723D53    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\8916FB9CBE207B82ECBBA1F22BE9EFA58C485317    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\8D6893936717265C07ECDA18E682366736B52582    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\8FF0E98CF6B5814FC52B7F183237659B3F661C1A    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\9F558B6BEF8664E4B46A94922EEA323011245971    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\B49E0665446A169E3DEE1F78372D35913A868190    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\BC2CDB4C81B3AD19019F5B24587000BBCFD6FC21    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\CFBE48466E36265F78C992B8669277008D07B6F2    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\EC064CD2AB2F4161E670FA9E942746859B452FC3    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\ED6C0975FF545591929DF1CFC029B66F80CB2E3E    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\FF43B6FD9E3BD54C5F676B9CDDA93965AE8EE709    HTML/Iframe.B.Gen virus    
C:\Users\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\FF50FA068F6A27BBF946CF56FCB5496EEB8D76D8    HTML/Iframe.B.Gen virus    
C:\Documents and Settings\Games\AppData\Roaming\uTorrent\updates\3.4.2_33870.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting - quarantined
C:\Documents and Settings\Games\AppData\Roaming\uTorrent\updates\3.4.3_40633.exe    a variant of Win32/OpenCandy.C potentially unsafe application    cleaned by deleting - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\00D7B34957B32262086E72E62586B86F820CE98D    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\01BB9FA9CCEAC0FA1F80B15D2D65E952642D6E00    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\0D300002E3A4AF5A9383928B328FA22CEC923404    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\1D6FE38FBBDE8F2C73B3425514F66183888E3FB5    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\1D781CCCF0B0D9C3CE731FE96162B37C1FE02921    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\2367CD6CACB82521383F2307578B1A3FF8F64718    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\46D6D21D50C59A1309DBFD09B63DA967482788AC    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\47D2EB0050F22C5334CE889D1F08A22770C90776    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\63A117555E12F929084485D393A6D7E51A7C9BC2    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\661C7C7B3A2FAB73F011F392DE28BF67C21CDE0C    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\6D13D650D31E6FC3C884717D02C47EEEA8B3ADF6    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\700052692D74C4FB0F2499744B3E060DE29A3F5C    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\7AECE2551C7DBF2364812D6A1F4F1BB63D183B7C    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\7B5E164E2C5AE9B3A755330F5C90D91067D333F3    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\7CDE9B66B4B5176B40863078DDCEDF32A9DEC1FF    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\7F91E46610FF12CAF436A4DC4177499DB4723D53    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\8916FB9CBE207B82ECBBA1F22BE9EFA58C485317    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\8D6893936717265C07ECDA18E682366736B52582    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\8FF0E98CF6B5814FC52B7F183237659B3F661C1A    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\9F558B6BEF8664E4B46A94922EEA323011245971    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\B49E0665446A169E3DEE1F78372D35913A868190    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\BC2CDB4C81B3AD19019F5B24587000BBCFD6FC21    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\CFBE48466E36265F78C992B8669277008D07B6F2    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\EC064CD2AB2F4161E670FA9E942746859B452FC3    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\ED6C0975FF545591929DF1CFC029B66F80CB2E3E    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\FF43B6FD9E3BD54C5F676B9CDDA93965AE8EE709    HTML/Iframe.B.Gen virus    deleted - quarantined
C:\Documents and Settings\GG\AppData\Local\Mozilla\Firefox\Profiles\nv1ow53n.default\cache2\entries\FF50FA068F6A27BBF946CF56FCB5496EEB8D76D8    HTML/Iframe.B.Gen virus    deleted - quarantined

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Installer on 10/04/2015 Sun at  0:10:07.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] bdsandbox [Reboot required]



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6CB72A5D-B4AC-415E-9B7A-303EBCBC0AAE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C4C3345B-1A1D-495e-AEA0-C03B760C146B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files

Successfully deleted: [File] C:\ProgramData\1422068281.bdinstall.bin
Successfully deleted: [File] C:\Windows\SysWOW64\REN1BEA.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\REN7002.tmp



~~~ Folders

Successfully deleted: [Folder] C:\Users\Installer\Documents\add-in express



~~~ FireFox

Successfully deleted the following from C:\Users\Installer\AppData\Roaming\mozilla\firefox\profiles\ktwhdeg3.default\prefs.js

user_pref(extensions.wecarereminder.merchHash, {\AFFILIATES\:{\1-Sale-A-Day\:{\name\:\1 Sale A Day\,\autordr\:1,\n\:\3\,\td\:1.5},\1and1Internet\:{\name\



~~~ Chrome


[C:\Users\Installer\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Installer\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Installer\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Installer\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/04/2015 Sun at  0:17:31.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v5.009 - Logfile created 03/10/2015 at 23:52:54
# Updated 27/09/2015 by Xplode
# Database : 2015-09-30.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Installer - INSTALLER-PC
# Running from : C:\Users\Games\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : PanService

***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Users\Installer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lcnnhcneegeeojhgpfijnlnocjdmlaon_0.localstorage
[-] File Deleted : C:\Users\Installer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lcnnhcneegeeojhgpfijnlnocjdmlaon_0.localstorage-journal
[-] File Deleted : C:\Users\Installer\AppData\Roaming\Mozilla\Firefox\Profiles\ktwhdeg3.default\searchplugins\yahoo.xml

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Adobe Flash Player Updater

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]

***** [ Web browsers ] *****


*************************


########## EOF - \AdwCleaner\AdwCleaner[C1].txt - [1850 bytes] ##########




 



#4 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:16 AM

Posted 04 October 2015 - 02:47 AM

Hello,

 

I can't see any rootkit activity, but you said that PC crashed during MBAM scan?

 

----

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

§  Flush DNS

§  Report IE Proxy Settings

§  Reset IE Proxy Settings

§  Report FF Proxy Settings

§  Reset FF Proxy Settings

§  List IP configuration

§  List Winsock Entries

§  List last 10 Event Viewer log

§  List Installed Programs

§  List Minidump Files

§  List Restore Points

Click Go and post the result (MTB.txt). A copy of MTB.txt will be saved in the same directory the tool is run.

-----

 

Download Security Check from here or here and save it to your Desktop.

§  Double-click SecurityCheck.exe

§  Follow the onscreen instructions inside of the black box.

§  Notepad document should open automatically called checkup.txt; please post the contents of that document.

-----

 

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options. If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Malware Scan button to start the scan.
  • When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and attach it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#5 CalusBlade

CalusBlade
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 04 October 2015 - 07:49 AM

Anti-Malware had to reset in order to run the rootkit scan.  I wouldn't say it crashed.  Upon start up under administrator it scanned.

 

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Installer (administrator) on 04-10-2015 at 08:13:36
Running from "C:\Users\Games\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: GA-A75-UD4H Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Installer-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 50-E5-49-55-4B-85
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8858:2bc1:9ab3:7670%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.10.173(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, October 04, 2015 8:06:45 AM
   Lease Expires . . . . . . . . . . : Sunday, October 11, 2015 8:06:50 AM
   Default Gateway . . . . . . . . . : 192.168.10.1
   DHCP Server . . . . . . . . . . . : 192.168.10.1
   DHCPv6 IAID . . . . . . . . . . . : 324068681
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-E4-16-B4-50-E5-49-55-4B-85
   DNS Servers . . . . . . . . . . . : 192.168.10.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  UnKnown
Address:  192.168.10.1

Name:    google.com
Addresses:  2607:f8b0:4006:808::100e
      74.125.226.67
      74.125.226.71
      74.125.226.68
      74.125.226.72
      74.125.226.69
      74.125.226.70
      74.125.226.73
      74.125.226.65
      74.125.226.64
      74.125.226.78
      74.125.226.66


Pinging google.com [74.125.226.66] with 32 bytes of data:
Reply from 74.125.226.66: bytes=32 time=10ms TTL=55
Reply from 74.125.226.66: bytes=32 time=10ms TTL=55

Ping statistics for 74.125.226.66:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 10ms, Average = 10ms
Server:  UnKnown
Address:  192.168.10.1

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
      2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=79ms TTL=49
Reply from 206.190.36.45: bytes=32 time=84ms TTL=49

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 79ms, Maximum = 84ms, Average = 81ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...50 e5 49 55 4b 85 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.10.1   192.168.10.173     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.10.0    255.255.255.0         On-link    192.168.10.173    276
   192.168.10.173  255.255.255.255         On-link    192.168.10.173    276
   192.168.10.255  255.255.255.255         On-link    192.168.10.173    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    192.168.10.173    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    192.168.10.173    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    276 fe80::/64                On-link
 12    276 fe80::8858:2bc1:9ab3:7670/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 \Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 \Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 \Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 \Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 \Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog9 01 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 \Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/04/2015 12:02:39 AM) (Source: MsiInstaller) (User: Installer-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Installer\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (10/03/2015 10:36:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/03/2015 06:31:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/03/2015 06:31:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/03/2015 01:45:01 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 41.0.1.5750, time stamp: 0x560b37be
Faulting module name: mozglue.dll, version: 41.0.1.5750, time stamp: 0x560b229d
Exception code: 0x80000003
Fault offset: 0x0000ec7f
Faulting process id: 0x488c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/01/2015 03:36:07 PM) (Source: MsiInstaller) (User: Installer-PC)
Description: Product: Google Update Helper - Update '{E0D0D2C9-5836-4023-AB1D-54EC3B90AD03}' could not be removed. Error code 1647. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (10/01/2015 11:46:43 AM) (Source: MsiInstaller) (User: Installer-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Installer\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (10/01/2015 11:46:12 AM) (Source: MsiInstaller) (User: Installer-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Installer\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.

Error: (09/14/2015 04:47:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: rome2.exe, version: 2.2.0.0, time stamp: 0x55c87535
Faulting module name: Rome2.dll, version: 2.2.0.0, time stamp: 0x55c8755c
Exception code: 0xc0000005
Fault offset: 0x004c45e5
Faulting process id: 0x9d0
Faulting application start time: 0xrome2.exe0
Faulting application path: rome2.exe1
Faulting module path: rome2.exe2
Report Id: rome2.exe3

Error: (09/14/2015 04:42:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: rome2.exe, version: 2.2.0.0, time stamp: 0x55c87535
Faulting module name: Rome2.dll, version: 2.2.0.0, time stamp: 0x55c8755c
Exception code: 0xc0000005
Fault offset: 0x004c45e5
Faulting process id: 0xcb8
Faulting application start time: 0xrome2.exe0
Faulting application path: rome2.exe1
Faulting module path: rome2.exe2
Report Id: rome2.exe3


System errors:
=============
Error: (10/04/2015 08:07:19 AM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (10/04/2015 08:06:54 AM) (Source: Service Control Manager) (User: )
Description: The Htsysm service failed to start due to the following error:
%%2

Error: (10/04/2015 12:11:13 AM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/04/2015 12:11:12 AM) (Source: Service Control Manager) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/04/2015 12:11:11 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/04/2015 12:11:11 AM) (Source: Service Control Manager) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/04/2015 12:11:11 AM) (Source: Service Control Manager) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/04/2015 12:11:11 AM) (Source: Service Control Manager) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/04/2015 12:11:11 AM) (Source: Service Control Manager) (User: )
Description: The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/04/2015 12:11:11 AM) (Source: Service Control Manager) (User: )
Description: The Machine Debug Manager service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (10/04/2015 12:02:39 AM) (Source: MsiInstaller)(User: Installer-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Installer\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/03/2015 10:36:38 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Games\Downloads\esetsmartinstaller_enu.exe

Error: (10/03/2015 06:31:51 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Games\Downloads\esetsmartinstaller_enu.exe

Error: (10/03/2015 06:31:44 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Games\Downloads\esetsmartinstaller_enu.exe

Error: (10/03/2015 01:45:01 AM) (Source: Application Error)(User: )
Description: plugin-container.exe41.0.1.5750560b37bemozglue.dll41.0.1.5750560b229d800000030000ec7f488c01d0fd9a0bb9a7c1C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dlle30a8c3d-6991-11e5-9c0c-50e549554b85

Error: (10/01/2015 03:36:07 PM) (Source: MsiInstaller)(User: Installer-PC)
Description: Google Update Helper{E0D0D2C9-5836-4023-AB1D-54EC3B90AD03}1647(NULL)(NULL)(NULL)

Error: (10/01/2015 11:46:43 AM) (Source: MsiInstaller)(User: Installer-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Installer\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/01/2015 11:46:12 AM) (Source: MsiInstaller)(User: Installer-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Installer\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/14/2015 04:47:10 PM) (Source: Application Error)(User: )
Description: rome2.exe2.2.0.055c87535Rome2.dll2.2.0.055c8755cc0000005004c45e59d001d0ef2e1e1c74f7C:\Program Files (x86)\stream\steamapps\common\Total War Rome II\rome2.exeC:\Program Files (x86)\stream\steamapps\common\Total War Rome II\Rome2.dllc491b707-5b21-11e5-8f10-50e549554b85

Error: (09/14/2015 04:42:38 PM) (Source: Application Error)(User: )
Description: rome2.exe2.2.0.055c87535Rome2.dll2.2.0.055c8755cc0000005004c45e5cb801d0ef2db370876dC:\Program Files (x86)\stream\steamapps\common\Total War Rome II\rome2.exeC:\Program Files (x86)\stream\steamapps\common\Total War Rome II\Rome2.dll2270cedc-5b21-11e5-8f10-50e549554b85


CodeIntegrity Errors:
===================================
  Date: 2015-02-11 01:27:27.951
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\INSTAL~1\AppData\Local\temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-11 01:27:27.820
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\INSTAL~1\AppData\Local\temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-11 01:27:27.496
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Games\Desktop\New folder (3)\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-11 01:27:27.363
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Games\Desktop\New folder (3)\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-22 18:53:06.955
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00286_046\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-22 18:46:53.093
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00286_046\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-22 18:26:21.199
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00286_046\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-22 11:01:50.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00286_046\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-21 19:22:57.569
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00286_046\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-21 19:06:55.806
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00286_046\avcuf64.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.3.40633 - BitTorrent Inc.)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\{FE2D627E-D7E0-46EA-93A6-8583420285FA}) (Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Any Video Converter 3.5.7 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
ATI AVIVO64 Codecs (HKLM\...\{6A7F7056-14E1-D8E4-0B87-BC3F18EAC8AC}) (Version: 11.6.0.10627 - ATI Technologies Inc.) Hidden
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Beat Hazard (HKLM-x32\...\Steam App 49600) (Version:  - Cold Beam Games)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.20.0.1429 - Bitdefender)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID HWMonitor 1.19 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd)
DFO (HKLM-x32\...\{C1E5C0FB-527E-42C6-BCA0-0A37A6124AE4}) (Version: 1.01.0000 - Neople)
Easy Tune 6 B11.0822.1 (HKLM-x32\...\{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE) Hidden
Easy Tune 6 B11.0822.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Echoes+ (HKLM-x32\...\Steam App 338000) (Version:  - Binary Zoo)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.104 - Etron Technology) Hidden
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Audio Editor (HKLM-x32\...\Free Audio Editor) (Version:  - FAE Inc.)
Gear Up (HKLM-x32\...\Steam App 214420) (Version:  - Doctor Entertainment AB)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 23.0.1271.64 - Google Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
GPUTweakStreaming (HKLM-x32\...\{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS) Hidden
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
ILLUSION @ふぉーむメイト (HKLM-x32\...\{2510CF9A-3D92-4D1E-9124-080F53F4E293}) (Version: 1.00.0000 - ILLUSION)
ILLUSION ジンコウガクエン (HKLM-x32\...\{C109AF5B-69D0-4C93-B360-F28D9FAB6084}) (Version: 1.00.0000 - ILLUSION)
ILLUSION ジンコウガクエン きゃらめいく (HKLM-x32\...\{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}) (Version: 1.00.0000 - ILLUSION)
ILLUSION ジンコウガクエン2 (HKLM-x32\...\{AF83EF7D-353A-4E0C-9919-C4E4BCB5F742}) (Version: 1.00.0000 - ILLUSION)
ILLUSION ジンコウガクエン2 きゃらめいく (HKLM-x32\...\{A56F495B-7075-4510-AC91-485416140DA2}) (Version: 1.00.0000 - ILLUSION)
iTunes (HKLM\...\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}) (Version: 10.6.0.40 - Apple Inc.)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jigoku Kisetsukan: Sense of the Seasons (HKLM-x32\...\Steam App 368950) (Version:  - )
Junk Mail filter update (HKLM-x32\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.0 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Mabinogi (HKLM-x32\...\Mabinogi) (Version:  - devCAT)
Magic Duels (HKLM-x32\...\Steam App 316010) (Version:  - Stainless Games Ltd.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MapleStory (HKLM-x32\...\MapleStory) (Version:  - )
METAL SLUG DEFENSE (HKLM-x32\...\Steam App 356310) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IE ActiveX Analyzer (HKLM-x32\...\{F6DBCB56-FF1A-4AA6-B0AC-44EF2D5C2429}) (Version: 1.5.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version:  - TaleWorlds Entertainment)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OCCT 4.4.1 (HKLM-x32\...\OCCT) (Version: 4.4.1 - Ocbase.com)
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher US) (Version: 1.0.0 - OGPlanet, Inc.)
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher) (Version: 1.0.0 - OGPlanet, Inc.)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.531.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
RGSS-RTP Standard (HKLM-x32\...\RGSS-RTP Standard_is1) (Version: 1.03 - Enterbrain)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
RPGツクール2000 ランタイムパッケージ (HKLM-x32\...\{33F7A957-A66D-45A1-BADF-6576083B14E2}) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Seagate Manager Installer (HKLM-x32\...\{E6F019F1-DFB6-4853-A87D-6E31624755A9}) (Version: 2.02.0109 - Seagate) Hidden
Seagate Manager Installer (HKLM-x32\...\InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}) (Version: 2.02.0109 - Seagate)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
Sid Meier's Civilization V (HKLM-x32\...\Civilization V) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization V SDK (HKLM-x32\...\Steam App 16830) (Version:  - Firaxis Games)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.16 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
SUPERAntiSpyware Professional (HKLM-x32\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.26.0.1004 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synthesia (HKLM-x32\...\Synthesia) (Version: 8.4 - Synthesia LLC)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{EB3D5CB0-2CB9-487A-A8A7-9CB257012E73}) (Version: 2.2.3.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.38 - En Masse Entertainment)
The Escapists (HKLM-x32\...\Steam App 298630) (Version:  - Mouldy Toof Studios)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.7.0.109 - KMP Media co., Ltd)
Total War: ROME II - Assembly Kit BETA (HKLM-x32\...\Steam App 267180) (Version:  - )
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: Shogun 2 - TEd (HKLM-x32\...\Steam App 202920) (Version:  - The Creative Assembly)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.11.1 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.5.1 - Tweaking.com)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Vegas Pro 12.0 (64-bit) (HKLM\...\{A7500970-FE98-11E1-B560-F04DA23A5C58}) (Version: 12.0.367 - Sony)
Vindictus (HKLM-x32\...\Vindictus) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E1}) (Version: 18.0.11023 - WinZip Computing, S.L. )
カスタムメイド3D2 (HKLM-x32\...\カスタムメイド3D2) (Version:  - KISS)
========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

04-10-2015 04:10:09 JRT Pre-Junkware Removal

**** End of log ****
 

 

 Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Bitdefender Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware Professional    
 Java version 32-bit out of Date!
 Adobe Flash Player 19.0.0.185  
 Mozilla Firefox (41.0.1)
 Google Chrome 21.0.1180.83 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Bitdefender Bitdefender 2015 vsserv.exe  
 Bitdefender Bitdefender 2015 updatesrv.exe  
 Bitdefender Bitdefender 2015 bdagent.exe  
 Bitdefender Bitdefender 2015 bdwtxag.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

Emsisoft Emergency Kit - Version 10.0
Last update: 10/4/2015 8:27:02 AM
User account: Installer-PC\Installer

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    10/4/2015 8:31:16 AM
C:\Users\Games\AppData\Roaming\getrighttogo     detected: Application.AppInstall (A)
Value: HKEY_USERS\S-1-5-21-283352316-871778088-2479186926-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-283352316-871778088-2479186926-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)

Scanned    93718
Found    3

Scan end:    10/4/2015 8:39:56 AM
Scan time:    0:08:40
 



#6 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:16 AM

Posted 04 October 2015 - 12:10 PM

Update Java and Chrome.

 

You can quarantine this item: C:\Users\Games\AppData\Roaming\getrighttogo     detected: Application.AppInstall (A) in Emsisoft EK.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#7 CalusBlade

CalusBlade
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 04 October 2015 - 01:33 PM

the getrighttogo is already in the quarantine.  I rescanned and found nothing

 

Java and Chrome updated.



#8 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:16 AM

Posted 04 October 2015 - 02:23 PM

Great. That should be all.

 

Empty your temp folders using TFC (Temporary File Cleaner)

§  Please download TFC by Old Timer and save it to your desktop.
alternate download link

§  Save any unsaved work. (TFC will close ALL open programs including your browser!)

§  Double-click on TFC.exe to run it. (If you are using Vista or above, right-click on the file and choose "Run As Administrator".)

§  Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

§  Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

-----

 

This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download  DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

§  Activate UAC (optional; some users prefer to keep it off)

§  Remove disinfection tools

§  Create registry backup

§  Purge System Restore

§  Reset system settings
Now click "Run" and wait patiently.
Once finished, a logfile will be created. You don't have to attach it to your next reply.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#9 CalusBlade

CalusBlade
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 05 October 2015 - 12:24 AM

Done



#10 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:16 AM

Posted 05 October 2015 - 11:28 AM

That is it.  :thumbup2:


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#11 CalusBlade

CalusBlade
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 05 October 2015 - 12:31 PM

thanks.  So i assume there wasn't anything in my computer that caused the issue I have.



#12 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:02:16 AM

Posted 05 October 2015 - 01:04 PM

Eset found some virus, but nothing serious, as I can tell.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users