Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with malware, browser constantly crashing


  • This topic is locked This topic is locked
24 replies to this topic

#1 dunzoes

dunzoes

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 02 November 2015 - 05:58 PM

I ran Super Antispyware already and removed what it found but I'm still having the same problem. My browser constantly crashes regardless of which one I use and I'm unable to launch certain .exe files namely Kapersky Virus Removal Tool. I've attached the FRST log and Addition log and was wondering where to go from here.

 

edit: also cant install rkill, malwarebytes, or tdskiller. trying emisoft now edit: didn't work either they all ask to run but the setup never shows up

Attached Files


Edited by dunzoes, 02 November 2015 - 06:27 PM.


BC AdBot (Login to Remove)

 


#2 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:05:01 AM

Posted 02 November 2015 - 06:20 PM

Hi dunzoes,

Welcome to BleepingComputer. My name is dbrisendine and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at BleepingComputer are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


    - Save ALL Tools to your Desktop-
     

    All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.
    IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
     

Let's get started....
 

 

 

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpslenkmnr9.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Also, please tell me how your system is running now.
 

Attached Files


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#3 dunzoes

dunzoes
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 02 November 2015 - 06:48 PM

ok heres the fix log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by jono (2015-11-02 15:38:00) Run:2
Running from C:\Users\jono\Desktop
Loaded Profiles: jono (Available Profiles: jono)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [cUJkgdpB3E35] => regsvr32.exe /s "C:\PROGRA~3\cUJkgdpB3E35.dll"
C:\PROGRA~3\cUJkgdpB3E35.dll
HKU\S-1-5-21-3161928891-4213188026-640730353-1001\...\Run: [{FBFF0782-9301-4ED0-899F-19CEFCFF97FC}] => regsvr32.exe "C:\Users\jono\AppData\Local\Oixav\Samusq.dll"
C:\Users\jono\AppData\Local\Oixav
HKU\S-1-5-21-3161928891-4213188026-640730353-1001\...\MountPoints2: {5881da66-47b3-11e1-8bdd-485b3994c306} - F:\setup.exe -a
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHdg4IUw0VFxhFdg1aTA1EGFEOIgANVRRGFwAUcF0OAwpIFFYFIk0FA1ADB0VXfVBdFElXTwhxJUpNDU0CaUBB
HKU\S-1-5-21-3161928891-4213188026-640730353-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHdg4IUw0VFxhFdg1aTA1EGFEOIgANVRRGFwAUcF0OAwpIFFYFIk0FA1ADB0VXfVBdFElXTwhxJUpNDU0CaUBB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV0OVglDFVEVbV8OVVtcFQAaJBRaWAxFDAIVdQ4IBQ8TEgwWIx9aFQQTSEcFME0FCFwEURNNfWtdEkwdVUZrNVs=&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV0OVglDFVEVbV8OVVtcFQAaJBRaWAxFDAIVdQ4IBQ8TEgwWIx9aFQQTSEcFME0FCFwEURNNfWtdEkwdVUZrNVs=&q={searchTerms}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKU\S-1-5-21-3161928891-4213188026-640730353-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV0OVglDFVEVbV8OVVtcFQAaJBRaWAxFDAIVdQ4IBQ8TEgwWIx9aFQQTSEcFME0FCFwEURNNfWtdEkwdVUZrNVs=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3161928891-4213188026-640730353-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV0OVglDFVEVbV8OVVtcFQAaJBRaWAxFDAIVdQ4IBQ8TEgwWIx9aFQQTSEcFME0FCFwEURNNfWtdEkwdVUZrNVs=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3161928891-4213188026-640730353-1001 -> {2BB3EA75-270D-4698-8EBF-FA4D52B33478} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-dd__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3161928891-4213188026-640730353-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
BHO-x32: Sonic Train -> {0c3ddfb7-4cdb-495b-b3e9-d59725b43dfc} -> C:\Program Files (x86)\Sonic Train\Extensions\0c3ddfb7-4cdb-495b-b3e9-d59725b43dfc.dll => No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-3161928891-4213188026-640730353-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3161928891-4213188026-640730353-1001 -> No Name - {00000000-0000-0000-0000-000000000000} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-12-16] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-12-16] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-12-16] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-12-16] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
C:\Program Files (x86)\Pando Networks
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHdg4IUw0VFxhFdg1aTA1EGFEOIgANVRRGFwAUcF0OAwpIFFYFIk0FA1oDB0VXfV5bFElXTwhxJUpNDU0CaUBB"
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHdg4IUw0VFxhFdg1aTA1EGFEOIgANVRRGFwAUcF0OAwpIFFYFIk0FA1oDB0VXfV5bFElXTwhxJUpNDU0CaUBB"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll => No File
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll => No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\jono\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\jono\AppData\Local\Temp\ccex.crx <not found>
C:\Users\jono\AppData\Local\Temp\ccex.crx
S3 BS783589476; \??\C:\Users\jono\AppData\Local\Temp\NTFS.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
2015-11-02 13:53 - 2015-11-02 13:53 - 14680064 _____ C:\Users\jono\Downloads\Unconfirmed 762216.crdownload
2015-11-02 13:54 - 2015-11-02 13:54 - 18862392 _____ C:\Users\jono\Downloads\Unconfirmed 466116.crdownload
2015-11-02 13:32 - 2015-11-02 14:14 - 00000000 ____D C:\Windows\pss
2015-11-02 12:25 - 2015-11-02 12:26 - 24116952 _____ (Safer-Networking Ltd. ) C:\Users\jono\Downloads\Unconfirmed 624345.crdownload
2015-11-02 12:10 - 2015-11-02 12:10 - 00001877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2015-11-02 12:10 - 2015-11-02 12:10 - 00001865 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2015-11-02 12:10 - 2015-11-02 12:10 - 00000886 _____ C:\Users\jono\Downloads\exe_fix_w7 (1).zip
2015-11-02 12:10 - 2015-11-02 12:10 - 00000000 ____D C:\Users\jono\AppData\Roaming\OpenCandy
2015-11-02 12:10 - 2015-11-02 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2015-11-02 12:10 - 2015-11-02 12:10 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2015-11-02 12:09 - 2015-11-02 12:09 - 00000886 _____ C:\Users\jono\Downloads\exe_fix_w7.zip
2015-11-02 12:08 - 2015-11-02 12:08 - 03469871 _____ (LIGHTNING UK!) C:\Users\jono\Downloads\SetupImgBurn_2580.exe
2015-11-02 12:07 - 2015-11-02 12:12 - 167741204 _____ C:\Users\jono\Downloads\kav_rescue_10.iso.crdownload
2015-11-02 11:58 - 2015-11-02 11:58 - 22908888 _____ (Malwarebytes ) C:\Users\jono\Downloads\Unconfirmed 692478.crdownload
2015-11-02 09:04 - 2015-11-02 09:04 - 00004096 _____ C:\ProgramData\cUJkgdpB3E35.dll
2015-11-02 09:02 - 2015-11-02 09:02 - 00004096 _____ C:\ProgramData\MKL8ZayS3E35.dll
2015-11-01 17:30 - 2015-11-01 17:30 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\xerkty.exe
2015-11-01 17:20 - 2015-11-01 17:20 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\vwhazif.exe
2015-11-01 17:09 - 2015-11-01 17:09 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\ipqlcnir.exe
2015-11-01 17:08 - 2015-11-01 17:08 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\onwvohkx.exe
2015-11-01 17:04 - 2015-11-01 17:04 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\qraturg.exe
2015-11-01 16:53 - 2015-11-01 16:53 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\jsfyvc.exe
2015-11-01 16:50 - 2015-11-01 16:50 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\zchkvm.exe
2015-11-01 16:02 - 2015-11-01 16:02 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\dghqrwp.exe
2015-11-01 15:56 - 2015-11-01 15:56 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\yjerwxyl.exe
2015-11-01 15:54 - 2015-11-01 15:54 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\kvgxaj.exe
2015-11-01 15:50 - 2015-11-01 15:50 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\ryrcpcv.exe
2015-11-01 15:49 - 2015-11-01 15:49 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\mhupwrsz.exe
2015-11-01 15:41 - 2015-11-01 15:41 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\dufozun.exe
2015-11-01 15:40 - 2015-11-01 15:40 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\wzsliv.exe
2015-11-01 15:30 - 2015-11-01 15:30 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\pmxwvk.exe
2015-11-01 15:28 - 2015-11-01 15:28 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\jmjslqja.exe
2015-11-01 15:20 - 2015-11-01 15:20 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\uzgpuv.exe
2015-11-01 15:18 - 2015-11-01 15:18 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\ihilgt.exe
2015-11-01 15:08 - 2015-11-01 15:08 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\niduzedu.exe
2015-11-01 15:05 - 2015-11-01 15:05 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\pqvutmje.exe
2015-11-01 15:03 - 2015-11-01 15:03 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\wjynkjat.exe
2015-11-01 14:52 - 2015-11-01 14:52 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\udklink.exe
2015-11-01 14:49 - 2015-11-02 10:58 - 03373292 _____ C:\Windows\system32\CFG783589476
2015-11-01 14:42 - 2015-11-01 14:42 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\pcholave.exe
2015-11-01 14:37 - 2015-11-01 14:37 - 00450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\tadwdyv.exe
2015-11-01 14:36 - 2015-11-01 15:04 - 00000000 ____D C:\Users\jono\AppData\Local\Oixav
2015-11-01 14:36 - 2015-11-01 14:37 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-11-01 14:36 - 2015-11-01 14:36 - 00000000 ____D C:\Users\jono\Downloads\NBA.2K16.Michael.Jordan.Preload.Edition-ALI213
2015-11-02 14:31 - 2011-12-23 22:03 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2009-07-13 15:19 - 2009-07-13 17:14 - 0577536 _____ () C:\Users\jono\AppData\Roaming\BackUp783589476.exe
2015-11-01 16:02 - 2015-11-01 16:02 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\dghqrwp.exe
2015-11-01 15:41 - 2015-11-01 15:41 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\dufozun.exe
2015-11-01 15:18 - 2015-11-01 15:18 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\ihilgt.exe
2015-11-01 17:09 - 2015-11-01 17:09 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\ipqlcnir.exe
2015-11-01 15:28 - 2015-11-01 15:28 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\jmjslqja.exe
2015-11-01 16:53 - 2015-11-01 16:53 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\jsfyvc.exe
2015-11-01 15:54 - 2015-11-01 15:54 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\kvgxaj.exe
2015-11-01 15:49 - 2015-11-01 15:49 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\mhupwrsz.exe
2015-11-01 15:08 - 2015-11-01 15:08 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\niduzedu.exe
2015-11-01 17:08 - 2015-11-01 17:08 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\onwvohkx.exe
2015-11-01 14:42 - 2015-11-01 14:42 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\pcholave.exe
2015-11-01 15:30 - 2015-11-01 15:30 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\pmxwvk.exe
2015-11-01 15:05 - 2015-11-01 15:05 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\pqvutmje.exe
2015-11-01 17:04 - 2015-11-01 17:04 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\qraturg.exe
2015-11-01 15:50 - 2015-11-01 15:50 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\ryrcpcv.exe
2015-11-01 14:37 - 2015-11-01 14:37 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\tadwdyv.exe
2015-11-01 14:52 - 2015-11-01 14:52 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\udklink.exe
2015-11-01 15:20 - 2015-11-01 15:20 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\uzgpuv.exe
2015-11-01 17:20 - 2015-11-01 17:20 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\vwhazif.exe
2015-11-01 15:03 - 2015-11-01 15:03 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\wjynkjat.exe
2015-11-01 15:40 - 2015-11-01 15:40 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\wzsliv.exe
2015-11-01 17:30 - 2015-11-01 17:30 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\xerkty.exe
2015-11-01 15:56 - 2015-11-01 15:56 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\yjerwxyl.exe
2015-11-01 16:50 - 2015-11-01 16:50 - 0450560 _____ (Microsoft Corporation) C:\Users\jono\AppData\Roaming\zchkvm.exe
2015-02-06 16:20 - 2015-02-06 16:20 - 0007597 _____ () C:\Users\jono\AppData\Local\Resmon.ResmonCfg
2015-11-02 10:33 - 2015-11-02 10:33 - 0005120 _____ () C:\ProgramData\1F3670CC.EX
2015-11-02 09:04 - 2015-11-02 09:04 - 0004096 _____ () C:\ProgramData\cUJkgdpB3E35.dll
2015-11-02 09:02 - 2015-11-02 09:02 - 0004096 _____ () C:\ProgramData\MKL8ZayS3E35.dll
2015-11-02 10:33 - 2015-11-02 10:33 - 0004096 _____ () C:\ProgramData\perfhost.dll
C:\ProgramData\cUJkgdpB3E35.dll
C:\ProgramData\MKL8ZayS3E35.dll
C:\ProgramData\perfhost.dll


#4 dunzoes

dunzoes
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 02 November 2015 - 06:49 PM

Seems to be running okay in regards to the browser so far but I'm still unable to launch the .exe's I mentioned in my first post.



#5 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:05:01 AM

Posted 03 November 2015 - 03:41 AM

Can you attach the Fixlog.txt file?  The post you made seems to be missing part of the log.  Also, did you have to run the fix more than once?


Edited by dbrisendine, 03 November 2015 - 03:43 AM.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#6 dunzoes

dunzoes
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 03 November 2015 - 12:52 PM

heres the fixlog and yeah i ran it twice because the first time i couldnt find where it saved the fixlog so i moved everything to the desktop and ran it again

Attached Files


Edited by dunzoes, 03 November 2015 - 12:53 PM.


#7 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:05:01 AM

Posted 03 November 2015 - 10:21 PM

Cool!  How is your system running now?


FIRST

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwCleaner_v5016_zpsf8ln0fea.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
     

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.



 

SECOND

Malwarebytes' Anti-Malware

Please download the latest version of Malwarebytes' Anti-Malware from Here.

Double Click on the mbam-setup.exe file to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
Main%20Screen_zpsnnwza0ky.png

Once the program has loaded and updated, select "Scan Now >>" to start the scan.
Main%20Screen_zpsnnwza0ky.png

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.
mbam21-removeselected_zpsg83p7wis.jpg

If any malware is found, make sure that everything is checked, and click Remove Selected.
When the scan is complete, click View detailed log >> to view the results.
The report screen will open.
At the bottom click on Export and select as txt file, save the file to your desktop and click OK.  When the export is complete, select OPEN.
The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#8 dunzoes

dunzoes
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 04 November 2015 - 01:10 PM

heres the adw log: 

 

# AdwCleaner v5.017 - Logfile created 04/11/2015 at 09:56:55
# Updated 03/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 7 Home Premium  (x64)
# Username : jono - JONO-PC
# Running from : C:\Users\jono\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Conduit
[-] Folder Deleted : C:\Users\jono\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\jono\AppData\LocalLow\Conduit
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\jono\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\jono\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
[-] Key Deleted : HKCU\Software\Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{920D90DA-DF4C-4891-B1E4-6EBC87CB924D}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Freeze.com
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1542 bytes] ##########
 
 
 
 
I'm not able to get to the website for malwarebytes even i get ERR_CONTENT_DECODING FAILED  it almost loaded the first time but then went to that


#9 dunzoes

dunzoes
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 04 November 2015 - 01:20 PM

I need a mirror or something for malewarebytes

 

edit: it seems wrose now browser crashing occasionally again


Edited by dunzoes, 04 November 2015 - 01:58 PM.


#10 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:05:01 AM

Posted 04 November 2015 - 07:14 PM

Let us see if you can use this instead of MalwareBytes ....
 

Go to Emsisoft and download the Emsisoft Free Emergency Kit from here.

  1. Double click on the EmsisoftEmergencyKit.exe file and then click on Extract to unpack the files (the default directory of C:\EEK is fine).
  2. Go to the new directory and right click on Start Emergency Kit Scanner.exe and choose 'Run as Administrator'.
  3. Once the scanner loads, allow it check for updates.
  4. When the updates are finished, click the BACK button to return to the main menu.
  5. Click on the SMART SCAN to start scanning your system.  Please enable the PUA/PUP/PMA detection option.
  6. If the scan finds anything, it will open a scan finding window.  Please click on View Report; copy this report and paste it here in reply post.
  7. Please close the Emergency Kit Scanner program now.
     

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#11 dunzoes

dunzoes
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 04 November 2015 - 08:49 PM

It installed but now when i try to run as admin nothing happens



#12 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:05:01 AM

Posted 05 November 2015 - 12:58 PM

We need to get a fresh scan from FRST.

  • If you still have the Addition.txt file on your desktop, please delete it now.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update.  Allow it do this please.  Otherwise, just wait for the "The tool is ready to use." message.
  • Please check the Addition.txt in the Option Scan section of FRST.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#13 dunzoes

dunzoes
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 05 November 2015 - 02:45 PM

edit: double post


Edited by dunzoes, 05 November 2015 - 02:51 PM.


#14 dunzoes

dunzoes
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 05 November 2015 - 02:47 PM

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
Ran by jono (administrator) on JONO-PC (05-11-2015 11:24:43)
Running from C:\Users\jono\Desktop
Loaded Profiles: jono (Available Profiles: jono)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
() C:\ProgramData\igfxCUIService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
() C:\Users\jono\jagexcache\jagexlauncher\bin\JagexLauncher.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxCUIService] => C:\ProgramData\igfxCUIService.exe [4096 2015-11-04] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKU\S-1-5-21-3161928891-4213188026-640730353-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-3161928891-4213188026-640730353-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-3161928891-4213188026-640730353-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3161928891-4213188026-640730353-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-10-23] (SUPERAntiSpyware)
HKU\S-1-5-21-3161928891-4213188026-640730353-1001\...\Run: [{FBFF0782-9301-4ED0-899F-19CEFCFF97FC}] => regsvr32.exe "C:\Users\jono\AppData\Local\Oixav\Samusq.dll"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-11-02]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7D59529B-390C-484F-96FB-10ACC46432AF}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3161928891-4213188026-640730353-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3161928891-4213188026-640730353-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3161928891-4213188026-640730353-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-03-11] [not signed]

Chrome:
=======
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\gcswf32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll => No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll => No File
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\jono\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll => No File
CHR Profile: C:\Users\jono\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\jono\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jono\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-02]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [367616 2014-05-19] (Razer Inc.) [File not signed]
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-07-17] (Popcorn Time) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-05 11:24 - 2015-11-05 11:24 - 00011060 _____ C:\Users\jono\Desktop\FRST.txt
2015-11-05 11:24 - 2015-11-05 11:24 - 00000000 ____D C:\Users\jono\Desktop\FRST-OlderVersion
2015-11-04 20:33 - 2015-11-04 20:33 - 00005632 _____ C:\ProgramData\taskhost.exe
2015-11-04 18:16 - 2015-11-05 01:42 - 00000044 _____ C:\Users\jono\jagex_cl_runescape_LIVE1.dat
2015-11-04 18:16 - 2015-11-04 18:16 - 00000000 ____D C:\Users\jono\jagexcache1
2015-11-04 17:48 - 2015-11-04 17:48 - 00000743 _____ C:\Users\jono\Desktop\Start Emsisoft Emergency Kit.lnk
2015-11-04 17:47 - 2015-11-04 17:47 - 00000000 ____D C:\EEK
2015-11-04 17:42 - 2015-11-04 17:47 - 169701240 _____ C:\Users\jono\Desktop\EmsisoftEmergencyKit.exe
2015-11-04 16:18 - 2015-11-04 16:18 - 00000000 ____D C:\Users\jono\.jagex_cache_32
2015-11-04 13:46 - 2015-11-05 11:15 - 00000023 _____ C:\Users\jono\jagexappletviewer.preferences
2015-11-04 13:46 - 2015-11-05 11:12 - 00000043 _____ C:\Users\jono\jagex_cl_runescape_LIVE.dat
2015-11-04 13:46 - 2015-11-05 08:12 - 00000024 _____ C:\Users\jono\random.dat
2015-11-04 13:46 - 2015-11-04 13:46 - 00000000 ____D C:\.jagex_cache_32
2015-11-04 13:27 - 2015-11-04 13:46 - 00000000 ____D C:\Users\jono\jagexcache
2015-11-04 13:27 - 2015-11-04 13:27 - 00002076 _____ C:\Users\jono\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2015-11-04 13:27 - 2015-11-04 13:27 - 00002046 _____ C:\Users\jono\Desktop\RuneScape.lnk
2015-11-04 13:27 - 2015-11-04 13:27 - 00000000 ____D C:\Users\jono\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2015-11-04 10:02 - 2015-11-04 10:02 - 00004096 _____ C:\ProgramData\igfxCUIService.exe
2015-11-04 10:01 - 2015-11-04 10:01 - 00004096 _____ C:\ProgramData\AddInProcess32.dll
2015-11-04 09:54 - 2015-11-04 09:56 - 00000000 ____D C:\AdwCleaner
2015-11-04 09:53 - 2015-11-04 09:53 - 01708032 _____ C:\Users\jono\Desktop\AdwCleaner.exe
2015-11-02 19:39 - 2015-11-02 19:39 - 00002299 _____ C:\Users\jono\Desktop\Chrome App Launcher.lnk
2015-11-02 19:39 - 2015-11-02 19:39 - 00000000 ____D C:\Users\jono\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-02 18:15 - 2015-11-05 11:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-02 18:15 - 2015-11-02 18:15 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-02 18:15 - 2015-11-02 18:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-02 18:11 - 2015-11-02 18:16 - 00001064 _____ C:\Windows\SecuniaPackage.log
2015-11-02 18:05 - 2015-11-02 18:05 - 00033080 _____ C:\Users\Public\Documents\SIGVERIF.TXT
2015-11-02 18:02 - 2015-11-02 18:02 - 00000000 ____D C:\Users\jono\AppData\Local\WindowsUpdate
2015-11-02 18:00 - 2015-11-02 18:00 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-11-02 18:00 - 2015-11-02 18:00 - 00000000 ____D C:\Users\jono\AppData\Local\Secunia PSI
2015-11-02 18:00 - 2015-11-02 18:00 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-11-02 17:59 - 2015-11-02 17:59 - 05490752 _____ (Secunia) C:\Users\jono\Desktop\PSISetup.exe
2015-11-02 17:54 - 2015-11-02 17:54 - 14243008 _____ (Microsoft Corporation) C:\Users\jono\Desktop\mseinstall.exe
2015-11-02 17:41 - 2015-11-02 17:41 - 00003286 _____ C:\Windows\System32\Tasks\{2A9CF08F-AC27-4444-B104-DDB0B17396B2}
2015-11-02 17:39 - 2015-11-02 17:39 - 22908888 _____ (Malwarebytes ) C:\Users\jono\Desktop\mbam-setup.exe
2015-11-02 17:21 - 2015-11-02 17:21 - 00012249 _____ C:\ComboFix.txt
2015-11-02 17:09 - 2015-11-02 17:09 - 00057560 _____ C:\Users\jono\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-02 17:07 - 2015-11-02 17:21 - 00000000 ____D C:\Qoobox
2015-11-02 17:07 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-02 17:07 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-02 17:07 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-02 17:07 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-02 17:07 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-02 17:07 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-02 17:07 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-02 17:07 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-02 17:06 - 2015-11-02 17:19 - 00000000 ____D C:\Windows\erdnt
2015-11-02 17:06 - 2015-11-02 17:06 - 05637361 ____R (Swearware) C:\Users\jono\Desktop\ComboFix.exe
2015-11-02 17:06 - 2015-11-02 17:06 - 01801288 _____ (Malwarebytes) C:\Users\jono\Desktop\JRT.exe
2015-11-02 16:04 - 2015-11-02 16:04 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\jono\Desktop\tdsskiller.exe
2015-11-02 16:03 - 2015-11-02 16:03 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\jono\Desktop\rkill.exe
2015-11-02 15:41 - 2015-11-05 11:09 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-11-02 15:39 - 2015-11-04 10:01 - 03550700 _____ C:\Windows\system32\CFG783589476
2015-11-02 15:38 - 2015-11-03 09:47 - 00000000 ____D C:\Users\jono\AppData\Local\Oixav
2015-11-02 15:36 - 2015-11-05 11:24 - 02198528 _____ (Farbar) C:\Users\jono\Desktop\FRST64.exe
2015-11-02 14:49 - 2015-11-05 11:24 - 00000000 ____D C:\FRST
2015-11-02 14:32 - 2015-11-05 11:09 - 00000551 _____ C:\Windows\setupact.log
2015-11-02 14:32 - 2015-11-02 14:32 - 00000000 _____ C:\Windows\setuperr.log
2015-11-02 14:31 - 2015-11-04 09:57 - 00003480 _____ C:\Windows\PFRO.log
2015-11-02 14:31 - 2015-11-02 14:32 - 04826928 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-02 13:59 - 2015-11-02 14:02 - 92804760 _____ (Kaspersky Lab ZAO) C:\Users\jono\Desktop\KVRT.exe
2015-11-02 13:56 - 2015-11-02 13:56 - 00000000 ____D C:\SUPERDelete
2015-11-02 13:44 - 2015-11-02 13:44 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6bc8ce5b-dfc9-4587-9007-84b631317831.job
2015-11-02 13:44 - 2015-11-02 13:44 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1d23c139-9d18-445c-b77b-00c718efa0da.job
2015-11-02 13:44 - 2015-11-02 13:44 - 00000000 ____D C:\Users\jono\AppData\Roaming\SUPERAntiSpyware.com
2015-11-02 13:43 - 2015-11-02 13:44 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-11-02 13:43 - 2015-11-02 13:43 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-11-02 13:43 - 2015-11-02 13:43 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-11-02 13:43 - 2015-11-02 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-11-02 12:34 - 2015-11-02 12:34 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-02 12:28 - 2015-11-02 12:28 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-11-02 12:27 - 2015-11-02 14:31 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-11-02 12:27 - 2015-11-02 14:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-02 11:04 - 2015-11-02 11:04 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-11-02 11:04 - 2015-11-02 11:04 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-02 11:04 - 2015-11-02 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-02 11:04 - 2015-11-02 11:04 - 00000000 ____D C:\Program Files\CCleaner
2015-11-01 10:07 - 2015-11-01 14:00 - 00000000 ____D C:\Users\jono\AppData\Roaming\vlc
2015-11-01 10:07 - 2015-11-01 10:07 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-11-01 10:07 - 2015-11-01 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-11-01 10:07 - 2015-11-01 10:07 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-10-19 14:08 - 2015-11-02 14:30 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2015-10-07 12:56 - 2015-11-02 11:05 - 00000000 ____D C:\Users\jono\AppData\Roaming\TS3Client
2015-10-07 12:50 - 2015-10-07 12:50 - 00000967 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-10-07 12:50 - 2015-10-07 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-10-07 12:50 - 2015-10-07 12:50 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-05 11:12 - 2015-08-14 18:49 - 00000000 ____D C:\Users\jono\AppData\Roaming\Skype
2015-11-05 11:12 - 2011-12-23 21:53 - 01921998 _____ C:\Windows\WindowsUpdate.log
2015-11-05 11:09 - 2011-12-23 22:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-05 11:09 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-05 11:09 - 2009-07-13 20:45 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-05 11:09 - 2009-07-13 20:45 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-05 08:29 - 2011-12-23 22:14 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-05 08:14 - 2014-09-22 21:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-11-05 08:14 - 2012-01-15 19:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-11-05 03:04 - 2014-09-22 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-11-04 18:16 - 2011-12-23 22:01 - 00000000 ____D C:\Users\jono
2015-11-04 10:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-04 09:58 - 2009-07-13 21:08 - 00032600 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-04 09:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-11-02 20:17 - 2012-01-02 13:09 - 00000000 ____D C:\Users\jono\AppData\Local\Facebook
2015-11-02 18:15 - 2011-12-23 22:14 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-02 18:04 - 2011-12-23 22:03 - 00004931 _____ C:\Windows\system32\lvcoinst.log
2015-11-02 17:48 - 2014-12-29 22:00 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-11-02 17:48 - 2011-12-28 11:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-02 17:21 - 2012-03-09 12:07 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-02 17:21 - 2012-03-09 12:06 - 00000000 ____D C:\ProgramData\Adobe
2015-11-02 17:21 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Default
2015-11-02 17:20 - 2011-12-23 22:14 - 00000000 ____D C:\Users\jono\AppData\Roaming\Adobe
2015-11-02 17:19 - 2012-03-12 09:27 - 00000000 ____D C:\Users\jono\AppData\Local\Adobe
2015-11-02 17:19 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2015-11-02 17:16 - 2012-03-08 09:33 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-02 17:15 - 2012-02-16 12:13 - 00000000 ____D C:\Users\jono\AppData\Roaming\uTorrent
2015-11-02 15:30 - 2012-02-16 12:14 - 00000000 ____D C:\Users\jono\AppData\LocalLow\Temp
2015-11-02 13:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-11-02 11:05 - 2012-01-07 09:00 - 00000000 ____D C:\Users\jono\AppData\Roaming\Ventrilo
2015-11-02 11:05 - 2011-12-23 21:51 - 00000000 ____D C:\Windows\Minidump
2015-11-02 11:05 - 2011-12-23 21:49 - 00000000 ____D C:\Windows\panther
2015-11-01 16:40 - 2009-07-13 21:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-01 16:38 - 2015-08-16 23:16 - 00000000 ____D C:\Users\jono\AppData\Roaming\Curse Client
2015-10-27 12:30 - 2012-03-09 12:09 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-06 09:45 - 2012-03-11 21:56 - 00000000 ____D C:\Users\jono\AppData\Roaming\LolClient
2015-10-06 09:24 - 2011-12-23 22:14 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-06 09:24 - 2011-12-23 22:14 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2015-11-04 10:01 - 2015-11-04 10:01 - 0004096 _____ () C:\ProgramData\AddInProcess32.dll
2015-11-04 10:02 - 2015-11-04 10:02 - 0004096 _____ () C:\ProgramData\igfxCUIService.exe
2015-11-04 20:33 - 2015-11-04 20:33 - 0005632 _____ () C:\ProgramData\taskhost.exe

Files to move or delete:
====================
C:\ProgramData\AddInProcess32.dll
C:\ProgramData\igfxCUIService.exe
C:\ProgramData\taskhost.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-01 07:32

==================== End of FRST.txt ============================

 

 

Addition:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by jono (2015-11-05 11:25:03)
Running from C:\Users\jono\Desktop
Windows 7 Home Premium (X64) (2011-12-24 06:01:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3161928891-4213188026-640730353-500 - Administrator - Disabled)
Guest (S-1-5-21-3161928891-4213188026-640730353-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3161928891-4213188026-640730353-1002 - Limited - Enabled)
jono (S-1-5-21-3161928891-4213188026-640730353-1001 - Administrator - Enabled) => C:\Users\jono

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.213 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\{EE56217C-B3F9-402B-B4EC-63F090F51D3D}) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version:  - cbrreader.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1208 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

02-11-2015 17:47:09 Removed iTunes
02-11-2015 18:14:33 Installed Adobe Flash Player 19 ActiveX.
02-11-2015 23:17:31 Windows Update
03-11-2015 09:56:20 Windows Update
03-11-2015 15:37:17 Windows Update
03-11-2015 20:38:34 Windows Update
04-11-2015 10:02:49 Windows Update
04-11-2015 13:27:03 Installed RuneScape Launcher 1.2.7
05-11-2015 03:00:13 Windows Update
05-11-2015 08:15:46 Windows Update
05-11-2015 09:06:57 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2015-11-02 17:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06B07287-A493-4C47-961C-C630E5C96526} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-02] (Adobe Systems Incorporated)
Task: {07E2E3A7-595E-4A25-9C3A-DBFB68E8A9E3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {1D818465-E7EA-4DAC-AAF9-4DE6E8150C91} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {52F44D6E-5DEE-42AA-A70C-01D83BB7756C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {A859873D-E193-4B72-9C71-F34032413FAA} - System32\Tasks\{2A9CF08F-AC27-4444-B104-DDB0B17396B2} => pcalua.exe -a "C:\Users\jono\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WJWFYAZ\esetsmartinstaller_enu[1].exe" -d C:\Users\jono\Desktop
Task: {AAAC61BE-81AF-4F11-9E6C-BE41E2EE1FBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1d23c139-9d18-445c-b77b-00c718efa0da.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6bc8ce5b-dfc9-4587-9007-84b631317831.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (Whitelisted) ==============

2012-03-08 14:25 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2015-11-04 10:02 - 2015-11-04 10:02 - 00004096 _____ () C:\ProgramData\igfxCUIService.exe
2011-07-28 15:08 - 2011-07-28 15:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2015-03-26 17:05 - 2015-03-26 17:05 - 00014336 _____ () C:\Users\jono\jagexcache\jagexlauncher\bin\JagexLauncher.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-07-28 15:09 - 2011-07-28 15:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2011-11-10 17:35 - 2011-11-10 17:35 - 03198464 _____ () C:\Users\jono\jagexcache\jagexlauncher\bin\jvm.dll
2011-11-10 18:16 - 2011-11-10 18:16 - 00402944 _____ () C:\Users\jono\jagexcache\jagexlauncher\bin\freetype.dll
2015-11-04 13:46 - 2015-11-05 11:12 - 00066048 _____ () C:\.jagex_cache_32\browsercontrol.dll
2015-11-04 13:46 - 2015-11-05 11:13 - 00132096 _____ () C:\Users\jono\jagexcache\runescape\LIVE\jaclib.dll
2015-11-04 13:46 - 2015-11-05 11:13 - 00076288 _____ () C:\Users\jono\jagexcache\runescape\LIVE\jagdx.dll
2015-11-04 13:46 - 2015-11-05 11:13 - 00091648 _____ () C:\Users\jono\jagexcache\runescape\LIVE\jaggl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3161928891-4213188026-640730353-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{B432EEE7-D1DE-443A-B8D5-61D139E2C275}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{7994B85B-F6F5-4311-87F0-9DA6F80D89BA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E732D349-B9AC-473B-8757-D4F6690FCE66}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{09CD91F3-2ED4-4904-93B5-6847E334A27A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/05/2015 11:24:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 46.0.2490.80, time stamp: 0x56262c73
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x10006c13
Faulting process id: 0xbf0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (11/05/2015 11:20:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 46.0.2490.80, time stamp: 0x56262c73
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x10006c13
Faulting process id: 0xdd0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (11/05/2015 11:19:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 46.0.2490.80, time stamp: 0x56262c73
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x10006c13
Faulting process id: 0x654
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (11/05/2015 11:19:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 46.0.2490.80, time stamp: 0x56262c73
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x10006c13
Faulting process id: 0xba0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (11/05/2015 11:19:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 46.0.2490.80, time stamp: 0x56262c73
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x10006c13
Faulting process id: 0xba8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (11/05/2015 11:17:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 46.0.2490.80, time stamp: 0x56262c73
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x10006c13
Faulting process id: 0xac8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (11/05/2015 11:16:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 46.0.2490.80, time stamp: 0x56262c73
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x10006c13
Faulting process id: 0xdb0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (11/05/2015 11:16:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 46.0.2490.80, time stamp: 0x56262c73
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x10006c13
Faulting process id: 0x1228
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (11/05/2015 11:15:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x726f7461
Faulting process id: 0x608
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (11/05/2015 11:15:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7600.16930 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1334

Start Time: 01d117fe348778cb

Termination Time: 6

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 8be34f80-83f1-11e5-966b-485b3994c306


System errors:
=============
Error: (11/05/2015 11:15:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/05/2015 11:09:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Wizard Service service failed to start due to the following error:
%%1053

Error: (11/05/2015 11:09:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Razer Wizard Service service to connect.

Error: (11/05/2015 09:08:05 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/05/2015 09:08:02 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/05/2015 08:24:06 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/05/2015 08:24:00 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (11/05/2015 08:21:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/05/2015 08:20:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800b0001: Windows Update Setup Handler.

Error: (11/05/2015 08:14:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Wizard Service service failed to start due to the following error:
%%1053


CodeIntegrity:
===================================
  Date: 2015-11-02 17:12:19.678
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-02 17:12:19.646
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-22 19:52:44.939
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\jono\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-22 19:52:44.910
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\jono\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-22 19:52:44.520
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-22 19:52:44.492
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-12-23 21:53:11.517
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\nvlddmkm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 43%
Total physical RAM: 6142.18 MB
Available physical RAM: 3480.41 MB
Total Virtual: 12284.35 MB
Available Virtual: 9491.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.91 GB) (Free:58.3 GB) NTFS
Drive f: (Main) (Fixed) (Total:465.76 GB) (Free:452.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: BDEFBDEF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 49AA40B9)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

now i can't use any browsers but firefox even in safe mode as they both just crash immediately


Edited by dunzoes, 05 November 2015 - 02:50 PM.


#15 dunzoes

dunzoes
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 05 November 2015 - 02:57 PM

"""Files to move or delete:
====================
C:\ProgramData\AddInProcess32.dll
C:\ProgramData\igfxCUIService.exe
C:\ProgramData\taskhost.exe """"

 

should I try removing those manually if I can't get any anti spyware to launch or install that will kill it ?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users