Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot get rid of Malware after using BitTorrent


  • This topic is locked This topic is locked
23 replies to this topic

#1 The_Atomik_Punk!

The_Atomik_Punk!

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 22 March 2016 - 04:53 PM

Hey there, I recently installed and used the BitTorrent application, which I as a rule avoid due to obvious security risks. Well, it seems like after using the program, there is malware on my computer that I can't permanently remove with ADWCleaner, JRT, or MalwareBytes.

 

Here are the entries from JRT.txt that keep reappearing:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Home Premium x64
Ran by Bozanic (Administrator) on 22/03/2016 at 17:32:47.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\Users\Bozanic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5G05ALP6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Bozanic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5IB5RVUS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5G05ALP6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5IB5RVUS (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/03/2016 at 17:34:52.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

They'll be detected by that program and removed, but they reappear after a reboot. Any assistance would be greatly appreciated.

 

Below is my FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Bozanic (administrator) on HOME (22-03-2016 17:39:14)
Running from C:\Users\Bozanic\Desktop
Loaded Profiles: Bozanic (Available Profiles: Bozanic)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Pure Networks, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Pure Networks, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15009400 2015-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [648504 2008-04-09] (Pure Networks, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-83309794-306972057-1910643756-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-22] (BillP Studios)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2CF95629-505C-4DDD-BDB2-EC18283EA095}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FB3A5375-1EEB-460F-A063-4087BF229462}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-83309794-306972057-1910643756-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2011-12-29] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-12-29] (Sun Microsystems, Inc.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp3.dll [2008-04-25] (Pure Networks, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Bozanic\AppData\Roaming\Mozilla\Firefox\Profiles\1nuw3p9b.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-19] ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-12-29] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-01-27] (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-83309794-306972057-1910643756-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-01-27] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-11-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-11-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-11-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-11-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-11-03] (Apple Inc.)
FF Extension: Disconnect - C:\Users\Bozanic\AppData\Roaming\Mozilla\Firefox\Profiles\1nuw3p9b.default\extensions\2.0@disconnect.me.xpi [2015-10-28]
FF Extension: HTTPS-Everywhere - C:\Users\Bozanic\AppData\Roaming\Mozilla\Firefox\Profiles\1nuw3p9b.default\extensions\https-everywhere-eff@eff.org [2016-02-24]
FF Extension: Bluhell Firewall - C:\Users\Bozanic\AppData\Roaming\Mozilla\Firefox\Profiles\1nuw3p9b.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2016-01-20]
FF Extension: Adblock Plus - C:\Users\Bozanic\AppData\Roaming\Mozilla\Firefox\Profiles\1nuw3p9b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-15] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 a2AntiMalware; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2service.exe [5509384 2015-07-08] (Emsisoft Ltd)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2015-08-09] (BioWare)
S4 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
S4 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2010-06-24] (Avid Technology, Inc..) [File not signed]
S3 LinksysUpdater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-04-18] () [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-10-14] (Logitech Inc.)
S4 MobilePreIIAudioDevMon; C:\Program Files (x86)\M-Audio\MobilePre\AudioDevMon.exe [1923592 2010-06-21] (M-Audio)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-01] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [334848 2010-08-10] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp64; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp64.sys [136456 2015-07-08] (Emsisoft GmbH)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 MAUSBMOBILEPREII; C:\Windows\System32\DRIVERS\MAudioMobilePreII.sys [484360 2010-06-21] (M-Audio)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [47616 2007-12-17] ()
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-22 17:39 - 2016-03-22 17:40 - 00016086 _____ C:\Users\Bozanic\Desktop\FRST.txt
2016-03-22 17:39 - 2016-03-22 17:39 - 00000000 ____D C:\FRST
2016-03-22 17:25 - 2016-03-22 17:25 - 02374144 _____ (Farbar) C:\Users\Bozanic\Desktop\FRST64.exe
2016-03-22 17:17 - 2016-03-22 17:34 - 00001216 _____ C:\Users\Bozanic\Desktop\JRT.txt
2016-03-22 16:25 - 2016-03-22 16:25 - 00000000 ____D C:\Users\Bozanic\AppData\LocalLow\BitTorrent
2016-03-22 15:30 - 2016-03-22 16:42 - 00001216 _____ C:\Users\Bozanic\Desktop\JRT1.txt
2016-03-19 22:54 - 2016-03-19 22:54 - 00000000 ____D C:\Users\Bozanic\Documents\Shadowrun Returns
2016-03-19 22:53 - 2016-03-19 22:53 - 00001712 _____ C:\Users\Public\Desktop\Shadowrun Returns.lnk
2016-03-14 12:57 - 2016-03-14 12:57 - 00008948 _____ C:\Users\Bozanic\Documents\Squat Lecture Pitch Promo.odt
2016-03-12 19:24 - 2016-03-12 19:24 - 00001729 _____ C:\Users\Public\Desktop\Giants - Citizen Kabuto.lnk
2016-03-10 19:28 - 2016-03-14 00:40 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-07 16:57 - 2016-03-07 16:57 - 00000222 _____ C:\Users\Bozanic\Desktop\Binary Domain.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-22 17:35 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-22 17:34 - 2009-07-14 00:45 - 00021296 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-22 17:34 - 2009-07-14 00:45 - 00021296 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-22 17:18 - 2009-07-14 01:13 - 00797888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-22 17:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-03-22 16:45 - 2014-05-14 18:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-22 16:44 - 2014-05-14 18:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-22 16:29 - 2014-05-20 11:38 - 00000000 ____D C:\AdwCleaner
2016-03-22 11:59 - 2013-05-05 15:51 - 00000000 ____D C:\Users\Bozanic\Downloads\Torrents
2016-03-22 10:11 - 2012-04-18 17:39 - 00000000 ____D C:\Users\Bozanic\Documents\Omar
2016-03-21 01:43 - 2012-01-08 14:05 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-20 20:49 - 2013-03-06 03:21 - 00013275 _____ C:\Users\Bozanic\Desktop\New Text Document.txt
2016-03-20 09:49 - 2013-07-03 12:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-19 22:53 - 2012-04-21 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-03-19 22:50 - 2012-12-22 13:28 - 00000000 ____D C:\GOG Games
2016-03-19 22:49 - 2012-04-21 23:57 - 00000000 ____D C:\Users\Bozanic\Documents\GOG.com Downloads
2016-03-19 22:47 - 2012-01-27 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-19 15:17 - 2012-01-04 18:18 - 00000000 ____D C:\Users\Bozanic\AppData\Local\Adobe
2016-03-19 15:15 - 2012-06-09 18:57 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-19 15:15 - 2011-12-29 14:36 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-19 15:14 - 2012-01-04 15:19 - 00001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-19 15:14 - 2012-01-04 15:19 - 00001145 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-14 18:24 - 2012-07-31 17:57 - 00000000 ____D C:\Users\Bozanic\AppData\Local\Steam
2016-03-14 14:38 - 2012-12-18 14:52 - 00000000 ____D C:\Users\Bozanic\Documents\Mileva Bozanich
2016-03-12 19:15 - 2014-10-24 13:40 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-10 14:09 - 2014-05-14 18:33 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2014-05-14 18:33 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2014-02-10 17:35 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-10 09:47 - 2015-07-01 14:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2012-05-24 23:49 - 2012-06-02 19:19 - 0000008 _____ () C:\Users\Bozanic\AppData\Roaming\Lucid_player_highscore.dat
2012-05-24 23:49 - 2012-06-02 19:19 - 0000212 _____ () C:\Users\Bozanic\AppData\Roaming\Lucid_player_profiles_data.dat
2012-01-27 23:34 - 2012-01-27 23:34 - 0000095 _____ () C:\Users\Bozanic\AppData\Local\fusioncache.dat
2012-01-08 13:10 - 2012-01-08 13:10 - 0007602 _____ () C:\Users\Bozanic\AppData\Local\Resmon.ResmonCfg
2015-06-30 16:36 - 2015-09-19 13:21 - 0000041 ___SH () C:\ProgramData\.zreglib

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-19 13:02

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:00 AM

Posted 22 March 2016 - 06:04 PM

Hello The_Atomik_Punk!, and   :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts.  :heart: Please be courteous and appreciative for the assistance provided!

  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==================================================

 

Download attached fixlist.txt file and save it to the Desktop.


NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Also, update me on how your system is performing after running the fix.

Attached Files


Best Regards,
oneof4.


#3 The_Atomik_Punk!

The_Atomik_Punk!
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 22 March 2016 - 07:49 PM

Thank you very much for looking into my problem, oneof4!

 

I completed the instructions as you listed, and below is my Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Bozanic (2016-03-22 20:44:51) Run:1
Running from C:\Users\Bozanic\Desktop
Loaded Profiles: Bozanic (Available Profiles: Bozanic)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-15] [not signed]
AlternateDataStreams: C:\Windows:E442292B90659421 [50]
AlternateDataStreams: C:\ProgramData\Microsoft:2NAlk8tCLFREjGG16G1QFe [2308]
AlternateDataStreams: C:\ProgramData\Microsoft:5Nhd6R1CmIBdaPyjOZj8FoUl [2492]
AlternateDataStreams: C:\Users\Bozanic\Cookies:WifIMrPWngEyyLPHRsX [2354]
AlternateDataStreams: C:\Users\Bozanic\Local Settings:9kNdE10npNkvhzzS0QCYbeI [2094]
AlternateDataStreams: C:\Users\Bozanic\Local Settings:Eb3XuKQtoZcEepCU0wLUJ8 [2152]
AlternateDataStreams: C:\Users\Bozanic\Local Settings:i7QtQpibsXibUDqZ5VZvm8dPnN [1928]
AlternateDataStreams: C:\Users\Bozanic\Local Settings:NZGH41wRsOJNBkyp [2080]
AlternateDataStreams: C:\Users\Bozanic\AppData\Local:9kNdE10npNkvhzzS0QCYbeI [2094]
AlternateDataStreams: C:\Users\Bozanic\AppData\Local:Eb3XuKQtoZcEepCU0wLUJ8 [2152]
AlternateDataStreams: C:\Users\Bozanic\AppData\Local:i7QtQpibsXibUDqZ5VZvm8dPnN [1928]
AlternateDataStreams: C:\Users\Bozanic\AppData\Local:NZGH41wRsOJNBkyp [2080]
AlternateDataStreams: C:\Users\Bozanic\AppData\Local\Application Data:9kNdE10npNkvhzzS0QCYbeI [2094]
AlternateDataStreams: C:\Users\Bozanic\AppData\Local\Application Data:Eb3XuKQtoZcEepCU0wLUJ8 [2152]
AlternateDataStreams: C:\Users\Bozanic\AppData\Local\Application Data:i7QtQpibsXibUDqZ5VZvm8dPnN [1928]
AlternateDataStreams: C:\Users\Bozanic\AppData\Local\Application Data:NZGH41wRsOJNBkyp [2080]
AlternateDataStreams: C:\Users\Bozanic\AppData\Local\fMHytzidHIX:WwlFmgodO46QkaWnPz1VFa0TvQ20Dg [2226]
AlternateDataStreams: C:\Users\Bozanic\AppData\Local\Temporary Internet Files:2Dw2ZdxhKqgKG89H3etiI [2244]
AlternateDataStreams: C:\Users\Bozanic\AppData\Local\Temporary Internet Files:3iEgoKmC3E6g2S8bNHGReusagQM [2228]
AlternateDataStreams: C:\Users\Bozanic\AppData\Local\Temporary Internet Files:7yC97NJAfgQ5Gx1l [1968]
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi => moved successfully
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi => path removed successfully
C:\Windows => ":E442292B90659421" ADS removed successfully.
C:\ProgramData\Microsoft => ":2NAlk8tCLFREjGG16G1QFe" ADS removed successfully.
C:\ProgramData\Microsoft => ":5Nhd6R1CmIBdaPyjOZj8FoUl" ADS removed successfully.
"C:\Users\Bozanic\Cookies" => ":WifIMrPWngEyyLPHRsX" ADS not found.
"C:\Users\Bozanic\Local Settings" => ":9kNdE10npNkvhzzS0QCYbeI" ADS not found.
"C:\Users\Bozanic\Local Settings" => ":Eb3XuKQtoZcEepCU0wLUJ8" ADS not found.
"C:\Users\Bozanic\Local Settings" => ":i7QtQpibsXibUDqZ5VZvm8dPnN" ADS not found.
"C:\Users\Bozanic\Local Settings" => ":NZGH41wRsOJNBkyp" ADS not found.
C:\Users\Bozanic\AppData\Local => ":9kNdE10npNkvhzzS0QCYbeI" ADS removed successfully.
C:\Users\Bozanic\AppData\Local => ":Eb3XuKQtoZcEepCU0wLUJ8" ADS removed successfully.
C:\Users\Bozanic\AppData\Local => ":i7QtQpibsXibUDqZ5VZvm8dPnN" ADS removed successfully.
C:\Users\Bozanic\AppData\Local => ":NZGH41wRsOJNBkyp" ADS removed successfully.
"C:\Users\Bozanic\AppData\Local\Application Data" => ":9kNdE10npNkvhzzS0QCYbeI" ADS not found.
"C:\Users\Bozanic\AppData\Local\Application Data" => ":Eb3XuKQtoZcEepCU0wLUJ8" ADS not found.
"C:\Users\Bozanic\AppData\Local\Application Data" => ":i7QtQpibsXibUDqZ5VZvm8dPnN" ADS not found.
"C:\Users\Bozanic\AppData\Local\Application Data" => ":NZGH41wRsOJNBkyp" ADS not found.
C:\Users\Bozanic\AppData\Local\fMHytzidHIX => ":WwlFmgodO46QkaWnPz1VFa0TvQ20Dg" ADS removed successfully.
"C:\Users\Bozanic\AppData\Local\Temporary Internet Files" => ":2Dw2ZdxhKqgKG89H3etiI" ADS not found.
"C:\Users\Bozanic\AppData\Local\Temporary Internet Files" => ":3iEgoKmC3E6g2S8bNHGReusagQM" ADS not found.
"C:\Users\Bozanic\AppData\Local\Temporary Internet Files" => ":7yC97NJAfgQ5Gx1l" ADS not found.

==== End of Fixlog 20:44:51 ====

 

My system performance is nominal, although it was beforehand as well. I'm just concerned that whatever that malware/spyware was that keeps popping up after a reboot and purge by JRT and Malewarebytes may be malicious in nature beyond just search engine redirects, hence my posting here.

 

*EDIT* There is something a little strange I just observed; my Firedox browser is "changed" slightly. The "x" that I would normally click to close a tab is larger (somewhat scaled up), and has a strange highlight effect to it when moused over now...


Edited by The_Atomik_Punk!, 22 March 2016 - 07:54 PM.


#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:00 AM

Posted 22 March 2016 - 08:19 PM

Are you being redirected or any other strange issues when browsing with FF?


Best Regards,
oneof4.


#5 The_Atomik_Punk!

The_Atomik_Punk!
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 22 March 2016 - 08:24 PM

Are you being redirected or any other strange issues when browsing with FF?

 

Initially my search engine (which was set to google) was being redirected to something else, something called Tuvio I think (could be wrong about that spelling)? After setting it back to Google as the default search engine, no other abnormal FF behaviour, other than that inexplicable "larger x" at the top of my tabs in the browser, although I think the fixlog might have done that.



#6 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:00 AM

Posted 22 March 2016 - 09:30 PM

Okay, if you would, run FRST again and post the first.txt in your next reply.


Best Regards,
oneof4.


#7 The_Atomik_Punk!

The_Atomik_Punk!
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 22 March 2016 - 10:00 PM

Okay, if you would, run FRST again and post the first.txt in your next reply.

So I attempted to run FRST again, hit scan... and the program seemed to stall. It was stuck at scanning Firefox (browser was still open). I'm going to reboot and attempt the scan again.



#8 The_Atomik_Punk!

The_Atomik_Punk!
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 22 March 2016 - 10:09 PM

Alright, after a reboot I successfully ran FRST again; below is the resulting FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Bozanic (administrator) on HOME (22-03-2016 23:03:25)
Running from C:\Users\Bozanic\Desktop
Loaded Profiles: Bozanic (Available Profiles: Bozanic)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Pure Networks, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Pure Networks, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15009400 2015-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [648504 2008-04-09] (Pure Networks, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-83309794-306972057-1910643756-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-22] (BillP Studios)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2CF95629-505C-4DDD-BDB2-EC18283EA095}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FB3A5375-1EEB-460F-A063-4087BF229462}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-83309794-306972057-1910643756-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2011-12-29] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-12-29] (Sun Microsystems, Inc.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp3.dll [2008-04-25] (Pure Networks, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Bozanic\AppData\Roaming\Mozilla\Firefox\Profiles\1nuw3p9b.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-19] ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-12-29] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-01-27] (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-83309794-306972057-1910643756-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-01-27] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-11-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-11-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-11-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-11-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-11-03] (Apple Inc.)
FF Extension: Disconnect - C:\Users\Bozanic\AppData\Roaming\Mozilla\Firefox\Profiles\1nuw3p9b.default\extensions\2.0@disconnect.me.xpi [2015-10-28]
FF Extension: HTTPS-Everywhere - C:\Users\Bozanic\AppData\Roaming\Mozilla\Firefox\Profiles\1nuw3p9b.default\extensions\https-everywhere-eff@eff.org [2016-02-24]
FF Extension: Bluhell Firewall - C:\Users\Bozanic\AppData\Roaming\Mozilla\Firefox\Profiles\1nuw3p9b.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2016-01-20]
FF Extension: Adblock Plus - C:\Users\Bozanic\AppData\Roaming\Mozilla\Firefox\Profiles\1nuw3p9b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 a2AntiMalware; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2service.exe [5509384 2015-07-08] (Emsisoft Ltd)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2015-08-09] (BioWare)
S4 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
S4 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2010-06-24] (Avid Technology, Inc..) [File not signed]
S3 LinksysUpdater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-04-18] () [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-10-14] (Logitech Inc.)
S4 MobilePreIIAudioDevMon; C:\Program Files (x86)\M-Audio\MobilePre\AudioDevMon.exe [1923592 2010-06-21] (M-Audio)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-01] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [334848 2010-08-10] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp64; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp64.sys [136456 2015-07-08] (Emsisoft GmbH)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 MAUSBMOBILEPREII; C:\Windows\System32\DRIVERS\MAudioMobilePreII.sys [484360 2010-06-21] (M-Audio)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [47616 2007-12-17] ()
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-22 23:03 - 2016-03-22 23:04 - 00015608 _____ C:\Users\Bozanic\Desktop\FRST.txt
2016-03-22 20:44 - 2016-03-22 20:44 - 00005161 _____ C:\Users\Bozanic\Desktop\Fixlog.txt
2016-03-22 17:39 - 2016-03-22 23:03 - 00000000 ____D C:\FRST
2016-03-22 17:25 - 2016-03-22 17:25 - 02374144 _____ (Farbar) C:\Users\Bozanic\Desktop\FRST64.exe
2016-03-22 17:17 - 2016-03-22 17:34 - 00001216 _____ C:\Users\Bozanic\Desktop\JRT.txt
2016-03-22 16:25 - 2016-03-22 16:25 - 00000000 ____D C:\Users\Bozanic\AppData\LocalLow\BitTorrent
2016-03-22 15:30 - 2016-03-22 16:42 - 00001216 _____ C:\Users\Bozanic\Desktop\JRT1.txt
2016-03-19 22:54 - 2016-03-19 22:54 - 00000000 ____D C:\Users\Bozanic\Documents\Shadowrun Returns
2016-03-19 22:53 - 2016-03-19 22:53 - 00001712 _____ C:\Users\Public\Desktop\Shadowrun Returns.lnk
2016-03-14 12:57 - 2016-03-14 12:57 - 00008948 _____ C:\Users\Bozanic\Documents\Squat Lecture Pitch Promo.odt
2016-03-12 19:24 - 2016-03-12 19:24 - 00001729 _____ C:\Users\Public\Desktop\Giants - Citizen Kabuto.lnk
2016-03-10 19:28 - 2016-03-14 00:40 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-07 16:57 - 2016-03-07 16:57 - 00000222 _____ C:\Users\Bozanic\Desktop\Binary Domain.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-22 23:02 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-22 18:05 - 2013-03-06 03:21 - 00013789 _____ C:\Users\Bozanic\Desktop\New Text Document.txt
2016-03-22 17:43 - 2009-07-14 01:13 - 00797888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-22 17:43 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-03-22 17:41 - 2009-07-14 00:45 - 00021296 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-22 17:41 - 2009-07-14 00:45 - 00021296 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-22 16:45 - 2014-05-14 18:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-22 16:44 - 2014-05-14 18:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-22 16:29 - 2014-05-20 11:38 - 00000000 ____D C:\AdwCleaner
2016-03-22 11:59 - 2013-05-05 15:51 - 00000000 ____D C:\Users\Bozanic\Downloads\Torrents
2016-03-22 10:11 - 2012-04-18 17:39 - 00000000 ____D C:\Users\Bozanic\Documents\Omar
2016-03-21 01:43 - 2012-01-08 14:05 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-20 09:49 - 2013-07-03 12:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-19 22:53 - 2012-04-21 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-03-19 22:50 - 2012-12-22 13:28 - 00000000 ____D C:\GOG Games
2016-03-19 22:49 - 2012-04-21 23:57 - 00000000 ____D C:\Users\Bozanic\Documents\GOG.com Downloads
2016-03-19 22:47 - 2012-01-27 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-19 15:17 - 2012-01-04 18:18 - 00000000 ____D C:\Users\Bozanic\AppData\Local\Adobe
2016-03-19 15:15 - 2012-06-09 18:57 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-19 15:15 - 2011-12-29 14:36 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-19 15:14 - 2012-01-04 15:19 - 00001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-19 15:14 - 2012-01-04 15:19 - 00001145 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-14 18:24 - 2012-07-31 17:57 - 00000000 ____D C:\Users\Bozanic\AppData\Local\Steam
2016-03-14 14:38 - 2012-12-18 14:52 - 00000000 ____D C:\Users\Bozanic\Documents\Mileva Bozanich
2016-03-12 19:15 - 2014-10-24 13:40 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-10 14:09 - 2014-05-14 18:33 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2014-05-14 18:33 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2014-02-10 17:35 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-10 09:47 - 2015-07-01 14:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2012-05-24 23:49 - 2012-06-02 19:19 - 0000008 _____ () C:\Users\Bozanic\AppData\Roaming\Lucid_player_highscore.dat
2012-05-24 23:49 - 2012-06-02 19:19 - 0000212 _____ () C:\Users\Bozanic\AppData\Roaming\Lucid_player_profiles_data.dat
2012-01-27 23:34 - 2012-01-27 23:34 - 0000095 _____ () C:\Users\Bozanic\AppData\Local\fusioncache.dat
2012-01-08 13:10 - 2012-01-08 13:10 - 0007602 _____ () C:\Users\Bozanic\AppData\Local\Resmon.ResmonCfg
2015-06-30 16:36 - 2015-09-19 13:21 - 0000041 ___SH () C:\ProgramData\.zreglib

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-19 13:02

==================== End of FRST.txt ============================



#9 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:00 AM

Posted 23 March 2016 - 07:41 AM

Hey :)

 

You are correct, I had you remove a FF extension that doesn't need removing so please follow the instructions below to restore it:

 

Download attached fixlist.txt file and save it to the Desktop.


NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Check FF and see if it now looks like you remember. 

Attached Files


Edited by oneof4, 23 March 2016 - 11:58 AM.

Best Regards,
oneof4.


#10 The_Atomik_Punk!

The_Atomik_Punk!
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 23 March 2016 - 04:06 PM

Yep, Firefox looks as it did before; below is the generated Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Bozanic (2016-03-23 17:04:30) Run:2
Running from C:\Users\Bozanic\Desktop
Loaded Profiles: Bozanic (Available Profiles: Bozanic)
Boot Mode: Normal
==============================================

fixlist content:
*****************
RestoreQuarantine: C:\FRST\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\extensions

*****************

RestoreQuarantine: C:\FRST\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\extensions=> Restoring from Quarantine completed.

==== End of Fixlog 17:04:30 ====



#11 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:00 AM

Posted 24 March 2016 - 05:47 AM

Okay, now please run FRST again and post the fresh first.txt


Best Regards,
oneof4.


#12 The_Atomik_Punk!

The_Atomik_Punk!
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 24 March 2016 - 06:26 AM

Sure thing, oneof4; below is the fresh FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Bozanic (administrator) on HOME (24-03-2016 07:23:25)
Running from C:\Users\Bozanic\Desktop
Loaded Profiles: Bozanic (Available Profiles: Bozanic)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Pure Networks, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Pure Networks, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15009400 2015-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [648504 2008-04-09] (Pure Networks, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-83309794-306972057-1910643756-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-22] (BillP Studios)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2CF95629-505C-4DDD-BDB2-EC18283EA095}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FB3A5375-1EEB-460F-A063-4087BF229462}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-83309794-306972057-1910643756-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2011-12-29] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-12-29] (Sun Microsystems, Inc.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp3.dll [2008-04-25] (Pure Networks, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Bozanic\AppData\Roaming\Mozilla\Firefox\Profiles\1nuw3p9b.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-19] ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-12-29] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-01-27] (Pando Networks)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-83309794-306972057-1910643756-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-01-27] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-11-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-11-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-11-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-11-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-11-03] (Apple Inc.)
FF Extension: Disconnect - C:\Users\Bozanic\AppData\Roaming\Mozilla\Firefox\Profiles\1nuw3p9b.default\extensions\2.0@disconnect.me.xpi [2015-10-28]
FF Extension: HTTPS-Everywhere - C:\Users\Bozanic\AppData\Roaming\Mozilla\Firefox\Profiles\1nuw3p9b.default\extensions\https-everywhere-eff@eff.org [2016-03-24]
FF Extension: Bluhell Firewall - C:\Users\Bozanic\AppData\Roaming\Mozilla\Firefox\Profiles\1nuw3p9b.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2016-01-20]
FF Extension: Adblock Plus - C:\Users\Bozanic\AppData\Roaming\Mozilla\Firefox\Profiles\1nuw3p9b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-15] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 a2AntiMalware; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2service.exe [5509384 2015-07-08] (Emsisoft Ltd)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2015-08-09] (BioWare)
S4 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
S4 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2010-06-24] (Avid Technology, Inc..) [File not signed]
S3 LinksysUpdater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-04-18] () [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-10-14] (Logitech Inc.)
S4 MobilePreIIAudioDevMon; C:\Program Files (x86)\M-Audio\MobilePre\AudioDevMon.exe [1923592 2010-06-21] (M-Audio)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-01] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [334848 2010-08-10] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp64; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp64.sys [136456 2015-07-08] (Emsisoft GmbH)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 MAUSBMOBILEPREII; C:\Windows\System32\DRIVERS\MAudioMobilePreII.sys [484360 2010-06-21] (M-Audio)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [47616 2007-12-17] ()
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-24 07:23 - 2016-03-24 07:23 - 00015896 _____ C:\Users\Bozanic\Desktop\FRST.txt
2016-03-24 00:58 - 2016-03-24 01:08 - 00000000 ____D C:\ProgramData\SlySoft
2016-03-23 17:04 - 2016-03-23 17:04 - 00000605 _____ C:\Users\Bozanic\Desktop\Fixlog.txt
2016-03-22 17:39 - 2016-03-24 07:23 - 00000000 ____D C:\FRST
2016-03-22 17:25 - 2016-03-22 17:25 - 02374144 _____ (Farbar) C:\Users\Bozanic\Desktop\FRST64.exe
2016-03-22 16:25 - 2016-03-22 16:25 - 00000000 ____D C:\Users\Bozanic\AppData\LocalLow\BitTorrent
2016-03-19 22:54 - 2016-03-19 22:54 - 00000000 ____D C:\Users\Bozanic\Documents\Shadowrun Returns
2016-03-19 22:53 - 2016-03-19 22:53 - 00001712 _____ C:\Users\Public\Desktop\Shadowrun Returns.lnk
2016-03-14 12:57 - 2016-03-14 12:57 - 00008948 _____ C:\Users\Bozanic\Documents\Squat Lecture Pitch Promo.odt
2016-03-12 19:24 - 2016-03-12 19:24 - 00001729 _____ C:\Users\Public\Desktop\Giants - Citizen Kabuto.lnk
2016-03-10 19:28 - 2016-03-14 00:40 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-07 16:57 - 2016-03-07 16:57 - 00000222 _____ C:\Users\Bozanic\Desktop\Binary Domain.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-24 07:18 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-24 01:06 - 2009-07-14 01:13 - 00797888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-24 01:06 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-03-24 01:05 - 2009-07-14 00:45 - 00021296 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-24 01:05 - 2009-07-14 00:45 - 00021296 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-24 01:04 - 2014-05-14 18:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-24 01:01 - 2015-06-30 16:36 - 00000041 ___SH C:\ProgramData\.zreglib
2016-03-24 00:58 - 2015-06-30 16:32 - 00000000 ____D C:\Program Files (x86)\SlySoft
2016-03-22 18:05 - 2013-03-06 03:21 - 00013789 _____ C:\Users\Bozanic\Desktop\New Text Document.txt
2016-03-22 16:44 - 2014-05-14 18:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-22 16:29 - 2014-05-20 11:38 - 00000000 ____D C:\AdwCleaner
2016-03-22 11:59 - 2013-05-05 15:51 - 00000000 ____D C:\Users\Bozanic\Downloads\Torrents
2016-03-22 10:11 - 2012-04-18 17:39 - 00000000 ____D C:\Users\Bozanic\Documents\Omar
2016-03-21 01:43 - 2012-01-08 14:05 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-20 09:49 - 2013-07-03 12:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-19 22:53 - 2012-04-21 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-03-19 22:50 - 2012-12-22 13:28 - 00000000 ____D C:\GOG Games
2016-03-19 22:49 - 2012-04-21 23:57 - 00000000 ____D C:\Users\Bozanic\Documents\GOG.com Downloads
2016-03-19 22:47 - 2012-01-27 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-19 15:17 - 2012-01-04 18:18 - 00000000 ____D C:\Users\Bozanic\AppData\Local\Adobe
2016-03-19 15:15 - 2012-06-09 18:57 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-19 15:15 - 2011-12-29 14:36 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-19 15:14 - 2012-01-04 15:19 - 00001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-19 15:14 - 2012-01-04 15:19 - 00001145 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-14 18:24 - 2012-07-31 17:57 - 00000000 ____D C:\Users\Bozanic\AppData\Local\Steam
2016-03-14 14:38 - 2012-12-18 14:52 - 00000000 ____D C:\Users\Bozanic\Documents\Mileva Bozanich
2016-03-12 19:15 - 2014-10-24 13:40 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-10 14:09 - 2014-05-14 18:33 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2014-05-14 18:33 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2014-02-10 17:35 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-10 09:47 - 2015-07-01 14:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2012-05-24 23:49 - 2012-06-02 19:19 - 0000008 _____ () C:\Users\Bozanic\AppData\Roaming\Lucid_player_highscore.dat
2012-05-24 23:49 - 2012-06-02 19:19 - 0000212 _____ () C:\Users\Bozanic\AppData\Roaming\Lucid_player_profiles_data.dat
2012-01-27 23:34 - 2012-01-27 23:34 - 0000095 _____ () C:\Users\Bozanic\AppData\Local\fusioncache.dat
2012-01-08 13:10 - 2012-01-08 13:10 - 0007602 _____ () C:\Users\Bozanic\AppData\Local\Resmon.ResmonCfg
2015-06-30 16:36 - 2016-03-24 01:01 - 0000041 ___SH () C:\ProgramData\.zreglib

Some files in TEMP:
====================
C:\Users\Bozanic\AppData\Local\temp\KeygenCloneCD__7934_il62214.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-19 13:02

==================== End of FRST.txt ============================



#13 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:00 AM

Posted 24 March 2016 - 06:45 AM

Hey :)

 

Download attached fixlist.txt file and save it to the Desktop.


NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

==========

 

 

Please download AdwCleaner by Xplode and save to your Desktop.
 

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

Attached Files


Best Regards,
oneof4.


#14 The_Atomik_Punk!

The_Atomik_Punk!
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 24 March 2016 - 07:02 AM

You got it. Below is the generated fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Bozanic (2016-03-24 07:57:18) Run:3
Running from C:\Users\Bozanic\Desktop
Loaded Profiles: Bozanic (Available Profiles: Bozanic)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\Bozanic\AppData\Local\temp\KeygenCloneCD__7934_il62214.exe

*****************

C:\Users\Bozanic\AppData\Local\temp\KeygenCloneCD__7934_il62214.exe => moved successfully

==== End of Fixlog 07:57:19 ====

 

 

 

 

 

 

 

 

And now for the AdwCleaner logfile:

 

# AdwCleaner v4.203 - Logfile created 31/05/2015 at 20:37:27
# Updated 30/04/2015 by Xplode
# Database : 2015-05-31.5 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Bozanic - HOME
# Running from : C:\Users\Bozanic\Downloads\Programs\System Utilities\Anti-Virus\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Bozanic\AppData\Roaming\OpenCandy

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [820 bytes] - [20/05/2014 11:38:11]
AdwCleaner[R10].txt - [1638 bytes] - [01/08/2014 18:09:55]
AdwCleaner[R11].txt - [1885 bytes] - [15/08/2014 17:55:25]
AdwCleaner[R12].txt - [1939 bytes] - [17/08/2014 17:02:04]
AdwCleaner[R13].txt - [1941 bytes] - [29/08/2014 18:35:43]
AdwCleaner[R14].txt - [2141 bytes] - [01/09/2014 11:24:58]
AdwCleaner[R15].txt - [2124 bytes] - [09/09/2014 07:37:52]
AdwCleaner[R16].txt - [2185 bytes] - [12/09/2014 16:40:02]
AdwCleaner[R17].txt - [2248 bytes] - [02/10/2014 15:02:30]
AdwCleaner[R18].txt - [2309 bytes] - [11/10/2014 08:06:20]
AdwCleaner[R19].txt - [2299 bytes] - [17/10/2014 15:43:13]
AdwCleaner[R1].txt - [879 bytes] - [22/05/2014 22:26:53]
AdwCleaner[R20].txt - [2636 bytes] - [22/10/2014 20:52:13]
AdwCleaner[R21].txt - [2537 bytes] - [30/10/2014 19:48:09]
AdwCleaner[R22].txt - [2632 bytes] - [14/11/2014 21:29:41]
AdwCleaner[R23].txt - [2693 bytes] - [22/11/2014 12:12:38]
AdwCleaner[R24].txt - [2754 bytes] - [30/11/2014 12:16:15]
AdwCleaner[R25].txt - [2817 bytes] - [09/12/2014 14:05:49]
AdwCleaner[R26].txt - [2878 bytes] - [10/01/2015 18:28:13]
AdwCleaner[R27].txt - [3069 bytes] - [31/01/2015 00:38:24]
AdwCleaner[R28].txt - [3085 bytes] - [03/02/2015 21:31:52]
AdwCleaner[R29].txt - [3104 bytes] - [27/02/2015 16:39:30]
AdwCleaner[R2].txt - [985 bytes] - [27/05/2014 14:59:18]
AdwCleaner[R30].txt - [3167 bytes] - [13/03/2015 21:48:57]
AdwCleaner[R31].txt - [3227 bytes] - [27/03/2015 19:45:04]
AdwCleaner[R32].txt - [3287 bytes] - [28/03/2015 18:58:10]
AdwCleaner[R33].txt - [3347 bytes] - [01/04/2015 16:35:28]
AdwCleaner[R34].txt - [3409 bytes] - [11/04/2015 20:10:06]
AdwCleaner[R35].txt - [3469 bytes] - [12/04/2015 22:29:16]
AdwCleaner[R36].txt - [3529 bytes] - [04/05/2015 17:34:41]
AdwCleaner[R37].txt - [3755 bytes] - [21/05/2015 23:26:02]
AdwCleaner[R38].txt - [3708 bytes] - [25/05/2015 15:14:48]
AdwCleaner[R39].txt - [3768 bytes] - [29/05/2015 06:33:40]
AdwCleaner[R3].txt - [997 bytes] - [13/06/2014 21:03:06]
AdwCleaner[R40].txt - [3887 bytes] - [31/05/2015 20:34:54]
AdwCleaner[R4].txt - [1054 bytes] - [19/06/2014 18:46:07]
AdwCleaner[R5].txt - [1147 bytes] - [01/07/2014 15:47:07]
AdwCleaner[R6].txt - [1287 bytes] - [07/07/2014 18:33:58]
AdwCleaner[R7].txt - [1345 bytes] - [10/07/2014 16:49:38]
AdwCleaner[R8].txt - [1419 bytes] - [19/07/2014 15:30:06]
AdwCleaner[R9].txt - [1573 bytes] - [27/07/2014 16:23:13]
AdwCleaner[S0].txt - [1210 bytes] - [01/07/2014 15:47:31]
AdwCleaner[S10].txt - [3282 bytes] - [31/05/2015 20:37:27]
AdwCleaner[S1].txt - [1350 bytes] - [07/07/2014 18:34:27]
AdwCleaner[S2].txt - [1482 bytes] - [19/07/2014 15:30:47]
AdwCleaner[S3].txt - [1949 bytes] - [15/08/2014 17:56:07]
AdwCleaner[S4].txt - [2001 bytes] - [17/08/2014 17:02:46]
AdwCleaner[S5].txt - [2203 bytes] - [01/09/2014 11:25:55]
AdwCleaner[S6].txt - [2693 bytes] - [22/10/2014 20:54:00]
AdwCleaner[S7].txt - [2592 bytes] - [30/10/2014 19:49:28]
AdwCleaner[S8].txt - [3131 bytes] - [31/01/2015 00:39:25]
AdwCleaner[S9].txt - [3822 bytes] - [21/05/2015 23:26:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [3873  bytes] ##########
# AdwCleaner v5.105 - Logfile created 24/03/2016 at 07:59:13
# Updated 21/03/2016 by Xplode
# Database : 2016-03-24.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Bozanic - HOME
# Running from : C:\Users\Bozanic\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C13].txt - [839 bytes] - [22/01/2016 19:50:29]
C:\AdwCleaner\AdwCleaner[C1].txt - [17387 bytes] - [24/02/2016 16:49:01]
C:\AdwCleaner\AdwCleaner[C2].txt - [7896 bytes] - [22/03/2016 16:29:47]
C:\AdwCleaner\AdwCleaner[R0].txt - [820 bytes] - [20/05/2014 11:38:11]
C:\AdwCleaner\AdwCleaner[R10].txt - [1638 bytes] - [01/08/2014 18:09:55]
C:\AdwCleaner\AdwCleaner[R11].txt - [1885 bytes] - [15/08/2014 17:55:25]
C:\AdwCleaner\AdwCleaner[R12].txt - [1939 bytes] - [17/08/2014 17:02:04]
C:\AdwCleaner\AdwCleaner[R13].txt - [1941 bytes] - [29/08/2014 18:35:43]
C:\AdwCleaner\AdwCleaner[R14].txt - [2141 bytes] - [01/09/2014 11:24:58]
C:\AdwCleaner\AdwCleaner[R15].txt - [2124 bytes] - [09/09/2014 07:37:52]
C:\AdwCleaner\AdwCleaner[R16].txt - [2185 bytes] - [12/09/2014 16:40:02]
C:\AdwCleaner\AdwCleaner[R17].txt - [2248 bytes] - [02/10/2014 15:02:30]
C:\AdwCleaner\AdwCleaner[R18].txt - [2309 bytes] - [11/10/2014 08:06:20]
C:\AdwCleaner\AdwCleaner[R19].txt - [2299 bytes] - [17/10/2014 15:43:13]
C:\AdwCleaner\AdwCleaner[R1].txt - [879 bytes] - [22/05/2014 22:26:53]
C:\AdwCleaner\AdwCleaner[R20].txt - [2636 bytes] - [22/10/2014 20:52:13]
C:\AdwCleaner\AdwCleaner[R21].txt - [2537 bytes] - [30/10/2014 19:48:09]
C:\AdwCleaner\AdwCleaner[R22].txt - [2632 bytes] - [14/11/2014 21:29:41]
C:\AdwCleaner\AdwCleaner[R23].txt - [2693 bytes] - [22/11/2014 12:12:38]
C:\AdwCleaner\AdwCleaner[R24].txt - [2754 bytes] - [30/11/2014 12:16:15]
C:\AdwCleaner\AdwCleaner[R25].txt - [2817 bytes] - [09/12/2014 14:05:49]
C:\AdwCleaner\AdwCleaner[R26].txt - [2878 bytes] - [10/01/2015 18:28:13]
C:\AdwCleaner\AdwCleaner[R27].txt - [3069 bytes] - [31/01/2015 00:38:24]
C:\AdwCleaner\AdwCleaner[R28].txt - [3085 bytes] - [03/02/2015 21:31:52]
C:\AdwCleaner\AdwCleaner[R29].txt - [3104 bytes] - [27/02/2015 16:39:30]
C:\AdwCleaner\AdwCleaner[R2].txt - [985 bytes] - [27/05/2014 14:59:18]
C:\AdwCleaner\AdwCleaner[R30].txt - [3167 bytes] - [13/03/2015 21:48:57]
C:\AdwCleaner\AdwCleaner[R31].txt - [3227 bytes] - [27/03/2015 19:45:04]
C:\AdwCleaner\AdwCleaner[R32].txt - [3287 bytes] - [28/03/2015 18:58:10]
C:\AdwCleaner\AdwCleaner[R33].txt - [3347 bytes] - [01/04/2015 16:35:28]
C:\AdwCleaner\AdwCleaner[R34].txt - [3409 bytes] - [11/04/2015 20:10:06]
C:\AdwCleaner\AdwCleaner[R35].txt - [3469 bytes] - [12/04/2015 22:29:16]
C:\AdwCleaner\AdwCleaner[R36].txt - [3529 bytes] - [04/05/2015 17:34:41]
C:\AdwCleaner\AdwCleaner[R37].txt - [3755 bytes] - [21/05/2015 23:26:02]
C:\AdwCleaner\AdwCleaner[R38].txt - [3708 bytes] - [25/05/2015 15:14:48]
C:\AdwCleaner\AdwCleaner[R39].txt - [3768 bytes] - [29/05/2015 06:33:40]
C:\AdwCleaner\AdwCleaner[R3].txt - [997 bytes] - [13/06/2014 21:03:06]
C:\AdwCleaner\AdwCleaner[R40].txt - [3887 bytes] - [31/05/2015 20:34:54]
C:\AdwCleaner\AdwCleaner[R41].txt - [3948 bytes] - [31/05/2015 20:53:58]
C:\AdwCleaner\AdwCleaner[R42].txt - [4008 bytes] - [10/06/2015 14:48:39]
C:\AdwCleaner\AdwCleaner[R43].txt - [4128 bytes] - [16/06/2015 17:57:02]
C:\AdwCleaner\AdwCleaner[R44].txt - [4188 bytes] - [16/06/2015 18:08:52]
C:\AdwCleaner\AdwCleaner[R45].txt - [4248 bytes] - [17/06/2015 14:49:01]
C:\AdwCleaner\AdwCleaner[R46].txt - [4308 bytes] - [20/06/2015 14:57:43]
C:\AdwCleaner\AdwCleaner[R47].txt - [4368 bytes] - [29/06/2015 13:06:53]
C:\AdwCleaner\AdwCleaner[R48].txt - [4428 bytes] - [01/07/2015 17:53:17]
C:\AdwCleaner\AdwCleaner[R49].txt - [4486 bytes] - [06/07/2015 08:49:46]
C:\AdwCleaner\AdwCleaner[R4].txt - [1054 bytes] - [19/06/2014 18:46:07]
C:\AdwCleaner\AdwCleaner[R50].txt - [4546 bytes] - [06/07/2015 10:30:00]
C:\AdwCleaner\AdwCleaner[R51].txt - [4606 bytes] - [06/07/2015 16:18:50]
C:\AdwCleaner\AdwCleaner[R52].txt - [4666 bytes] - [06/07/2015 16:51:17]
C:\AdwCleaner\AdwCleaner[R53].txt - [4726 bytes] - [07/07/2015 17:26:45]
C:\AdwCleaner\AdwCleaner[R54].txt - [4786 bytes] - [08/07/2015 15:38:33]
C:\AdwCleaner\AdwCleaner[R55].txt - [4846 bytes] - [19/07/2015 18:36:17]
C:\AdwCleaner\AdwCleaner[R56].txt - [4906 bytes] - [05/08/2015 19:46:41]
C:\AdwCleaner\AdwCleaner[R57].txt - [4968 bytes] - [19/08/2015 06:31:24]
C:\AdwCleaner\AdwCleaner[R58].txt - [5028 bytes] - [25/08/2015 15:31:33]
C:\AdwCleaner\AdwCleaner[R59].txt - [5088 bytes] - [05/09/2015 23:22:01]
C:\AdwCleaner\AdwCleaner[R5].txt - [1147 bytes] - [01/07/2014 15:47:07]
C:\AdwCleaner\AdwCleaner[R60].txt - [5148 bytes] - [08/09/2015 17:22:34]
C:\AdwCleaner\AdwCleaner[R61].txt - [5208 bytes] - [09/09/2015 15:20:59]
C:\AdwCleaner\AdwCleaner[R62].txt - [5267 bytes] - [11/09/2015 12:04:52]
C:\AdwCleaner\AdwCleaner[R63].txt - [5328 bytes] - [28/09/2015 22:30:39]
C:\AdwCleaner\AdwCleaner[R64].txt - [5388 bytes] - [23/10/2015 13:04:06]
C:\AdwCleaner\AdwCleaner[R65].txt - [5448 bytes] - [03/11/2015 21:48:29]
C:\AdwCleaner\AdwCleaner[R66].txt - [5506 bytes] - [13/11/2015 02:14:27]
C:\AdwCleaner\AdwCleaner[R67].txt - [5566 bytes] - [29/11/2015 16:41:58]
C:\AdwCleaner\AdwCleaner[R68].txt - [5626 bytes] - [08/12/2015 02:03:08]
C:\AdwCleaner\AdwCleaner[R69].txt - [5686 bytes] - [14/12/2015 13:24:12]
C:\AdwCleaner\AdwCleaner[R6].txt - [1287 bytes] - [07/07/2014 18:33:58]
C:\AdwCleaner\AdwCleaner[R70].txt - [5748 bytes] - [09/01/2016 03:25:06]
C:\AdwCleaner\AdwCleaner[R71].txt - [5808 bytes] - [15/01/2016 12:11:36]
C:\AdwCleaner\AdwCleaner[R72].txt - [347 bytes] - [22/01/2016 19:43:03]
C:\AdwCleaner\AdwCleaner[R73].txt - [347 bytes] - [22/01/2016 19:43:42]
C:\AdwCleaner\AdwCleaner[R74].txt - [308 bytes] - [22/01/2016 19:46:10]
C:\AdwCleaner\AdwCleaner[R7].txt - [1345 bytes] - [10/07/2014 16:49:38]
C:\AdwCleaner\AdwCleaner[R8].txt - [1419 bytes] - [19/07/2014 15:30:06]
C:\AdwCleaner\AdwCleaner[R9].txt - [1573 bytes] - [27/07/2014 16:23:13]
C:\AdwCleaner\AdwCleaner[S0].txt - [1210 bytes] - [01/07/2014 15:47:31]
C:\AdwCleaner\AdwCleaner[S10].txt - [10393 bytes] - [31/05/2015 20:37:27]
C:\AdwCleaner\AdwCleaner[S11].txt - [4073 bytes] - [10/06/2015 14:49:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [9496 bytes] - [07/07/2014 18:34:27]
C:\AdwCleaner\AdwCleaner[S2].txt - [12238 bytes] - [19/07/2014 15:30:47]
C:\AdwCleaner\AdwCleaner[S3].txt - [9525 bytes] - [15/08/2014 17:56:07]
C:\AdwCleaner\AdwCleaner[S4].txt - [9789 bytes] - [17/08/2014 17:02:46]
C:\AdwCleaner\AdwCleaner[S5].txt - [9718 bytes] - [01/09/2014 11:25:55]
C:\AdwCleaner\AdwCleaner[S6].txt - [10209 bytes] - [22/10/2014 20:54:00]
C:\AdwCleaner\AdwCleaner[S76].txt - [741 bytes] - [22/01/2016 19:49:36]
C:\AdwCleaner\AdwCleaner[S77].txt - [700 bytes] - [23/01/2016 02:01:56]
C:\AdwCleaner\AdwCleaner[S7].txt - [10109 bytes] - [30/10/2014 19:49:28]
C:\AdwCleaner\AdwCleaner[S8].txt - [10650 bytes] - [31/01/2015 00:39:25]
C:\AdwCleaner\AdwCleaner[S9].txt - [11342 bytes] - [21/05/2015 23:26:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [11350 bytes] ##########
 



#15 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:00 AM

Posted 24 March 2016 - 07:43 AM

Okay, let's do this and see if the entries you initially were concerned about show up again:
 
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop. (Or in your case, if you already have it skip the download part)

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Best Regards,
oneof4.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users