Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"More Results Hub ads" Hijacking my new tab page and search engines.


  • This topic is locked This topic is locked
12 replies to this topic

#1 konkurada

konkurada

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan - United States
  • Local time:06:21 AM

Posted 05 November 2015 - 07:11 PM

I was installing some software the other day and made the mistake of clicking the next button too many times, accepting a couple of those "click here to get malware" offers they always throw in there. I knew immediately I had made a mistake.

 

The symptoms are as follows: Upon opening a new tab in google chrome I am automatically redirected to an extremely long, garbled URL, which redirects me to Yahoo! search. If I go to google and perform any search, after a small delay an additional section of the page is filled with links to questionable sites and the text line "More Results Hub ads" is displayed nearby. If I click any link and press back I am brought to the same search but on Yahoo! instead.

 

 I followed a removal guide on this site. Here's what I've tried so far: I searched through the list of installed programs to remove it but it was not listed, closed all programs, ran rkill which found nothing to terminate, ran MBAM which found the bug, removed everything it found, restarted, ran adwcleaner, restarted again, then opened chrome to find that it was still there and nothing had changed. I re-scanned with MBAM which found the exact same problems as before. I removed them and restarted three times, the problem persists.

 

FRST Logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
Ran by Konkurada (administrator) on KONKURADA-PC (05-11-2015 19:01:07)
Running from C:\Users\Konkurada\Desktop
Loaded Profiles: Konkurada (Available Profiles: Konkurada & RS Test)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Flux Software LLC) C:\Users\Konkurada\AppData\Local\FluxSoftware\Flux\flux.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-26] (AVAST Software)
HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Konkurada\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\...\Run: [f.lux] => C:\Users\Konkurada\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-26] (AVAST Software)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1
Tcpip\..\Interfaces\{CBA6BEB6-BB64-4282-AEE9-DFBEE8EC8F2C}: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-26] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-26] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1227236975-3566331038-3326167431-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1227236975-3566331038-3326167431-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
 
FireFox:
========
FF ProfilePath: C:\Users\Konkurada\AppData\Roaming\Mozilla\Firefox\Profiles\n9ysnq1m.default
FF SelectedSearchEngine: Google (avast)
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
FF Homepage: hxxps://www.google.com/?trackid=sp-006
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31010.0\npctrl.dll [2014-10-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31010.0\npctrl.dll [2014-10-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-06-05] (Nexon)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Konkurada\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-03-10] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll [2013-01-11] (Vizzed.com)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1227236975-3566331038-3326167431-1002: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)
FF Plugin HKU\S-1-5-21-1227236975-3566331038-3326167431-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF SearchPlugin: C:\Users\Konkurada\AppData\Roaming\Mozilla\Firefox\Profiles\n9ysnq1m.default\searchplugins\google-avast.xml [2015-11-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-26] [not signed]
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U67) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Vizzed Retro Game Room Plugin) - C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Happy Cloud Plugin) - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Raidcall plugin) - C:\Users\Konkurada\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube Center) - C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcegdpionpopahcglnfiiioapcclamdj [2015-10-26]
CHR Extension: (Turn Off the Lights) - C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-09-01]
CHR Extension: (Adblock Plus) - C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]
CHR Extension: (AdBlock) - C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-16]
CHR Extension: (Avast Online Security) - C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-10-31]
CHR Extension: (Turn Off the Lights) - C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Extensions\labjanboighjienkhiabgpefblkbmemd [2014-04-05]
CHR Extension: (Your Quality for YouTube™) - C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfcilgimggemnogfigihdkmapdhhlbph [2015-10-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Tumblr Savior) - C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-10-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-10-26]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2015-07-28] (Advanced Micro Devices) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-26] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-10-26] (Avast Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-11-23] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-01-06] (BitRaider, LLC)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-13] (Electronic Arts)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [X]
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Origins\bin_ship\DAUpdaterSvc.Service.exe [X]
S3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [297672 2015-07-28] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-10-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-26] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-04-07] (BitRaider)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-10-26] (AVAST Software)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-08-29] (The OpenVPN Project)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-10-26] (Avast Software)
S1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [24064 2013-06-30] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [17408 2013-06-30] (Shrew Soft Inc) [File not signed]
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-02] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E}; \??\C:\Program Files (x86)\VMLaunch\BuddyVM.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-05 19:01 - 2015-11-05 19:01 - 00021186 _____ C:\Users\Konkurada\Desktop\FRST.txt
2015-11-05 19:01 - 2015-11-05 19:01 - 00000000 ____D C:\FRST
2015-11-05 19:00 - 2015-11-05 19:00 - 02198528 _____ (Farbar) C:\Users\Konkurada\Desktop\FRST64.exe
2015-11-05 18:07 - 2015-11-05 18:07 - 01101640 _____ (Bleeping Computer, LLC) C:\Users\Konkurada\Desktop\rkill64.exe
2015-11-05 13:40 - 2015-11-05 18:08 - 00001444 _____ C:\Users\Konkurada\Desktop\Rkill.txt
2015-11-05 13:40 - 2015-11-05 13:40 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Konkurada\Desktop\rkill.exe
2015-11-05 09:46 - 2015-11-05 09:46 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-11-05 09:40 - 2015-11-05 09:44 - 00000000 ____D C:\AdwCleaner
2015-11-04 13:07 - 2015-11-04 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.2
2015-11-04 13:07 - 2015-11-04 13:07 - 00000000 ____D C:\Program Files (x86)\Project64 2.2
2015-11-04 07:39 - 2015-11-04 07:39 - 00000000 ____D C:\Users\Konkurada\AppData\Roaming\Sins of a Solar Empire - Rebellion
2015-11-02 03:19 - 2015-11-02 03:19 - 00000000 ____D C:\Windows\pss
2015-10-30 20:08 - 2015-10-30 20:08 - 00000000 ____D C:\Users\Konkurada\Documents\Assassin's Creed Rogue
2015-10-30 20:08 - 2015-10-30 20:08 - 00000000 ____D C:\Users\Konkurada\AppData\Roaming\uplay
2015-10-30 02:05 - 2015-10-30 02:05 - 00000000 ____D C:\Users\Konkurada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ixale
2015-10-30 02:05 - 2015-10-30 02:05 - 00000000 ____D C:\Users\Konkurada\.oracle_jre_usage
2015-10-29 18:39 - 2015-10-29 18:39 - 00001483 _____ C:\Users\Konkurada\Desktop\Star Wars - The Old Republic.lnk
2015-10-28 08:17 - 2015-10-28 08:17 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2015-10-26 17:36 - 2015-10-26 17:36 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2015-10-26 17:35 - 2015-10-26 17:36 - 01476720 _____ C:\Users\RS Test\Downloads\SteamSetup.exe
2015-10-26 17:32 - 2015-10-26 21:21 - 00000000 ____D C:\Users\RS Test\AppData\Roaming\Skype
2015-10-26 17:32 - 2015-10-26 17:32 - 00000000 ____D C:\Users\RS Test\Tracing
2015-10-26 17:32 - 2015-10-26 17:32 - 00000000 ____D C:\Users\RS Test\AppData\Local\Skype
2015-10-26 17:28 - 2015-10-26 17:29 - 46829184 _____ (Skype Technologies S.A.) C:\Users\RS Test\Downloads\SkypeSetupFull.exe
2015-10-26 17:27 - 2015-10-26 17:27 - 00000000 ____D C:\Users\RS Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-10-26 17:27 - 2015-10-26 17:27 - 00000000 ____D C:\Users\RS Test\AppData\Local\FluxSoftware
2015-10-26 17:26 - 2015-10-26 17:26 - 00597304 _____ C:\Users\RS Test\Downloads\flux-setup.exe
2015-10-26 17:16 - 2015-10-26 17:16 - 00000000 ____D C:\Users\RS Test\AppData\Roaming\AVAST Software
2015-10-26 01:30 - 2015-10-26 01:30 - 00000000 ____D C:\Users\Konkurada\AppData\Roaming\AVAST Software
2015-10-26 01:28 - 2015-10-26 02:56 - 00001966 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-10-26 01:28 - 2015-10-26 01:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-10-26 01:27 - 2015-10-26 01:27 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-10-26 01:27 - 2015-10-26 01:27 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-10-26 01:27 - 2015-10-26 01:27 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-10-26 01:27 - 2015-10-26 01:27 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-10-26 01:27 - 2015-10-26 01:27 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-10-26 01:27 - 2015-10-26 01:27 - 00132656 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-10-26 01:27 - 2015-10-26 01:27 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-10-26 01:27 - 2015-10-26 01:27 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-10-26 01:27 - 2015-10-26 01:27 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-10-26 01:27 - 2015-10-26 01:27 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-10-26 01:27 - 2015-10-26 01:27 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-10-26 01:26 - 2015-10-26 01:26 - 00000000 ____D C:\Program Files\AVAST Software
2015-10-26 00:51 - 2015-10-26 00:51 - 00002114 _____ C:\Users\Konkurada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2015-10-26 00:51 - 2015-10-26 00:51 - 00000000 ____D C:\Users\Konkurada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2015-10-25 22:15 - 2015-10-25 22:15 - 00000000 ____D C:\Users\RS Test\AppData\Roaming\AMD
2015-10-25 22:14 - 2015-10-26 21:18 - 00000024 _____ C:\Users\RS Test\random.dat
2015-10-25 22:14 - 2015-10-26 20:37 - 00000024 _____ C:\Users\RS Test\jagexappletviewer.preferences
2015-10-25 22:14 - 2015-10-26 20:34 - 00000046 _____ C:\Users\RS Test\jagex_cl_runescape_LIVE.dat
2015-10-25 22:14 - 2015-10-25 22:14 - 00002100 _____ C:\Users\RS Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2015-10-25 22:14 - 2015-10-25 22:14 - 00002070 _____ C:\Users\RS Test\Desktop\RuneScape.lnk
2015-10-25 22:14 - 2015-10-25 22:14 - 00000000 __SHD C:\Users\RS Test\AppData\LocalLow\EmieUserList
2015-10-25 22:14 - 2015-10-25 22:14 - 00000000 __SHD C:\Users\RS Test\AppData\LocalLow\EmieSiteList
2015-10-25 22:14 - 2015-10-25 22:14 - 00000000 __SHD C:\Users\RS Test\AppData\LocalLow\EmieBrowserModeList
2015-10-25 22:14 - 2015-10-25 22:14 - 00000000 __SHD C:\Users\RS Test\AppData\Local\EmieUserList
2015-10-25 22:14 - 2015-10-25 22:14 - 00000000 __SHD C:\Users\RS Test\AppData\Local\EmieSiteList
2015-10-25 22:14 - 2015-10-25 22:14 - 00000000 __SHD C:\Users\RS Test\AppData\Local\EmieBrowserModeList
2015-10-25 22:14 - 2015-10-25 22:14 - 00000000 ____D C:\Users\RS Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2015-10-25 22:13 - 2015-10-25 22:14 - 00000000 ____D C:\Users\RS Test\jagexcache
2015-10-25 22:13 - 2015-10-25 22:13 - 24219648 _____ C:\Users\RS Test\Downloads\RuneScape.msi
2015-10-25 22:09 - 2015-10-25 22:12 - 00002259 _____ C:\Users\RS Test\Desktop\Google Chrome.lnk
2015-10-25 22:09 - 2015-10-25 22:09 - 00060000 _____ C:\Users\RS Test\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-25 22:09 - 2015-10-25 22:09 - 00001417 _____ C:\Users\RS Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-25 22:09 - 2015-10-25 22:09 - 00000020 ___SH C:\Users\RS Test\ntuser.ini
2015-10-25 22:09 - 2015-10-25 22:09 - 00000000 ____D C:\Users\RS Test\AppData\Roaming\ATI
2015-10-25 22:09 - 2015-10-25 22:09 - 00000000 ____D C:\Users\RS Test\AppData\Roaming\Adobe
2015-10-25 22:09 - 2015-10-25 22:09 - 00000000 ____D C:\Users\RS Test\AppData\Local\VirtualStore
2015-10-25 22:09 - 2015-10-25 22:09 - 00000000 ____D C:\Users\RS Test\AppData\Local\Google
2015-10-25 22:09 - 2015-10-25 22:09 - 00000000 ____D C:\Users\RS Test\AppData\Local\ATI
2015-10-25 22:09 - 2015-10-25 22:09 - 00000000 ____D C:\Users\RS Test\AppData\Local\AMD
2015-10-25 22:09 - 2015-10-25 22:09 - 00000000 ____D C:\Users\RS Test\AppData\Local\Adobe
2015-10-25 22:08 - 2015-10-26 17:32 - 00000000 ____D C:\Users\RS Test
2015-10-25 22:08 - 2014-03-15 15:21 - 00000000 ____D C:\Users\RS Test\AppData\Roaming\TuneUp Software
2015-10-25 22:08 - 2014-02-24 07:48 - 00000000 ____D C:\Users\RS Test\AppData\Roaming\Macromedia
2015-10-25 22:08 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\RS Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-25 22:08 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\RS Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-25 18:38 - 2015-10-25 18:38 - 00000000 ____D C:\.jagex_cache_32
2015-10-25 14:27 - 2015-10-25 15:11 - 00000000 ____D C:\Users\Konkurada\Documents\Planetbase
2015-10-25 14:22 - 2015-10-22 22:47 - 00000000 ____D C:\Users\Konkurada\Desktop\Planetbase  v 1.0.4
2015-10-21 09:50 - 2015-10-22 19:33 - 00000000 ____D C:\Users\Konkurada\AppData\Local\UNDERTALE
2015-10-21 08:37 - 2015-10-21 08:37 - 00001194 _____ C:\Users\Konkurada\Desktop\Assassins Creed Rogue.lnk
2015-10-21 08:28 - 2015-10-21 08:37 - 00000000 ____D C:\Program Files (x86)\Assassins Creed Rogue
2015-10-19 10:18 - 2015-10-19 10:18 - 00000222 _____ C:\Users\Konkurada\Desktop\Dungeon Defenders II.url
2015-10-18 11:49 - 2015-10-18 11:49 - 00000000 ____D C:\Users\Konkurada\AppData\Local\DunDefLauncher
2015-10-16 03:03 - 2015-10-16 03:03 - 00000000 ____D C:\Users\Konkurada\Documents\Petroglyph
2015-10-15 07:28 - 2015-10-15 07:28 - 00008596 _____ C:\Users\Konkurada\AppData\Local\recently-used.xbel
2015-10-15 03:56 - 2015-10-15 03:56 - 00000000 ____D C:\Users\Konkurada\AppData\Roaming\Starpoint Gemini 2
2015-10-14 05:34 - 2015-10-14 05:34 - 00000000 ____D C:\Windows\SysWOW64\xlive
2015-10-14 05:34 - 2015-10-14 05:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2015-10-14 05:34 - 2015-10-14 05:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-10-09 10:53 - 2015-10-09 11:15 - 00000000 ____D C:\Program Files (x86)\Toontown Rewritten
2015-10-09 10:53 - 2015-10-09 10:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toontown Rewritten
2015-10-08 14:13 - 2015-10-08 14:13 - 00000000 ____D C:\Users\Konkurada\Documents\Endless Space
2015-10-07 15:02 - 2015-11-05 18:59 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2015-10-06 17:25 - 2015-10-06 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-10-06 17:18 - 2015-10-06 17:37 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-10-06 12:58 - 2015-10-06 12:58 - 00114800 ____H C:\Windows\SysWOW64\mlfcache.dat
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-05 18:59 - 2014-12-17 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-11-05 18:57 - 2014-01-03 19:36 - 00000000 ____D C:\Users\Konkurada\AppData\Roaming\Skype
2015-11-05 18:43 - 2009-07-13 23:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-05 18:43 - 2009-07-13 23:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-05 18:39 - 2013-12-24 14:01 - 01548866 _____ C:\Windows\WindowsUpdate.log
2015-11-05 18:39 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-05 18:37 - 2013-12-24 14:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-05 18:35 - 2013-06-17 13:27 - 00254634 _____ C:\Windows\setupact.log
2015-11-05 18:35 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-05 18:09 - 2014-06-28 14:43 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-05 18:06 - 2013-12-24 16:04 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-11-05 18:06 - 2010-11-20 22:47 - 02565164 _____ C:\Windows\PFRO.log
2015-11-05 17:17 - 2013-12-24 14:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-05 16:39 - 2014-01-03 18:50 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-05 10:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Speech
2015-11-05 09:52 - 2014-02-14 14:48 - 00001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-05 09:47 - 2015-01-08 09:35 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-11-05 09:42 - 2014-06-28 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-05 09:42 - 2014-06-28 14:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-04 13:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-11-04 08:46 - 2014-01-03 19:34 - 00000000 ____D C:\Users\Konkurada\AppData\Local\CrashDumps
2015-11-04 07:43 - 2014-06-01 05:51 - 00000000 ____D C:\Users\Konkurada\AppData\Local\SKIDROW
2015-11-04 07:43 - 2014-01-04 17:12 - 00000000 ____D C:\Users\Konkurada\Documents\my games
2015-11-03 14:55 - 2014-01-22 01:26 - 00000000 ____D C:\Users\Konkurada\AppData\Roaming\uTorrent
2015-11-02 03:16 - 2014-01-18 00:15 - 00000000 ____D C:\Users\Konkurada\AppData\Local\Deployment
2015-11-02 02:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-30 20:12 - 2014-01-05 17:23 - 00000000 ____D C:\Users\Konkurada\AppData\Roaming\Bioshock
2015-10-30 02:05 - 2015-03-31 19:23 - 00000000 ____D C:\Users\Konkurada\AppData\Local\StarParse
2015-10-30 02:05 - 2014-01-03 17:44 - 00000000 ____D C:\Users\Konkurada
2015-10-28 08:21 - 2014-01-06 17:11 - 00014598 _____ C:\Users\Konkurada\Documents\Install STAR WARS The Old Republic.log
2015-10-26 23:40 - 2014-03-12 12:43 - 00000024 _____ C:\Users\Konkurada\random.dat
2015-10-26 23:36 - 2014-08-27 06:25 - 00000024 _____ C:\Users\Konkurada\jagexappletviewer.preferences
2015-10-26 23:36 - 2014-03-12 12:43 - 00000048 _____ C:\Users\Konkurada\jagex_cl_runescape_LIVE.dat
2015-10-26 17:34 - 2015-09-21 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-26 17:32 - 2014-01-03 19:36 - 00000000 ____D C:\ProgramData\Skype
2015-10-26 12:39 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-26 12:38 - 2015-07-18 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-10-26 12:38 - 2014-10-16 04:25 - 00000000 ____D C:\GOG Games
2015-10-26 12:38 - 2014-09-06 05:30 - 00000671 _____ C:\Users\Konkurada\Documents\Uninstall STAR WARS The Old Republic.log
2015-10-26 12:35 - 2015-09-05 16:57 - 00000000 ____D C:\Program Files (x86)\Assassins Creed IV Black Flag
2015-10-26 12:33 - 2015-06-25 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2015-10-26 12:33 - 2013-12-24 14:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-26 03:44 - 2015-03-13 21:47 - 00000000 ____D C:\Users\Konkurada\AppData\Roaming\03D40274-1426286825-0558-AB06-E30700080009
2015-10-26 01:28 - 2015-01-08 09:36 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-10-26 01:28 - 2015-01-08 09:36 - 00000000 ____D C:\Windows\system32\vbox
2015-10-16 06:38 - 2014-12-19 07:45 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-10-16 06:38 - 2014-02-11 05:33 - 00000000 ____D C:\Users\Konkurada\AppData\Local\Battle.net
2015-10-15 07:28 - 2014-12-24 17:06 - 00000000 ____D C:\Users\Konkurada\AppData\Local\gtk-2.0
2015-10-15 07:28 - 2014-12-24 17:02 - 00000000 ____D C:\Users\Konkurada\.gimp-2.8
2015-10-14 04:54 - 2014-01-23 01:05 - 00000000 ____D C:\Games
2015-10-08 15:06 - 2014-07-25 12:15 - 00000000 ____D C:\Users\Konkurada\Documents\Klei
2015-10-07 16:57 - 2015-02-05 05:11 - 00000000 ____D C:\Users\Konkurada\AppData\Local\Steam
 
==================== Files in the root of some directories =======
 
2015-01-12 16:57 - 2015-01-12 16:57 - 0000132 _____ () C:\Users\Konkurada\AppData\Roaming\Adobe BMP Format CS5 Prefs
2015-01-22 08:35 - 2015-01-22 08:37 - 0000111 _____ () C:\Users\Konkurada\AppData\Roaming\Camdata.ini
2015-01-22 08:35 - 2015-01-22 08:37 - 0000408 _____ () C:\Users\Konkurada\AppData\Roaming\CamLayout.ini
2015-01-22 08:35 - 2015-01-22 08:37 - 0000408 _____ () C:\Users\Konkurada\AppData\Roaming\CamShapes.ini
2015-01-22 08:35 - 2015-01-22 08:37 - 0004547 _____ () C:\Users\Konkurada\AppData\Roaming\CamStudio.cfg
2014-06-09 13:25 - 2014-07-01 03:55 - 0000137 _____ () C:\Users\Konkurada\AppData\Roaming\licecap.ini
2014-06-30 02:49 - 2014-06-30 02:49 - 0000047 _____ () C:\Users\Konkurada\AppData\Roaming\mbam.context.scan
2014-07-15 03:37 - 2014-07-15 03:37 - 0001181 _____ () C:\Users\Konkurada\AppData\Roaming\trace_FilterInstaller.1.txt
2014-07-15 03:37 - 2014-07-15 03:41 - 0000919 _____ () C:\Users\Konkurada\AppData\Roaming\trace_FilterInstaller.txt
2014-07-15 03:37 - 2014-07-15 03:41 - 0000000 _____ () C:\Users\Konkurada\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-01-22 08:30 - 2015-01-22 08:36 - 0000096 _____ () C:\Users\Konkurada\AppData\Roaming\version2.xml
2015-03-13 21:58 - 2015-03-13 21:58 - 0000088 _____ () C:\Users\Konkurada\AppData\Local\153776569452812cf0c80a3e5677dae4
2015-10-15 07:28 - 2015-10-15 07:28 - 0008596 _____ () C:\Users\Konkurada\AppData\Local\recently-used.xbel
2014-04-06 07:04 - 2015-04-30 11:36 - 0007618 _____ () C:\Users\Konkurada\AppData\Local\Resmon.ResmonCfg
2015-03-12 18:00 - 2015-03-12 18:00 - 0203103 _____ () C:\ProgramData\1426201119.bdinstall.bin
2015-03-12 18:33 - 2015-03-12 18:33 - 0037823 _____ () C:\ProgramData\1426203191.bdinstall.bin
2015-03-12 18:33 - 2015-03-12 18:33 - 0098136 _____ () C:\ProgramData\1426203192.bdinstall.bin
 
Some files in TEMP:
====================
C:\Users\Konkurada\AppData\Local\Temp\31d6e07d87ca5eaf6b2447c07a6c1365.dll
C:\Users\Konkurada\AppData\Local\Temp\4e6cf5d72520e51ea54dbf30164d13e3.dll
C:\Users\Konkurada\AppData\Local\Temp\8f2dad0341ba79e32e7b1f90e805dff5.dll
C:\Users\Konkurada\AppData\Local\Temp\ab5e31d07b6ea746979d10d903f463d5.dll
C:\Users\Konkurada\AppData\Local\Temp\ce9485e25434b31da8691fd769802694.dll
C:\Users\Konkurada\AppData\Local\Temp\cf5d25f6c4ae6226cff33b6d7586bb50.dll
C:\Users\Konkurada\AppData\Local\Temp\d4f5d244a0909d75573750c06e9db24d.dll
C:\Users\Konkurada\AppData\Local\Temp\dotnetfx 3.5 sp1.exe
C:\Users\Konkurada\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Konkurada\AppData\Local\Temp\f2a2d13f74bfc3b45d1d158b056a9f2f.dll
C:\Users\Konkurada\AppData\Local\Temp\HitmanPro_x64.exe
C:\Users\Konkurada\AppData\Local\Temp\k9-webprotection-4.4.276.exe
C:\Users\Konkurada\AppData\Local\Temp\NGM.exe
C:\Users\Konkurada\AppData\Local\Temp\NGMDll.dll
C:\Users\Konkurada\AppData\Local\Temp\NGMResource.dll
C:\Users\Konkurada\AppData\Local\Temp\NGMSetup.exe
C:\Users\Konkurada\AppData\Local\Temp\ose00000.exe
C:\Users\Konkurada\AppData\Local\Temp\ose00001.exe
C:\Users\Konkurada\AppData\Local\Temp\raptrpatch.exe
C:\Users\Konkurada\AppData\Local\Temp\raptr_stub.exe
C:\Users\Konkurada\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Konkurada\AppData\Local\Temp\sqlite3.dll
C:\Users\Konkurada\AppData\Local\Temp\tmpDEE9.exe
C:\Users\Konkurada\AppData\Local\Temp\unicows.dll
C:\Users\Konkurada\AppData\Local\Temp\__pythonRunner.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-02 12:02
 
==================== End of FRST.txt ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,787 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:21 PM

Posted 05 November 2015 - 09:06 PM

Hello konkurada and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
   
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,787 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:21 PM

Posted 06 November 2015 - 04:10 PM

Hi konkurada,

 

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

 

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   9.76KB   2 downloads  and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 5:

ComboFix run:

Please be sure to run our tools with administrator rights.

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 konkurada

konkurada
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan - United States
  • Local time:06:21 AM

Posted 06 November 2015 - 07:41 PM

I've completed the actions listed in your post. The problem persists.

 

Here are the logs requested: 

 

1.

Fix result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by Konkurada (2015-11-06 17:57:53) Run:1
Running from C:\Users\Konkurada\Desktop
Loaded Profiles: Konkurada (Available Profiles: Konkurada & RS Test)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\...\Run: [AdobeBridge] => [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1227236975-3566331038-3326167431-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1227236975-3566331038-3326167431-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
FF Homepage: hxxps://www.google.com/?trackid=sp-006
FF NewTab: about:newtab
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-1227236975-3566331038-3326167431-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Extension: (Adblock Plus) - C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-22]
CHR Extension: (AdBlock) - C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-16]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-10-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-10-26]
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\Konkurada\AppData\Roaming\uplay
C:\Users\Konkurada\AppData\Roaming\uTorrent
2015-01-12 16:57 - 2015-01-12 16:57 - 0000132 _____ () C:\Users\Konkurada\AppData\Roaming\Adobe BMP Format CS5 Prefs
2015-01-22 08:35 - 2015-01-22 08:37 - 0000111 _____ () C:\Users\Konkurada\AppData\Roaming\Camdata.ini
2015-01-22 08:35 - 2015-01-22 08:37 - 0000408 _____ () C:\Users\Konkurada\AppData\Roaming\CamLayout.ini
2015-01-22 08:35 - 2015-01-22 08:37 - 0000408 _____ () C:\Users\Konkurada\AppData\Roaming\CamShapes.ini
2015-01-22 08:35 - 2015-01-22 08:37 - 0004547 _____ () C:\Users\Konkurada\AppData\Roaming\CamStudio.cfg
2014-06-09 13:25 - 2014-07-01 03:55 - 0000137 _____ () C:\Users\Konkurada\AppData\Roaming\licecap.ini
2014-06-30 02:49 - 2014-06-30 02:49 - 0000047 _____ () C:\Users\Konkurada\AppData\Roaming\mbam.context.scan
2014-07-15 03:37 - 2014-07-15 03:37 - 0001181 _____ () C:\Users\Konkurada\AppData\Roaming\trace_FilterInstaller.1.txt
2014-07-15 03:37 - 2014-07-15 03:41 - 0000919 _____ () C:\Users\Konkurada\AppData\Roaming\trace_FilterInstaller.txt
2014-07-15 03:37 - 2014-07-15 03:41 - 0000000 _____ () C:\Users\Konkurada\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-01-22 08:30 - 2015-01-22 08:36 - 0000096 _____ () C:\Users\Konkurada\AppData\Roaming\version2.xml
2015-03-12 18:00 - 2015-03-12 18:00 - 0203103 _____ () C:\ProgramData\1426201119.bdinstall.bin
2015-03-12 18:33 - 2015-03-12 18:33 - 0037823 _____ () C:\ProgramData\1426203191.bdinstall.bin
2015-03-12 18:33 - 2015-03-12 18:33 - 0098136 _____ () C:\ProgramData\1426203192.bdinstall.bin
C:\Users\Konkurada\AppData\Local\Temp\31d6e07d87ca5eaf6b2447c07a6c1365.dll
C:\Users\Konkurada\AppData\Local\Temp\4e6cf5d72520e51ea54dbf30164d13e3.dll
C:\Users\Konkurada\AppData\Local\Temp\8f2dad0341ba79e32e7b1f90e805dff5.dll
C:\Users\Konkurada\AppData\Local\Temp\ab5e31d07b6ea746979d10d903f463d5.dll
C:\Users\Konkurada\AppData\Local\Temp\ce9485e25434b31da8691fd769802694.dll
C:\Users\Konkurada\AppData\Local\Temp\cf5d25f6c4ae6226cff33b6d7586bb50.dll
C:\Users\Konkurada\AppData\Local\Temp\d4f5d244a0909d75573750c06e9db24d.dll
C:\Users\Konkurada\AppData\Local\Temp\dotnetfx 3.5 sp1.exe
C:\Users\Konkurada\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Konkurada\AppData\Local\Temp\f2a2d13f74bfc3b45d1d158b056a9f2f.dll
C:\Users\Konkurada\AppData\Local\Temp\HitmanPro_x64.exe
C:\Users\Konkurada\AppData\Local\Temp\k9-webprotection-4.4.276.exe
C:\Users\Konkurada\AppData\Local\Temp\NGM.exe
C:\Users\Konkurada\AppData\Local\Temp\NGMDll.dll
C:\Users\Konkurada\AppData\Local\Temp\NGMResource.dll
C:\Users\Konkurada\AppData\Local\Temp\NGMSetup.exe
C:\Users\Konkurada\AppData\Local\Temp\ose00000.exe
C:\Users\Konkurada\AppData\Local\Temp\ose00001.exe
C:\Users\Konkurada\AppData\Local\Temp\raptrpatch.exe
C:\Users\Konkurada\AppData\Local\Temp\raptr_stub.exe
C:\Users\Konkurada\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Konkurada\AppData\Local\Temp\sqlite3.dll
C:\Users\Konkurada\AppData\Local\Temp\tmpDEE9.exe
C:\Users\Konkurada\AppData\Local\Temp\unicows.dll
C:\Users\Konkurada\AppData\Local\Temp\__pythonRunner.dll
Task: {DBC5FFFB-5B7F-4261-8976-D8AB261A84F4} - \avayvaxxvae -> No File <==== ATTENTION
Task: {E681F3B5-3102-4799-B27C-42C8A9F1482C} - \Update Service YourFileDownloader -> No File <==== ATTENTION
Task: {06B3178C-AA72-44ED-AC89-CC3DB63575FD} - \WindApp Update -> No File <==== ATTENTION
Task: {2A984154-6E59-4D40-94AC-DA65A1D9415B} - \GeniusBox -> No File <==== ATTENTION
Task: {40851F13-971B-4A98-A0BC-D1A871247FE2} - \Selection Tools Update -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:E965A533
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
IE trusted site: HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\...\aeriagames.com -> hxxp://aeriagames.com
IE restricted site: HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\...\skype.com -> hxxps://apps.skype.com
FirewallRules: [TCP Query User{356AE53E-311C-4183-91AE-E9161B95BA5B}C:\users\konkurada\appdata\local\temp\gw2.exe] => (Allow) C:\users\konkurada\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{3AB4383F-4A47-471B-A697-A2959CC961C2}C:\users\konkurada\appdata\local\temp\gw2.exe] => (Allow) C:\users\konkurada\appdata\local\temp\gw2.exe
FirewallRules: [{3E2E59E7-90C2-49B2-B530-65FC98E7EBBB}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{47F0F640-099E-4939-A270-242C8EE8656A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{26ADFAC7-9777-49D6-8E84-898F25FB7921}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{38CCCFFE-764F-4BDD-88B0-D2021F1F6589}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{AEF4A031-FF52-4D0F-9E9B-7B235A12989A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{6CF27BC9-CC3C-4C89-9C60-6844875DAD38}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{097FD18F-E281-441A-81DB-285226EF78CC}C:\users\konkurada\appdata\local\temp\i1426715790\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\konkurada\appdata\local\temp\i1426715790\windows\resource\jre\bin\javaw.exe
FirewallRules: [UDP Query User{22DE7066-1EED-4C84-9CFB-E7BCF7159929}C:\users\konkurada\appdata\local\temp\i1426715790\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\konkurada\appdata\local\temp\i1426715790\windows\resource\jre\bin\javaw.exe
FirewallRules: [{3494B12A-2BFA-4946-BFAC-07DF08CDEC46}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{D601700C-271A-4F6D-80B2-244A9F340AAE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{A9FB88BA-2420-4880-8C83-122F537545AC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{0BDA3827-F59A-4D87-AA66-C66D953CC5DD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{58B24BD2-142D-4257-9033-68818C5B708D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{53BA27E2-8F97-4254-A4DB-9FB634020D65}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
2015-10-25 22:14 - 2015-10-25 22:14 - 00000000 __SHD C:\Users\RS Test\AppData\LocalLow\EmieUserList
2015-10-25 22:14 - 2015-10-25 22:14 - 00000000 __SHD C:\Users\RS Test\AppData\LocalLow\EmieSiteList
2015-10-25 22:14 - 2015-10-25 22:14 - 00000000 __SHD C:\Users\RS Test\AppData\LocalLow\EmieBrowserModeList
2015-10-25 22:14 - 2015-10-25 22:14 - 00000000 __SHD C:\Users\RS Test\AppData\Local\EmieUserList
2015-10-25 22:14 - 2015-10-25 22:14 - 00000000 __SHD C:\Users\RS Test\AppData\Local\EmieSiteList
2015-10-25 22:14 - 2015-10-25 22:14 - 00000000 __SHD C:\Users\RS Test\AppData\Local\EmieBrowserModeList
C:\Users\RS Test\AppData\Roaming\TuneUp Software
CMD: bitsadmin /reset /allusers
cmd: netsh winsock reset
EmptyTemp:
Hosts:
Reboot:
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
Firefox DefaultSearchUrl removed successfully
Firefox "Keyword.URL" removed successfully
Firefox "homepage" removed successfully
Firefox "newtab" removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\Software\MozillaPlugins\ubisoft.com/uplaypc" => key removed successfully
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll => not found.
C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => not found.
C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb => moved successfully
C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
ALSysIO => service removed successfully
catchme => service removed successfully
EagleX64 => service removed successfully
gdrv => service removed successfully
xhunter1 => service removed successfully
C:\Users\Konkurada\AppData\Roaming\uplay => moved successfully
C:\Users\Konkurada\AppData\Roaming\uTorrent => moved successfully
C:\Users\Konkurada\AppData\Roaming\Adobe BMP Format CS5 Prefs => moved successfully
C:\Users\Konkurada\AppData\Roaming\Camdata.ini => moved successfully
C:\Users\Konkurada\AppData\Roaming\CamLayout.ini => moved successfully
C:\Users\Konkurada\AppData\Roaming\CamShapes.ini => moved successfully
C:\Users\Konkurada\AppData\Roaming\CamStudio.cfg => moved successfully
C:\Users\Konkurada\AppData\Roaming\licecap.ini => moved successfully
C:\Users\Konkurada\AppData\Roaming\mbam.context.scan => moved successfully
C:\Users\Konkurada\AppData\Roaming\trace_FilterInstaller.1.txt => moved successfully
C:\Users\Konkurada\AppData\Roaming\trace_FilterInstaller.txt => moved successfully
C:\Users\Konkurada\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt => moved successfully
C:\Users\Konkurada\AppData\Roaming\version2.xml => moved successfully
C:\ProgramData\1426201119.bdinstall.bin => moved successfully
C:\ProgramData\1426203191.bdinstall.bin => moved successfully
C:\ProgramData\1426203192.bdinstall.bin => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\31d6e07d87ca5eaf6b2447c07a6c1365.dll => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\4e6cf5d72520e51ea54dbf30164d13e3.dll => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\8f2dad0341ba79e32e7b1f90e805dff5.dll => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\ab5e31d07b6ea746979d10d903f463d5.dll => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\ce9485e25434b31da8691fd769802694.dll => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\cf5d25f6c4ae6226cff33b6d7586bb50.dll => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\d4f5d244a0909d75573750c06e9db24d.dll => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\dotnetfx 3.5 sp1.exe => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\drm_dyndata_7400009.dll => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\f2a2d13f74bfc3b45d1d158b056a9f2f.dll => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\HitmanPro_x64.exe => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\k9-webprotection-4.4.276.exe => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\NGM.exe => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\NGMDll.dll => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\NGMResource.dll => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\NGMSetup.exe => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\ose00001.exe => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\raptrpatch.exe => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\raptr_stub.exe => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\tmpDEE9.exe => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\unicows.dll => moved successfully
C:\Users\Konkurada\AppData\Local\Temp\__pythonRunner.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBC5FFFB-5B7F-4261-8976-D8AB261A84F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBC5FFFB-5B7F-4261-8976-D8AB261A84F4}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avayvaxxvae => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E681F3B5-3102-4799-B27C-42C8A9F1482C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E681F3B5-3102-4799-B27C-42C8A9F1482C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Service YourFileDownloader => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06B3178C-AA72-44ED-AC89-CC3DB63575FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06B3178C-AA72-44ED-AC89-CC3DB63575FD}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WindApp Update => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A984154-6E59-4D40-94AC-DA65A1D9415B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A984154-6E59-4D40-94AC-DA65A1D9415B}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GeniusBox => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40851F13-971B-4A98-A0BC-D1A871247FE2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40851F13-971B-4A98-A0BC-D1A871247FE2}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Selection Tools Update => key not found. 
C:\ProgramData\TEMP => ":E965A533" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sndappv2" => key removed successfully
"HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aeriagames.com" => key removed successfully
HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aeriagames.com => key not found. 
"HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skype.com" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{356AE53E-311C-4183-91AE-E9161B95BA5B}C:\users\konkurada\appdata\local\temp\gw2.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3AB4383F-4A47-471B-A697-A2959CC961C2}C:\users\konkurada\appdata\local\temp\gw2.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E2E59E7-90C2-49B2-B530-65FC98E7EBBB} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{47F0F640-099E-4939-A270-242C8EE8656A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26ADFAC7-9777-49D6-8E84-898F25FB7921} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{38CCCFFE-764F-4BDD-88B0-D2021F1F6589} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AEF4A031-FF52-4D0F-9E9B-7B235A12989A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6CF27BC9-CC3C-4C89-9C60-6844875DAD38} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{097FD18F-E281-441A-81DB-285226EF78CC}C:\users\konkurada\appdata\local\temp\i1426715790\windows\resource\jre\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{22DE7066-1EED-4C84-9CFB-E7BCF7159929}C:\users\konkurada\appdata\local\temp\i1426715790\windows\resource\jre\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3494B12A-2BFA-4946-BFAC-07DF08CDEC46} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D601700C-271A-4F6D-80B2-244A9F340AAE} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A9FB88BA-2420-4880-8C83-122F537545AC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0BDA3827-F59A-4D87-AA66-C66D953CC5DD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58B24BD2-142D-4257-9033-68818C5B708D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{53BA27E2-8F97-4254-A4DB-9FB634020D65} => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-1227236975-3566331038-3326167431-1002\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => not found.
C:\Users\RS Test\AppData\LocalLow\EmieUserList => moved successfully
C:\Users\RS Test\AppData\LocalLow\EmieSiteList => moved successfully
C:\Users\RS Test\AppData\LocalLow\EmieBrowserModeList => moved successfully
C:\Users\RS Test\AppData\Local\EmieUserList => moved successfully
C:\Users\RS Test\AppData\Local\EmieSiteList => moved successfully
C:\Users\RS Test\AppData\Local\EmieBrowserModeList => moved successfully
C:\Users\RS Test\AppData\Roaming\TuneUp Software => moved successfully
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{7985B9BC-3C04-4EA8-A30A-CBF2122455A8} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 14.7 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-11-06 18:02:52)
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Could not move
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 18:02:52 ====
-----------------------------------------------------------------------------------------------------------------------------
2. 
# AdwCleaner v5.018 - Logfile created 06/11/2015 at 18:06:09
# Updated 05/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Konkurada - KONKURADA-PC
# Running from : C:\Users\Konkurada\Desktop\adwcleaner_5.018.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [600 bytes] ##########
 
--------------------------------------------------------------------------------------------------------------------------
3.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Konkurada on Fri 11/06/2015 at 18:09:32.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Konkurada\Appdata\Local\153776569452812cf0c80a3e5677dae4
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\Konkurada\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers
Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin
Successfully deleted: [Folder] C:\Users\Konkurada\AppData\Roaming\3909
 
 
 
~~~ Chrome
 
 
[C:\Users\Konkurada\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Konkurada\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Konkurada\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Konkurada\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/06/2015 at 18:13:35.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
4.
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/6/2015
Scan Time: 6:50 PM
Logfile: MBAM Log.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.06.07
Rootkit Database: v2015.11.04.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Konkurada
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393890
Time Elapsed: 25 min, 55 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.ResultsHub, C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_moreresultshub-a.akamaihd.net_0.localstorage, Quarantined, [5e716e0c76151e184c247410649f7d83], 
PUP.Optional.ResultsHub, C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_moreresultshub-a.akamaihd.net_0.localstorage-journal, Quarantined, [b718e397246759dd94dc2c58df24946c], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
----------------------------------------------------------------------------------------------------------------------------
5.
ComboFix 15-11-05.01 - Konkurada 11/06/2015  19:19:59.2.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8157.6185 [GMT -5:00]
Running from: c:\users\Konkurada\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\apppatch\AppLoc.exe
c:\windows\apppatch\AppLocA.exe
c:\windows\apppatch\unins000.dat
c:\windows\apppatch\unins000.exe
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-10-07 to 2015-11-07  )))))))))))))))))))))))))))))))
.
.
2015-11-07 00:27 . 2015-11-07 00:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-11-07 00:27 . 2015-11-07 00:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-06 00:01 . 2015-11-06 23:02 -------- d-----w- C:\FRST
2015-11-05 14:40 . 2015-11-06 23:07 -------- d-----w- C:\AdwCleaner
2015-11-04 18:07 . 2015-11-04 18:07 -------- d-----w- c:\program files (x86)\Project64 2.2
2015-11-04 12:39 . 2015-11-04 12:39 -------- d-----w- c:\users\Konkurada\AppData\Roaming\Sins of a Solar Empire - Rebellion
2015-10-30 07:05 . 2015-10-30 07:05 -------- d-----w- c:\users\Konkurada\.oracle_jre_usage
2015-10-28 13:17 . 2015-10-28 13:17 -------- d-----w- c:\program files (x86)\Electronic Arts
2015-10-26 06:30 . 2015-10-26 06:30 -------- d-----w- c:\users\Konkurada\AppData\Roaming\AVAST Software
2015-10-26 06:27 . 2015-11-06 18:28 449992 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-10-26 06:27 . 2015-11-06 18:28 1059656 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-10-26 06:27 . 2015-10-26 06:27 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-10-26 06:27 . 2015-10-26 06:27 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-10-26 06:27 . 2015-10-26 06:27 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-10-26 06:27 . 2015-10-26 06:27 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-10-26 06:27 . 2015-10-26 06:27 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-10-26 06:27 . 2015-10-26 06:27 153744 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-10-26 06:27 . 2015-10-26 06:27 132656 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-10-26 06:27 . 2015-10-26 06:27 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-10-26 06:27 . 2015-10-26 06:27 43112 ----a-w- c:\windows\avastSS.scr
2015-10-26 06:26 . 2015-10-26 06:26 -------- d-----w- c:\program files\AVAST Software
2015-10-26 03:08 . 2015-10-26 22:32 -------- d-----w- c:\users\RS Test
2015-10-25 23:38 . 2015-10-25 23:38 -------- d-----w- C:\.jagex_cache_32
2015-10-21 14:50 . 2015-10-23 00:33 -------- d-----w- c:\users\Konkurada\AppData\Local\UNDERTALE
2015-10-21 13:28 . 2015-10-21 13:37 -------- d-----w- c:\program files (x86)\Assassins Creed Rogue
2015-10-18 16:49 . 2015-10-18 16:49 -------- d-----w- c:\users\Konkurada\AppData\Local\DunDefLauncher
2015-10-15 08:56 . 2015-10-15 08:56 -------- d-----w- c:\users\Konkurada\AppData\Roaming\Starpoint Gemini 2
2015-10-14 10:34 . 2015-10-14 10:34 -------- d-----w- c:\windows\SysWow64\xlive
2015-10-14 10:34 . 2015-10-14 10:34 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2015-10-13 10:17 . 2015-11-04 12:20 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B687479-5C95-4564-876D-F34FF25D5FA3}\offreg.dll
2015-10-09 15:53 . 2015-10-09 16:15 -------- d-----w- c:\program files (x86)\Toontown Rewritten
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-06 23:50 . 2014-06-28 19:43 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-06 23:07 . 2013-12-24 21:04 65536 ----a-w- c:\windows\system32\spu_storage.bin
2015-10-05 14:50 . 2014-06-28 19:42 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-05 14:50 . 2014-06-28 19:42 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 14:50 . 2014-01-07 21:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Konkurada\AppData\Local\Akamai\netsession_win.exe" [2015-09-11 4691384]
"f.lux"="c:\users\Konkurada\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-07-29 767176]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-06 6133520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NCUpdateHelper"=c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
.
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys;c:\windows\SYSNATIVE\DRIVERS\vfilter.sys [x]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files (x86)\VMLaunch\BuddyVM.sys;c:\program files (x86)\VMLaunch\BuddyVM.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 amdacpusrsvc;ACP User Service;c:\program files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe;c:\program files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [x]
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Steam\steamapps\common\Dragon Age Origins\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Steam\steamapps\common\Dragon Age Origins\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ptun0901;TAP Adapter V9 for Private Tunnel;c:\windows\system32\DRIVERS\ptun0901.sys;c:\windows\SYSNATIVE\DRIVERS\ptun0901.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys;c:\windows\SYSNATIVE\DRIVERS\virtualnet.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 ngvss;ngvss; [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 amdacpksd;ACP Kernel Service Driver;c:\windows\system32\drivers\amdacpksd.sys;c:\windows\SYSNATIVE\drivers\amdacpksd.sys [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-24 00:18 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-24 08:06]
.
2015-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-24 08:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-10-26 06:27 780616 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-10-26 13213840]
"MouseDriver"="TiltWheelMouse.exe" [2012-12-19 241152]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-02-03 557768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
FF - ProfilePath - c:\users\Konkurada\AppData\Roaming\Mozilla\Firefox\Profiles\n9ysnq1m.default\
FF - prefs.js: browser.search.selectedEngine - Google (avast)
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Cities Skylines_is1 - c:\program files (x86)\Cities Skylines\unins000.exe
AddRemove-Glyph - c:\program files (x86)\Glyph\glyphuninstall.exe
AddRemove-GOGPACKPAPERSPLEASE_is1 - c:\gog games\Papers
AddRemove-HyperCam 2 - c:\program files (x86)\HyperCam 2\HcUnInst.exe
AddRemove-LIMBO - c:\program files (x86)\LIMBO\Desintalar.exe
AddRemove-Star Wars - The Force Unleashed 2_is1 - c:\program files (x86)\Star Wars - The Force Unleashed 2\uninstall\unins000.exe
AddRemove-The Elder Scrolls Online - c:\program files (x86)\Zenimax Online\uninstall\Uninstall The Elder Scrolls Online.exe
AddRemove-U291dGhwYXJrU3RpY2tvZlRydXRo_is1 - c:\program files (x86)\Southpark Stick of Truth\unins000.exe
AddRemove-{2EF34761-F147-4984-8AF1-BB9F8DA76CDD}_is1 - c:\program files (x86)\Star wars Battlefront II\unins000.exe
AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe
AddRemove-uTorrent - c:\users\Konkurada\AppData\Roaming\uTorrent\uTorrent.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1227236975-3566331038-3326167431-1002\Software\SecuROM\License information*]
"datasecu"=hex:b3,f1,d6,8a,24,8c,64,35,9e,b5,13,bb,c9,c1,cc,06,30,bc,25,c0,08,
   01,eb,06,a9,b1,dd,59,85,86,9b,7a,58,5d,48,3d,07,0c,ef,8e,d8,f1,94,c5,20,35,\
"rkeysecu"=hex:32,e8,a3,c8,88,2e,38,14,c3,5e,45,5a,ed,2b,40,85
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-11-06  19:29:07
ComboFix-quarantined-files.txt  2015-11-07 00:29
ComboFix2.txt  2015-01-08 14:30
.
Pre-Run: 674,713,362,432 bytes free
Post-Run: 674,631,790,592 bytes free
.
- - End Of File - - 8CB8BE1AEE81C83B0FC4AECB1915BCD9
A36C5E4F47E84449FF07ED3517B43A31

 



#5 konkurada

konkurada
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan - United States
  • Local time:06:21 AM

Posted 06 November 2015 - 07:47 PM

It looks as though I was incorrect. One symptom has cleared up. Google no longer presents extra advertisements with the "More Results Hub ads." The remaining symptom is both my startup page and new tab page insert the same extremely long, garbled URL which redirects me to Yahoo! My browser settings have not changed and conflict with what actually happens.

 

EDIT: The extra advertisements returned, I was mistaken.


Edited by konkurada, 06 November 2015 - 08:44 PM.


#6 olgun52

olgun52

  • Malware Response Team
  • 3,787 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:21 PM

Posted 07 November 2015 - 07:16 PM

Okay.

 

Registry Fix
-------------------

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type Notepad and press Enter
  • Copy/paste the following text inside the code box into a new notepad document.
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg.
  • Click Save.
  • Double click fix.reg and answer Yes to the prompts. You should receive the message that the entries have been successfully merged. If not, post back with the error message.
  • Delete fix.reg after use.
  • Reboot your computer

===================================================================================================================

Step 1:

icon_zps423a0d9f.jpgPlease download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 2:

Download zoek.exe to your Desktop:
http://hijackthis.nl/smeenk/

Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Here
http://www.bleepingc...opic114351.html

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
Give it a few seconds to appear

Next, copy/paste the entire script inside the codebox below to the input field of Zoek:

createsrpoint;
autoclean;
emptyalltemp;
emptyclsid;

emptyfolderscheck;delete
iedefaults;
FFdefaults;
CHRdefaults;

ipconfig /flushdns;b

Now...
Close any open programs.
Click the Run script button, and wait. It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

 

Step 3:

Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

===================================================
Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Fixlog
  • Zoek. log
  • Emsisoft.log
  • Did the Registry key import properly?

How is the maschine doing now ? Browsers ?

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 konkurada

konkurada
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan - United States
  • Local time:06:21 AM

Posted 07 November 2015 - 08:18 PM

Just finished each step of your last post. The problem has experienced no change.

Logs:

 

~ ZHPCleaner v2015.11.6.374 by Nicolas Coolman (2015/11/06)
~ Run by Konkurada (Administrator)  (07/11/2015 19:44:46)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Konkurada\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Konkurada\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (1)
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : <local>]  =>Hijacker.Proxy
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (1)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (8)
MOVED file: C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_moreresultshub-a.akamaihd.net_0.localstorage    =>PUP.Optional.AkamaiHD
MOVED file: C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_moreresultshub-a.akamaihd.net_0.localstorage-journal    =>PUP.Optional.AkamaiHD
MOVED file: C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage    =>PUP.Optional.Chatango
MOVED file: C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal    =>PUP.Optional.Chatango
MOVED folder: C:\Users\Konkurada\AppData\LocalLow\AVG Web TuneUp  =>Toolbar.AVGSafeGuard
MOVED folder: C:\Windows\Installer\MSI4318.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI59B5.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI62EC.tmp-  =>Empty
 
 
---\\  Registry ( Key, Value, Data) (27)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902274} [CrossriderApp0049074.Sandbox]  =>PUP.Optional.CrossRider
DELETED key*: HKEY_USERS\S-1-5-21-1227236975-3566331038-3326167431-1002\Software\AVG Web TuneUp []  =>Toolbar.AVGSafeGuard
DELETED key: HKCU\Software\AVG Web TuneUp []  =>Toolbar.AVGSafeGuard
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B1C293A-5292-4828-9FCA-EE1CFF44D10} [C:\Program Files (x86)\weDownload Manager Pro (Not File)]  =>PUP.Optional.weDownloadManager
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45946F39-64CF-434D-B032-D31F49EFC943} [C:\Program Files (x86)\weDownload Manager Pro (Not File)]  =>PUP.Optional.weDownloadManager
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{595A2567-1277-4676-B7FF-F61AA8AFC262} [C:\Program Files (x86)\weDownload Manager Pro (Not File)]  =>PUP.Optional.weDownloadManager
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6548AFC5-2788-433A-9E6B-F75BD8CABF1} [C:\Program Files (x86)\weDownload Manager Pro (Not File)]  =>PUP.Optional.weDownloadManager
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{751460DC-7E1F-4A62-8A55-34FAEA0720} [C:\Program Files (x86)\weDownload Manager Pro (Not File)]  =>PUP.Optional.weDownloadManager
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E31DC84-A7C8-4AB9-9A6E-C8FBD6A7439} [C:\Program Files (x86)\weDownload Manager Pro (Not File)]  =>PUP.Optional.weDownloadManager
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBF68D33-D6F6-4DD3-8B19-9F2C5C23327} [C:\Program Files (x86)\weDownload Manager Pro (Not File)]  =>PUP.Optional.weDownloadManager
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA9F8E18-837D-4091-A7D1-4894C8AA8A43} [C:\Program Files (x86)\weDownload Manager Pro (Not File)]  =>PUP.Optional.weDownloadManager
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBEC328D-19B1-44DB-92BF-E6A553DAC80} [C:\Program Files (x86)\weDownload Manager Pro (Not File)]  =>PUP.Optional.weDownloadManager
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Download.SwInstaller [SwInstaller Class]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Download.SwInstaller.1 [SwInstaller Class]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Download.SwInstallerAttributes [SwInstallerAttributes Class]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Download.SwInstallerAttributes.1 [SwInstallerAttributes Class]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl [SwInstallerCtl Class]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1 [SwInstallerCtl Class]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 []  =>PUP.Optional.MyPCBackup
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS []  =>PUP.Optional.MyPCBackup
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\WeatherAlerts_RASAPI32 []  =>PUP.Optional.DesktopWeatherAlerts
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\WeatherAlerts_RASMANCS []  =>PUP.Optional.DesktopWeatherAlerts
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\eSupport UndeletePlus_is1 [Copyright © 2011 eSupport.com • All Rights Reserved]  =>PUP.Optional.eSupport
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{5A513650-9E5E-4E73-B8B3-18AA64D2D91D} [C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe]  =>PUP.Optional.YourFileDownloader
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{5D5A5EB6-371D-49EA-83F0-42DFC720956B} [C:\Program Files (x86)\YourFileDownloader\YourFileDownloader.exe]  =>PUP.Optional.YourFileDownloader
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{2A5A52FD-896E-4501-87AF-15580D04E032} [C:\Program Files (x86)\YourFileDownloader\Downloader.exe]  =>PUP.Optional.YourFileDownloader
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{CFB9AA47-B311-4F4B-9AF9-824BBAF0ABA9} [C:\Program Files (x86)\YourFileDownloader\Downloader.exe]  =>PUP.Optional.YourFileDownloader
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 439
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 36
 
 
~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-07112015-19_45_19.txt
ZHPCleaner-[S]-07112015-19_44_08.txt
 
 

 
Zoek.exe v5.0.0.1 Updated 05-November-2015
Tool run by Konkurada on Sat 11/07/2015 at 19:47:40.06.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Konkurada\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
11/7/2015 7:49:36 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\NCWest deleted successfully
C:\PROGRA~2\Net Nanny deleted successfully
C:\PROGRA~2\Portable deleted successfully
C:\PROGRA~2\SlimDrivers deleted successfully
C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\ATI deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Konkurada\AppData\Roaming\03D40274-1426286825-0558-AB06-E30700080009 deleted successfully
C:\Users\Konkurada\AppData\Roaming\JAM Software deleted successfully
C:\Users\Konkurada\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Konkurada\AppData\Local\Black_Tree_Gaming deleted successfully
C:\Users\Konkurada\AppData\Local\Ubisoft Game Launcher deleted successfully
C:\Users\Konkurada\AppData\Local\Unity deleted successfully
C:\Users\RS Test\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\KONKUR~1\AppData\Roaming\Mozilla\Firefox\Profiles\n9ysnq1m.default\prefs.js:
user_pref("browser.search.defaultenginename", "Google (avast)");
user_pref("browser.search.defaultengine", "Google (avast)");
user_pref("browser.search.selectedEngine", "Google (avast)");
user_pref("browser.search.order.1", "Google (avast)");
 
Added to C:\Users\KONKUR~1\AppData\Roaming\Mozilla\Firefox\Profiles\n9ysnq1m.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\AV Vcs 7.0 not found
C:\PROGRA~2\NCWest not found
C:\PROGRA~2\Net Nanny not found
C:\PROGRA~2\Portable not found
C:\PROGRA~2\SlimDrivers not found
C:\PROGRA~2\netis PCIE Wireless LAN Driver deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Konkurada\AppData\LocalLow\Unity deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\wininit.ini deleted
C:\Users\KONKUR~1\AppData\Roaming\Mozilla\Firefox\Profiles\n9ysnq1m.default\searchplugins\google-avast.xml deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\KONKUR~1\AppData\Roaming\Mozilla\Firefox\Profiles\n9ysnq1m.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [10/26/2015 01:27 AM]
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.80
 
 
YouTube Center - Konkurada\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcegdpionpopahcglnfiiioapcclamdj
Turn Off the Lights - Konkurada\AppData\Local\Google\Chrome\User Data\Default\Extensions\labjanboighjienkhiabgpefblkbmemd
Your Quality for YouTube™ - Konkurada\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfcilgimggemnogfigihdkmapdhhlbph
Tumblr Savior - Konkurada\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip
Avast Online Security - RS Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
 
==== Reset Google Chrome ======================
 
C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\RS Test\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\RS Test\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\RS Test\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCUpdateHelper deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Konkurada\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\Konkurada\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\RS Test\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=62 folders=59 86502758 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Konkurada\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\RS Test\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\KONKUR~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Sat 11/07/2015 at 20:06:36.46 ======================
 
 

Emsisoft Emergency Kit - Version 10.0
Last update: 11/7/2015 8:10:27 PM
User account: Konkurada-PC\Konkurada
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 11/7/2015 8:11:04 PM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
 
Scanned 74393
Found 1
 
Scan end: 11/7/2015 8:15:32 PM
Scan time: 0:04:28
 
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
 
Quarantined 1
 


#8 konkurada

konkurada
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan - United States
  • Local time:06:21 AM

Posted 07 November 2015 - 08:21 PM

EDIT: UPDATE: Problem has been resolved. I tested my other browsers and found that they were not infected. Assumed that whatever infected files were left would be in chrome's origin folder I cleared them all and reinstalled it. I apologize for taking this action without consulting you.


Edited by konkurada, 07 November 2015 - 09:26 PM.


#9 olgun52

olgun52

  • Malware Response Team
  • 3,787 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:21 PM

Posted 08 November 2015 - 12:56 PM

EDIT: UPDATE: Problem has been resolved. I tested my other browsers and found that they were not infected. Assumed that whatever infected files were left would be in chrome's origin folder I cleared them all and reinstalled it. I apologize for taking this action without consulting you.

Nice.
----------------------------------
Flash Player Update:
Your Flash Player is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.

İnstall For İE >> Adobe Flash Player 19 ActiveX ==>Download the Flash Player content debugger for Internet Explorer - ActiveX

İnstall For FF >> Adobe Flash Player 19 NPAPI ==>Download the Flash Player content debugger for Firefox - NPAPI
İnstall For Opera and Chrome >> Adobe Flash player applications PPAPI ==>Download the Flash Player content

 

Browsers restart and please do the following

 

Please If you see Uninstall:

Adobe Flash Player 10 ActiveX
Adobe Flash Player 17 NPAPI

 

Home page:https://www.adobe.com/support/flashplayer/debug_downloads.html

 

 

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Edited by olgun52, 08 November 2015 - 01:12 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 konkurada

konkurada
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan - United States
  • Local time:06:21 AM

Posted 09 November 2015 - 03:34 AM

I apologize for the delay. I've updated Adobe Flashplayer and have finished the ESET scan. Log's pretty small this time.

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\More Results Hub\Extensions\{0f541b94-8ea8-4957-9abe-e0bd229871a4}.xpi.vir JS/BrowseFox.A potentially unwanted application deleted - quarantined



#11 olgun52

olgun52

  • Malware Response Team
  • 3,787 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:21 PM

Posted 09 November 2015 - 10:23 AM

Hi

Step 1:

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

Please follow the below steps to disable "Teredo" and report whether it helps.

 

:step1: Open an elevated "command prompt".

 

http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/

 

:step2: Type the below commands exactly and press "Enter" key.

 

      netsh interface teredo set state disabled

 

     Reboot the system when completed and check how the torrents works.

---------------------------------------------------------------------------------------------------

Please update this driver.

AODDriver4.2.0

https://community.amd.com/thread/170980

 

 

Step 2:

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

Step 3:

Java update:
Updating Java and Clearing Cache:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.

  • Download the latest version of Java Runtime Environment (JRE) 8
  • Recommended Version is 8 Update 40 
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows Offline (64-bit)  and save the file.
  • Close any programs you may have running - especially your web browser.

java-1.jpg
See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 olgun52

olgun52

  • Malware Response Team
  • 3,787 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:21 PM

Posted 12 November 2015 - 10:23 AM

Are you still with me ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 olgun52

olgun52

  • Malware Response Team
  • 3,787 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:21 PM

Posted 13 November 2015 - 07:49 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users