Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I clicked file that broke Malwarebytes-it just disappears


  • This topic is locked This topic is locked
2 replies to this topic

#1 epii

epii

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 18 October 2015 - 09:43 PM

My Windows 7 PC got infected with something that has disabled Malwarebytes along with blocking any attempt to visit the Malwarebytes website and certain other "help" websites as well. Before I begin detailing my issue I know for a fact what the executable file is that I clicked on that messed things up. It's a 35.9MB file called "pmdg.737.ng-griso.exe" and if it would help you I could send it to you for analysis, if there is a way to safely do so that is. Hopefully you won't need it, but if you do need it just let me know how I can get it to you safely.

 

Anyway, here's what happened:

 

I was cleaning out old files on my "Windows 7 Home" PC (64-bit) and clicked on the aforementioned file. The file didn't actually open a program i.e. nothing at all appeared to happen after my having double clicked it. That was unusual and it concerned me so here are the things I learned and the things I did and the order in which I did them to try and investigate:

 

(1)

Ran Avast and it said the file was clean.

 

(2)

Tried running Malwarebytes on it but Malwarebytes just opened and closed. It would not scan the file - just opened and closed at which point I knew the computer had been infected but I have no way of knowing what the virus or malware is.

 

(3)

I then noticed that Malwarebytes had disappeared from the "right click" drop down menu as is the usual way that I access it from.

 

NOTE: I checked in "Program Files (x86) and Malwarebytes program was still installed. It just no longer worked.

 

(4)

I was prevented from going to the Malewarebytes website and in fact various other help websites where I used ""malewarebytes" as a keyword. They would all just boot me back to the desktop as soon as I opened them. This happened in both IE Explorer and Chrome browsers.

 

(5)

Tried uninstalling Malwarebytes thinking that maybe a re-install might fix it however the "uninstall" executable would not open i.e. same behavior as trying to run the Malwarebytes executable... nothing happened.

 

(6)

Booted computer into Safe Mode with networking whereupon I was able to successfully uninstall Malwarebytes through its uninstall program.

 

(7)

Booted back into normal mode where a few little things had changed like Windows splash screen now showed the word "Welcome" where it hadn't before. Also, the border on the taskbar along with open windows borders had all changed colors from what they were suppose to be.

 

(8)

Still in normal mode, I tried going to the Malwarebytes website to download latest version but was still blocked. Booted back to desktop. Both my browsers work normally, they just won't allow me into some websites where help is offered. I think IE Explorer showed a message saying that either there was an attempt to, or that something actually had changed my homepage (I don't remember the wording exactly) but it was something to that effect. My homepage (Google) was still my homepage, so I don't know what that message was about.

 

(9)

Downloaded Malwarebytes onto a thumb drive using different computer. I think I then installed it onto the infected computer while in Safe Mode however I'm not sure if it was in Safe Mode or not. At any rate Malwarebytes is now re-installed but still won't work and computer is still blocked from opening certain "help" websites. Same as before, just boots back to the desktop.

 

(10)

Researched what to do and downloaded then ran "Malwarebytes Chameleon". On the very first option it ran its DOS thing then it actually ran the Malwarebytes scan where it found stuff and (I think) quarantined them, but even after this I still could not run Malwarebytes in normal mode.

 

(11)

The last thing I did before giving up and coming here to bleepingcomputer.com was to download, install, then partially run "HitmanPro". It found a bunch of stuff and then I think it started uploading a log file to somewhere for analysis or something. I stopped it mid-stream because the progress bar that was uploading the file was going really slow and there appeared to be a few of them waiting in the queue.

 

That was the best of my recollection as to what I did to resolve the issue to no avail.

 

Any help would be very much appreciated.

 

EDIT: I'm posting this on a computer other than the infected one because although I'm able to open the website bleepingcomputer.com on the infected computer, it just closes the website and boots me back to the desktop when I attempt to open my post. I did manage to get the first post (albeit posted in a different discussion group here at bleepingcomputer to actually post) but was asked by the moderator to move to this discussion group. So, I will be switching back and forth from one computer to the other as I only have one mouse.

 

Thanks,

-Rick

--------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-10-2015
Ran by rdh (administrator) on RDH-PC (18-10-2015 17:12:15)
Running from C:\Users\rdh\Desktop
Loaded Profiles: rdh & UpdatusUser (Available Profiles: rdh & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(CJSC Returnil Software) C:\Program Files (x86)\Returnil\RVS3\rvsmon.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\Asus\SmartLogon\sensorsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\Asus\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\ExpressGateUtil\VAWinService.exe
() C:\Program Files\Focusrite\VRM Box\VRMService.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Windows\AsScrPro.exe
(bbydrihossth) C:\Users\rdh\AppData\Roaming\ihwewn\jaweew.exe
(bbydrihossth) C:\Users\rdh\AppData\Roaming\bugfxa\wcgfvx.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUS) C:\Program Files (x86)\Asus\SmartLogon\smartlogon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11075176 2010-07-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92968 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1449984 2010-09-01] (Intel® Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2011-02-16] (ASUS)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [905216 2010-09-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [6134544 2015-10-09] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2386814584-2648647418-3016029524-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-18] (Google Inc.)
HKU\S-1-5-21-2386814584-2648647418-3016029524-1000\...\Run: [GoogleChromeAutoLaunch_26656A665BC94D4099E61D2CE97D651E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-08] (Google Inc.)
HKU\S-1-5-21-2386814584-2648647418-3016029524-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-2386814584-2648647418-3016029524-1000\...\Run: [pmdg.737.ng-griso.exe] => pmdg.737.ng-griso.exe
HKU\S-1-5-21-2386814584-2648647418-3016029524-1000\...\Run: [jaweew.exe] => C:\Users\rdh\AppData\Roaming\ihwewn\jaweew.exe [37690120 2014-03-27] (bbydrihossth)
HKU\S-1-5-21-2386814584-2648647418-3016029524-1000\...\Run: [nuudgf.exe] => C:\Users\rdh\AppData\Roaming\ihwewn\\nuudgf.exe
HKU\S-1-5-21-2386814584-2648647418-3016029524-1000\...\Run: [wcgfvx.exe] => C:\Users\rdh\AppData\Roaming\bugfxa\wcgfvx.exe [37690120 2014-03-27] (bbydrihossth)
HKU\S-1-5-21-2386814584-2648647418-3016029524-1000\...\Run: [rxqtih.exe] => C:\Users\rdh\AppData\Roaming\bugfxa\\rxqtih.exe
HKU\S-1-5-21-2386814584-2648647418-3016029524-1000\...\Run: [suujnu.exe] => C:\Users\rdh\AppData\Roaming\ihwewn\\suujnu.exe
HKU\S-1-5-21-2386814584-2648647418-3016029524-1000\...\Run: [trvxas.exe] => C:\Users\rdh\AppData\Roaming\bugfxa\\trvxas.exe
HKU\S-1-5-21-2386814584-2648647418-3016029524-1000\...\Run: [xgtrhz.exe] => C:\Users\rdh\AppData\Roaming\bugfxa\\xgtrhz.exe
HKU\S-1-5-21-2386814584-2648647418-3016029524-1000\...\Run: [abowqt.exe] => C:\Users\rdh\AppData\Roaming\ihwewn\\abowqt.exe
HKU\S-1-5-21-2386814584-2648647418-3016029524-1000\...\Run: [czfkxa.exe] => C:\Users\rdh\AppData\Roaming\ihwewn\\czfkxa.exe
HKU\S-1-5-21-2386814584-2648647418-3016029524-1000\...\Run: [qtvxja.exe] => C:\Users\rdh\AppData\Roaming\bugfxa\\qtvxja.exe
HKU\S-1-5-21-2386814584-2648647418-3016029524-1000\...\MountPoints2: {0dd8d38f-5e2c-11e0-929b-bcaec54b6dc4} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)
AppInit_DLLs-x32: c:\progra~3\bitguard\261694~1.246\{16cdf~1\bitguard.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2015-10-09] (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-02-16]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-02-16]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2014-01-02]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
CHR HKU\S-1-5-21-2386814584-2648647418-3016029524-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{366A14B7-DD57-4C6C-8CFD-5D6929729308}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2386814584-2648647418-3016029524-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-2386814584-2648647418-3016029524-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-2386814584-2648647418-3016029524-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2386814584-2648647418-3016029524-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2386814584-2648647418-3016029524-1000 -> {C65A2045-67E7-4758-A5D8-E9BE5F8C991F} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.24.1.51&apn_uid=AB298A5C-C2AB-4A98-B6DF-4451933C29E0&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17207&doi=2015-02-24&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-10-09] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-10] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-10-09] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-10] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
Toolbar: HKLM-x32 - TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files (x86)\TextAloud\TAForIE.dll [2007-08-25] ()
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-2386814584-2648647418-3016029524-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\rdh\AppData\Roaming\Mozilla\Firefox\Profiles\bveps0tw.default
FF NewTab: about:newtab
FF SearchEngineOrder.1: Google
FF Homepage: about:home
FF SelectedSearchEngine: Google
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: hxxps://www.google.com/search
FF Keyword.URL: hxxps://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2010-10-26] (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-10-05] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2010-10-26] (Best Buy)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-03-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF Extension: Form History Control - C:\Users\rdh\AppData\Roaming\Mozilla\Firefox\Profiles\bveps0tw.default\Extensions\formhistory@yahoo.com [2013-06-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-03-18] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-06-23] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> hxxp://start.sweetpacks.com/?barid={B0EDD281-C6F6-11E2-9F4F-BCAEC54B6DC4}&src=10&crg=3.5000006.10045&st=23&st=23
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll => No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Move Streaming Media Player) - C:\Users\rdh\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File
CHR Profile: C:\Users\rdh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\rdh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-16]
CHR Extension: (Google Search) - C:\Users\rdh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rdh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-06]
CHR Extension: (Gmail) - C:\Users\rdh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [146600 2015-10-09] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [4048280 2015-10-09] (Avast Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-02-16] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-02-16] (Creative Labs) [File not signed]
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-09-01] (Red Bend Ltd.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-06-22] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5017600 2010-02-26] (Native Instruments GmbH) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-06-17] ()
R2 RVSMONBL; C:\Program Files (x86)\Returnil\RVS3\rvsmon.exe [1764648 2011-01-27] (CJSC Returnil Software)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [98576 2012-05-28] (SANDBOXIE L.T.D)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] () [File not signed]
R2 VRMService; C:\Program Files\Focusrite\VRM Box\VRMService.exe [194048 2011-02-04] () [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-09-01] (Intel® Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 TurboBoost; "C:\Program Files\Intel\TurboBoost\TurboBoost.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-10-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-09] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-03-18] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [49664 2010-11-19] (Fresco Logic)
R3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25752 2012-05-16] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-18] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-10-09] (AVAST Software)
S3 RDID1027; C:\Windows\System32\Drivers\rdwm1027.sys [81920 2009-09-18] (Roland Corporation)
R1 rvsmon; C:\Windows\System32\DRIVERS\rvsmon.sys [165664 2010-12-15] (CJSC Returnil Software)
R2 rvsmonf; C:\Windows\System32\DRIVERS\rvsmonf.sys [1436136 2010-12-15] (CJSC Returnil Software)
R2 rvsmonn; C:\Windows\System32\DRIVERS\rvsmonn2.sys [21920 2010-12-15] (CJSC Returnil Software)
R0 RVSystem; C:\Windows\System32\Drivers\RVSystem.sys [61584 2011-03-18] (CJSC Returnil Software)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [166576 2012-05-28] (SANDBOXIE L.T.D)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 Tileproxy; C:\Windows\System32\DRIVERS\tileproxy.sys [33792 2008-02-18] (Windows ® Codename Longhorn DDK provider) [File not signed]
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [274336 2015-10-09] (Avast Software)
S3 vrm; C:\Windows\System32\DRIVERS\vrm.sys [238080 2011-02-04] (Focusrite Audio Engineering Ltd.)
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-18 17:12 - 2015-10-18 17:12 - 00029893 _____ C:\Users\rdh\Desktop\FRST.txt
2015-10-18 17:06 - 2015-10-18 17:12 - 00000000 ____D C:\FRST
2015-10-18 16:58 - 2015-10-18 16:58 - 00003803 _____ C:\Users\rdh\Desktop\New Text Document.txt
2015-10-18 16:55 - 2015-10-18 16:57 - 00000000 ____D C:\Users\rdh\Desktop\stuff bleepingcomputer told me to download1
2015-10-18 16:55 - 2015-10-18 14:53 - 02196992 _____ (Farbar) C:\Users\rdh\Desktop\FRST64.exe
2015-10-18 10:22 - 2015-10-18 12:27 - 00003844 _____ C:\Users\rdh\Desktop\bleepingcomputer information.txt
2015-10-17 22:59 - 2015-10-17 22:59 - 00001859 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-10-17 22:59 - 2015-10-17 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-10-17 22:59 - 2015-10-17 22:59 - 00000000 ____D C:\Program Files\HitmanPro
2015-10-17 22:57 - 2015-10-17 23:15 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-17 22:54 - 2015-10-17 22:54 - 11336600 _____ (SurfRight B.V.) C:\Users\rdh\Desktop\HitmanPro_x64.exe
2015-10-17 19:50 - 2015-10-18 11:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-17 19:50 - 2015-10-17 22:20 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-17 19:50 - 2015-10-17 19:50 - 00001068 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-17 19:50 - 2015-10-17 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-17 19:50 - 2015-10-17 19:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-17 19:50 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-17 19:50 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-17 18:14 - 2015-10-17 23:19 - 00000000 ____D C:\Users\rdh\Desktop\m
2015-10-17 17:18 - 2015-10-17 17:41 - 00000093 _____ C:\Users\rdh\AppData\Roaming\mbam.context.scan
2015-10-17 17:12 - 2015-10-17 17:12 - 00003262 _____ C:\Windows\System32\Tasks\{ADACD8E3-4BA9-483A-9867-4613BFB94D5F}
2015-10-17 17:12 - 2015-10-17 17:12 - 00000000 ____D C:\Users\rdh\AppData\Roaming\ihwewn
2015-10-17 17:12 - 2015-10-17 17:12 - 00000000 ____D C:\Users\rdh\AppData\Roaming\bugfxa
2015-10-17 15:53 - 2015-10-17 16:00 - 00000000 ____D C:\Users\rdh\Desktop\fsx misc stuff
2015-10-16 09:30 - 2015-10-16 09:30 - 00001876 _____ C:\Users\rdh\Desktop\FSX Boeing 747-400 Upgraded Virtual Cockpit - Shortcut.lnk
2015-10-15 14:31 - 2015-10-15 14:02 - 00002048 _____ C:\Windows\lvld67.lic
2015-10-15 13:58 - 2015-10-15 14:02 - 00000000 ____D C:\Flight One Software
2015-10-15 12:17 - 2015-10-15 12:17 - 00000212 _____ C:\Users\rdh\Desktop\fs freeware-start on page 15.url
2015-10-13 19:58 - 2015-10-13 19:58 - 00000000 ____D C:\A2A
2015-10-13 16:26 - 2015-10-17 23:29 - 00000000 ____D C:\Users\rdh\Desktop\agent fsx stuff
2015-10-13 15:52 - 2015-10-13 15:52 - 00000228 _____ C:\Users\rdh\Desktop\Welcome to Giganews - Giganews.url
2015-10-12 16:42 - 2015-10-14 12:04 - 00000000 ____D C:\Users\rdh\AppData\Roaming\Orbx systems
2015-10-12 16:20 - 2015-10-12 16:28 - 00000000 ____D C:\Users\rdh\AppData\Local\Orbx
2015-10-12 16:20 - 2015-10-12 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbx
2015-10-11 20:01 - 2015-10-11 20:01 - 00000000 ____D C:\Users\rdh\AppData\Roaming\FFSJ
2015-10-10 12:53 - 2015-10-10 12:53 - 00000000 ____D C:\Users\rdh\AppData\Roaming\Sun
2015-10-10 12:53 - 2015-10-10 12:53 - 00000000 ____D C:\Users\rdh\.oracle_jre_usage
2015-10-10 12:51 - 2015-10-10 12:51 - 00000000 ____D C:\Users\rdh\AppData\LocalLow\Oracle
2015-10-09 16:22 - 2015-10-09 16:22 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-10-09 16:22 - 2015-10-09 16:22 - 00000000 ____D C:\Windows\system32\vbox
2015-10-09 12:02 - 2015-10-09 12:02 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-10-09 12:02 - 2015-10-09 12:02 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-10-09 12:02 - 2015-10-09 12:01 - 00132656 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-10-08 17:23 - 2015-10-08 17:23 - 00001753 _____ C:\Users\rdh\Desktop\Google Earth.lnk
2015-10-07 18:37 - 2015-10-07 18:37 - 00003198 _____ C:\Windows\System32\Tasks\{381AD4EF-9DC9-4FEE-9DB8-2ACA8C2AC9D0}
2015-10-07 17:32 - 2015-10-07 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Flight
2015-10-07 14:38 - 2015-10-14 13:00 - 00000000 ____D C:\Users\rdh\Desktop\New folder (2)
2015-10-06 13:00 - 2015-10-06 16:07 - 00000000 ____D C:\blueskyscenery
2015-10-05 18:53 - 2015-10-05 18:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-10-05 14:14 - 2015-10-05 14:14 - 00001199 _____ C:\Users\rdh\Desktop\--use this folder to change sky themes.lnk
2015-10-04 21:08 - 2015-10-05 14:14 - 00000000 ____D C:\fsx-change rex sky themes
2015-10-02 21:46 - 2015-10-02 21:46 - 00003284 _____ C:\Windows\System32\Tasks\{647A013D-E086-4FEC-91B2-CD3ADDA6DB2F}
2015-10-01 10:10 - 2015-10-13 21:46 - 00000000 ____D C:\ProgramData\InstallMate
2015-10-01 10:10 - 2015-10-13 21:45 - 00000000 ____D C:\Users\rdh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons
2015-09-28 10:58 - 2015-09-28 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Figerty Systems Inc
2015-09-28 10:58 - 2015-09-28 10:58 - 00000000 ____D C:\Program Files (x86)\Figerty Systems Inc
2015-09-26 09:19 - 2015-10-17 16:04 - 00000000 ____D C:\Users\rdh\Desktop\----fsx addons to install-needs backed up
2015-09-25 22:15 - 2015-09-25 22:15 - 00002946 _____ C:\Users\UpdatusUser\Desktop\Grand Canyon & KGCN V2 Manual.lnk
2015-09-25 22:15 - 2015-09-25 22:15 - 00000000 ____D C:\Users\rdh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OZx
2015-09-25 22:15 - 2015-09-25 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OZx
2015-09-25 19:09 - 2015-09-25 19:52 - 00000000 ____D C:\FS Water Configurator for dx10
2015-09-25 04:48 - 2015-09-25 04:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FS Water Configurator
2015-09-25 04:48 - 2015-09-25 04:48 - 00000000 ____D C:\Program Files\FS Water Configurator
2015-09-25 04:32 - 2015-09-25 04:32 - 00000000 ____D C:\FSWC_315
2015-09-23 10:29 - 2015-09-23 10:30 - 00000000 ____D C:\Users\rdh\AppData\LocalLow\IObit
2015-09-23 10:29 - 2015-09-23 10:29 - 00003176 _____ C:\Windows\System32\Tasks\SmartDefrag4_Startup
2015-09-23 10:29 - 2015-09-23 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
2015-09-23 10:29 - 2015-09-23 10:29 - 00000000 ____D C:\Program Files (x86)\IObit
2015-09-23 10:29 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\Windows\SysWOW64\IObitSmartDefragExtension.dll
2015-09-23 10:29 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2015-09-23 10:29 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2015-09-23 10:29 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2015-09-23 10:28 - 2015-09-23 10:28 - 00000000 ____D C:\Users\rdh\AppData\Roaming\IObit
2015-09-22 11:58 - 2015-05-27 18:47 - 00001624 _____ C:\Users\rdh\Desktop\rex-weather for flight simulator x.lnk
2015-09-21 21:41 - 2015-09-21 21:41 - 00001809 _____ C:\Users\rdh\Desktop\fsx.exe - Shortcut.lnk
2015-09-19 15:41 - 2015-09-19 15:41 - 00929872 _____ (Google Inc.) C:\Users\rdh\Downloads\ChromeSetup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-18 17:06 - 2009-07-13 21:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-18 17:06 - 2009-07-13 21:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-18 16:42 - 2011-03-18 18:52 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-18 16:33 - 2014-03-15 19:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-18 13:42 - 2011-03-18 18:52 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-18 13:18 - 2013-06-01 12:51 - 01933478 _____ C:\Windows\WindowsUpdate.log
2015-10-18 10:02 - 2013-06-01 12:46 - 00049308 _____ C:\Windows\setupact.log
2015-10-18 00:11 - 2011-03-19 17:04 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{62E883D7-1F90-4976-80B7-9F4E5814450A}
2015-10-17 22:29 - 2011-02-16 18:41 - 00000050 _____ C:\Windows\system32\SupplicantTest.log
2015-10-17 22:29 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-17 22:28 - 2011-02-16 18:33 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-17 20:33 - 2013-06-01 12:58 - 00616636 _____ C:\Windows\PFRO.log
2015-10-17 20:24 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\schemas
2015-10-17 20:23 - 2015-02-23 19:46 - 00000000 ____D C:\ProgramData\APN
2015-10-17 20:23 - 2014-04-29 13:04 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
2015-10-17 20:23 - 2013-09-23 09:27 - 00000000 ____D C:\ProgramData\BitGuard
2015-10-17 20:23 - 2013-05-27 10:56 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2015-10-17 20:23 - 2013-05-27 10:56 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2015-10-17 20:23 - 2011-09-25 19:49 - 00000000 ____D C:\ProgramData\YouTube Downloader
2015-10-17 19:50 - 2011-03-18 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-17 17:34 - 2013-09-23 09:29 - 00018608 _____ C:\Users\rdh\AppData\LocalLow\SkwConfig.bin
2015-10-17 17:33 - 2009-07-13 21:45 - 00319928 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-17 17:11 - 2011-03-18 18:06 - 00000000 ____D C:\Users\rdh\AppData\Local\VirtualStore
2015-10-17 17:09 - 2011-03-20 10:20 - 00000000 ____D C:\Users\rdh\AppData\Local\QuickPar
2015-10-17 16:54 - 2011-03-18 18:07 - 00076280 _____ C:\Users\rdh\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-17 14:01 - 2012-06-20 18:05 - 00000000 ____D C:\Users\rdh\Documents\Flight Simulator X Files
2015-10-17 12:35 - 2011-04-07 19:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2015-10-17 09:33 - 2014-03-15 19:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-17 09:33 - 2012-04-28 14:38 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-17 09:33 - 2012-04-28 14:38 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-17 02:42 - 2012-05-22 01:15 - 00000206 _____ C:\Program Files (x86)\hwmonitorw.ini
2015-10-15 23:15 - 2011-04-23 19:12 - 00008504 _____ C:\Windows\SysWOW64\Dutch Windmills.log
2015-10-15 22:43 - 2011-05-09 12:51 - 00000000 ____D C:\Users\rdh\AppData\Local\Windows Live
2015-10-15 14:51 - 2012-06-26 17:13 - 00000000 ____D C:\Users\rdh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flight One Software
2015-10-15 14:35 - 2012-06-25 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flight One Software
2015-10-15 14:33 - 2011-09-30 16:21 - 00737280 _____ (Indigo Rose Corporation) C:\Windows\iun6002.exe
2015-10-14 08:29 - 2009-07-13 22:13 - 00812064 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-13 19:25 - 2014-11-05 16:44 - 00000000 ____D C:\Users\rdh\Desktop\New folder
2015-10-12 16:28 - 2012-06-30 11:01 - 00000000 ____D C:\Users\rdh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orbx
2015-10-11 19:06 - 2011-03-24 18:43 - 00000000 ____D C:\other libraries
2015-10-11 17:41 - 2011-06-18 13:53 - 00000000 ____D C:\kontakt file libraries
2015-10-10 12:55 - 2014-10-22 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-10 12:55 - 2014-01-19 19:19 - 00000000 ____D C:\ProgramData\Oracle
2015-10-10 12:55 - 2011-05-18 18:48 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-10 12:53 - 2011-03-18 18:06 - 00000000 ____D C:\Users\rdh
2015-10-10 12:52 - 2015-06-25 13:33 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-10-10 12:46 - 2012-11-18 21:29 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-10-10 12:42 - 2011-02-16 18:45 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2015-10-09 12:02 - 2014-04-19 11:45 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-10-09 12:02 - 2013-12-22 09:19 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-10-09 12:02 - 2013-05-25 20:18 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-10-09 12:02 - 2013-05-25 20:18 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-10-09 12:02 - 2012-03-20 22:26 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-10-09 12:02 - 2011-03-18 19:08 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-10-09 12:02 - 2011-03-18 19:08 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-10-09 12:01 - 2011-03-18 19:14 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-10-06 13:37 - 2009-07-13 22:08 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-06 13:35 - 2012-10-21 16:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-06 10:14 - 2011-03-20 20:00 - 00000000 ____D C:\kontakt libraries
2015-10-05 16:52 - 2013-03-02 16:54 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-05 15:19 - 2011-05-09 13:43 - 00000000 ____D C:\Users\rdh\AppData\Local\Thunderbird
2015-10-02 21:50 - 2011-10-24 00:21 - 00000000 ____D C:\Program Files (x86)\SEGA
2015-10-02 21:49 - 2011-02-16 18:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-02 21:47 - 2011-10-24 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
2015-09-28 11:04 - 2011-03-18 19:24 - 00001694 _____ C:\Windows\Sandboxie.ini
2015-09-27 10:30 - 2013-03-02 17:16 - 00000000 ____D C:\Users\rdh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-09-26 00:57 - 2011-03-30 19:33 - 00000000 ____D C:\Users\rdh\AppData\Roaming\SoftGrid Client
2015-09-24 09:36 - 2012-06-25 10:03 - 00000000 ____D C:\Program Files (x86)\Real Environment Xtreme Essential
2015-09-23 10:29 - 2012-10-02 16:51 - 00000000 ____D C:\ProgramData\IObit
2015-09-21 22:23 - 2011-09-12 23:49 - 00000000 ____D C:\Users\rdh\Documents\Universe Sandbox
2015-09-19 14:47 - 2011-03-18 18:52 - 00000000 ____D C:\Users\rdh\AppData\Local\Google

==================== Files in the root of some directories =======

2013-05-29 02:09 - 2012-11-25 08:47 - 0787262 _____ () C:\Program Files (x86)\best service engine 2.pdf
2011-05-02 22:06 - 2010-11-29 14:13 - 1750504 _____ (CPUID) C:\Program Files (x86)\HWMonitor.exe
2012-05-22 01:15 - 2015-10-17 02:42 - 0000206 _____ () C:\Program Files (x86)\hwmonitorw.ini
2012-06-26 17:13 - 2012-06-26 17:25 - 0000030 _____ () C:\Program Files (x86)\settings.cfg
2004-10-18 09:15 - 2004-10-18 09:15 - 6800087 _____ (SEGA) C:\Program Files (x86)\Tsonic_win.exe-original file
2012-06-26 17:02 - 2012-06-26 17:25 - 0379282 _____ () C:\Program Files (x86)\UnGEXUSACAN.exe
2011-11-04 23:04 - 2012-05-09 01:09 - 0000412 _____ () C:\Users\rdh\AppData\Roaming\All CPU Meter_Settings.ini
2011-08-08 17:10 - 2011-08-08 17:10 - 0000120 _____ () C:\Users\rdh\AppData\Roaming\e791ffb2.dat
2015-10-17 17:18 - 2015-10-17 17:41 - 0000093 _____ () C:\Users\rdh\AppData\Roaming\mbam.context.scan
2011-06-23 14:33 - 2015-05-23 07:47 - 0005632 _____ () C:\Users\rdh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-12 02:52 - 2011-10-12 02:52 - 0000091 _____ () C:\Users\rdh\AppData\Local\fusioncache.dat
2011-04-04 20:30 - 2015-03-01 10:32 - 0007597 _____ () C:\Users\rdh\AppData\Local\Resmon.ResmonCfg
2011-02-16 18:02 - 2011-02-16 18:03 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-02-16 18:02 - 2011-02-16 18:02 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\rdh\AppData\Local\Temp\1afqqdpy.dll
C:\Users\rdh\AppData\Local\Temp\1hxxmjds.dll
C:\Users\rdh\AppData\Local\Temp\2szxzyws.dll
C:\Users\rdh\AppData\Local\Temp\cuvtssm1.dll
C:\Users\rdh\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\rdh\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\rdh\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\rdh\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\rdh\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\rdh\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\rdh\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\rdh\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\rdh\AppData\Local\Temp\nvStInst.exe
C:\Users\rdh\AppData\Local\Temp\rdiedoku.dll
C:\Users\rdh\AppData\Local\Temp\uninst_.exe
C:\Users\rdh\AppData\Local\Temp\{57B6D57D-D378-40EF-A2F1-0A8A01099571}-42.0.2311.152_42.0.2311.135_chrome_updater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-11 00:55

==================== End of FRST.txt ============================

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:29 PM

Posted 19 October 2015 - 02:41 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif

Please upload the following files to my channel.

Under "Browse to the file you want to submit:" copy & paste the paths into the filename search:

C:\Users\rdh\AppData\Roaming\ihwewn\\suujnu.exe
C:\Users\rdh\AppData\Roaming\bugfxa\wcgfvx.exe

Thank you!


Edited by deeprybka, 19 October 2015 - 02:42 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:29 PM

Posted 24 October 2015 - 10:59 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users