Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus will not allow Malwarebytes to open and or run.


  • This topic is locked This topic is locked
9 replies to this topic

#1 Superrobot

Superrobot

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 17 September 2016 - 02:59 PM

Hi,

 

Superrobot here. Here's the issue; the facts are these: I am using a Windows 7 OS on a 7 year old laptop. One day while reading webcomics and watching youtube, I noticed the computer running suspiciously slow; like more slow then it should, I attempted to reset, thinking perhaps I just used too much memory, but even after I turned the computer back on it was chugging. Knowing the drill, having heard horror stories of the like from friends and family, I quickly shut down the internet connection and attempted to run Malwarebytes. It refused to open! It would start and then the program would linger as if about to open and have a windows error. 

 

After that; I tried just about nearly every tool on this website, I am pretty smart, but nothing I tried worked. I would use another laptop I own to browse your forums, download tools to a USB drive, try them on infected laptop, over and over and over. 

 

It's been two weeks now, and I am at my wit's end. I have zero idea what I am even up against. Just that it will not allow me to install new anti-virus software, and that OTHER (non malwarebytes) programs that deal with just spyware/malware don't seem to notice anything wrong, making believe it is something specially that Malwarebytes looks for that others don't, which is why that is the one that will not open at all. 

 

So to be clear; It will not allow Malwarebytes to run. It will not allow new anti-virus programs to install. And spy and malware programs seem to find nothing. And yes; I have indeed attempted to install and or run anti viruses and malwarebytes in safe mode, and it's the same deal. In fact safe mode is ALSO running slowly. 

 

To further add to this; yes I have tried Malwarebytes chameleon, but it doesn't work either. 

 

I did find a lovefreegames.com thing in my program files that I cannot get rid of, but I seriously doubt it is the entire issue, but rather just a symptom. 

 

I greatly look forward to your advice , and I hope I described the problem well enough in detail to get help.  (Sidenote: at the time (a week ago)  I was not aware of the strict rules and procedures of the website involving combofix, and have indeed run it, but it does not seem to be negatively effecting anything) 

 

:smash: Superrobot



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 PM

Posted 18 September 2016 - 08:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#3 Superrobot

Superrobot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 18 September 2016 - 12:25 PM

Oh my god it's you! :) I saw your work all through out the site all through out the years! Hi Nas! Okay, I am doing it now, after a time skip for me, I will post the results which um, will not seem like a time skip at all to you. I love your work! 

 

Time skip: Okay here is the result! And the computer is still running pretty sluggish. Thank you for handling this one yourself :D 

 

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Michael on Sun 09/18/2016 at 11:02:59.94.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Michael\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
9/18/2016 11:18:05 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Landmark deleted successfully
C:\PROGRA~2\New folder deleted successfully
C:\PROGRA~2\Razer deleted successfully
C:\PROGRA~2\Tightrope deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Razer deleted successfully
C:\Users\Michael\AppData\Roaming\fltk.org deleted successfully
C:\Users\Michael\AppData\Roaming\IrfanView deleted successfully
C:\Users\Michael\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Michael\AppData\Roaming\QuickScan deleted successfully
C:\Users\Michael\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Michael\AppData\Local\EmieSiteList deleted successfully
C:\Users\Michael\AppData\Local\EmieUserList deleted successfully
C:\Users\Michael\AppData\Local\Jaksta_Technologies_Pty_L deleted successfully
C:\Users\Michael\AppData\Local\Skype deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-3304199171-3590334341-994263956-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully
HKEY_USERS\S-1-5-21-3304199171-3590334341-994263956-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Landmark not found
C:\PROGRA~2\New folder not found
C:\PROGRA~2\Razer not found
C:\PROGRA~2\Tightrope not found
C:\Users\Michael\AppData\Roaming\.technic deleted
C:\PROGRA~3\Avg deleted
C:\PROGRA~2\Yahoo! deleted
C:\found.000 deleted
C:\Users\Michael\AppData\Roaming\bdfvconp.ini deleted
C:\Users\Michael\AppData\Roaming\MPQEditor.ini deleted
C:\Users\Michael\AppData\Roaming\Yahoo! deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Public\sagethumbs_2.0.0.14_setup.exe deleted
C:\Users\Michael\AppData\LocalLow\ADSRemoval deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[05/14/2013 01:27 PM]
 
Tags for YouTube™ - Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dggphokdgjikekfiakjcpidcclbmkfga
TubeBuddy - Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb
Chrome Media Router - Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Google Voice Search Hotword (Beta) - Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
AdBlock - Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Skype Click to Call - Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
 
==== Reset Google Chrome ======================
 
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences was reset successfully
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data was reset successfully
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data-journal was reset successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ECE436B2-CE7E-7020-392B-5CB95B143DF8} deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12O07JFG will be deleted at reboot
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ0GT4EI will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Cache will be emptied at reboot
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=12651 folders=2109 3568364496 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Michael\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Michael\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Cache\f_000019" not deleted
"C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Cache\f_00001b" not deleted
"C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Cache\f_00001c" not deleted
"C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12O07JFG" not found
"C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ0GT4EI" not found
 
==== EOF on Sun 09/18/2016 at 12:26:18.57 ======================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 PM

Posted 19 September 2016 - 08:14 AM


Were you able to run the Malwarebytes?
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs for my review.

#5 Superrobot

Superrobot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 19 September 2016 - 11:32 AM

Thanks again Nas, 

 

No dude, Malwarebytes is still a no go, in fact running anything on there is like pulling teeth. 

 

FRST results incoming: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Ran by Michael (administrator) on MIKEVAIO (19-09-2016 11:58:45)
Running from K:\
Loaded Profiles: Michael (Available Profiles: Michael)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-12-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16397416 2010-01-11] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15009400 2015-10-14] (Logitech Inc.)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [InstallerLauncher] => "C:\Users\Michael\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe" /run:"C:\Users\Michael\AppData\Local\Temp\GZ_INSTALL_0\Installer.exe" <===== ATTENTION
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-3304199171-3590334341-994263956-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-08-30] (SUPERAntiSpyware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-05-29]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Central Tray Tool.lnk [2013-06-03]
ShortcutTarget: Hauppauge Device Central Tray Tool.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnk [2013-06-03]
ShortcutTarget: Hauppauge Device Properties.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{DCC3E61D-604E-4325-A1EB-8C42BAC9FEB9}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3304199171-3590334341-994263956-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3304199171-3590334341-994263956-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3304199171-3590334341-994263956-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM - No Name - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} -  No File
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll [2008-11-06] (TechSmith Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3304199171-3590334341-994263956-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3304199171-3590334341-994263956-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3304199171-3590334341-994263956-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-18]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-18]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-18]
CHR Extension: (Skype Click to Call) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-09-18]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-18]
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-14]
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-14]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
CHR Extension: (Google Sheets) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-14]
CHR Extension: (AdBlock) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-14]
CHR Extension: (Skype Click to Call) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-14]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
StartMenuInternet: Google Chrome - C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [401232 2013-02-07] (Hauppauge Computer Works, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2016-09-14] (SurfRight B.V.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-10-14] (Logitech Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1369136 2013-09-25] (Sony Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613688 2013-02-08] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 C3CF7B3C6; C:\Windows\System32\drivers\C3CF7B3C6.sys [457824 2016-09-08] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [945136 2013-02-12] (Hauppauge Computer Work, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-09-14] (Malwarebytes)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [126464 2011-03-31] (Razer USA Ltd) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-09-15] ()
S3 TVICHW64; C:\Windows\system32\DRIVERS\TVICHW64.SYS [21200 2010-07-15] (EnTech Taiwan)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-19 10:39 - 2016-09-19 10:39 - 00001689 _____ C:\Users\Michael\Desktop\AdwCleaner[C2]a.txt
2016-09-19 10:35 - 2016-09-19 10:35 - 00001689 _____ C:\Users\Michael\Desktop\AdwCleaner[C2].txt
2016-09-19 09:43 - 2016-09-11 04:02 - 03826240 _____ C:\Users\Michael\Desktop\AdwCleaner.exe
2016-09-18 12:57 - 2016-09-18 12:57 - 00008615 _____ C:\Users\Michael\Desktop\zoek-results.txt
2016-09-18 12:12 - 2016-09-18 11:01 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-09-18 11:50 - 2016-09-18 12:18 - 00000000 ____D C:\zoek
2016-09-18 11:02 - 2016-09-18 11:59 - 00000000 ____D C:\zoek_backup
2016-09-18 10:57 - 2016-09-18 09:46 - 01309184 _____ C:\Users\Michael\Desktop\zoek.exe
2016-09-15 11:00 - 2016-09-15 11:00 - 00022208 _____ C:\Users\Michael\Desktop\combofix2.txt
2016-09-15 10:59 - 2016-09-15 10:59 - 00022208 _____ C:\ComboFix.txt
2016-09-15 09:58 - 2016-09-15 11:06 - 00000000 ____D C:\ComboFix
2016-09-15 08:25 - 2016-09-15 08:25 - 00022579 _____ C:\Users\Michael\Desktop\combofix log1.txt
2016-09-15 06:23 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-09-15 06:23 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-09-15 06:23 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-09-15 06:23 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-09-15 06:23 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-09-15 06:23 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-09-15 06:23 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-09-15 06:23 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-09-15 06:15 - 2016-09-15 11:05 - 00000000 ____D C:\Qoobox
2016-09-15 06:12 - 2016-09-15 07:31 - 00000000 ____D C:\Windows\erdnt
2016-09-14 22:55 - 2016-09-14 22:55 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-14 14:48 - 2016-09-14 14:48 - 00000000 ____D C:\SUPERDelete
2016-09-14 14:45 - 2016-09-15 08:25 - 00001852 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2016-09-14 14:45 - 2016-09-14 14:45 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1bbfa543-2b17-4d23-8f06-849a718f5e2c.job
2016-09-14 14:45 - 2016-09-14 14:45 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 04b21eab-0799-4bf9-ad79-976a883300cd.job
2016-09-14 14:45 - 2016-09-14 14:45 - 00000000 ____D C:\Users\Michael\AppData\Roaming\SUPERAntiSpyware.com
2016-09-14 14:45 - 2016-09-14 14:45 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-09-14 14:45 - 2016-09-14 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-09-14 14:45 - 2016-09-14 14:45 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-09-14 14:12 - 2016-09-14 14:12 - 00001055 _____ C:\Users\Public\Desktop\FileASSASSIN.lnk
2016-09-14 14:12 - 2016-09-14 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2016-09-14 14:12 - 2016-09-14 14:12 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN
2016-09-14 09:09 - 2016-09-14 09:09 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-09-14 09:07 - 2016-09-14 09:09 - 00000000 ____D C:\Program Files\HitmanPro
2016-09-14 09:06 - 2016-09-14 12:18 - 00000000 ____D C:\ProgramData\HitmanPro
2016-09-14 08:01 - 2016-09-14 08:01 - 00000000 ____D C:\Users\Michael\Documents\Adobe Scripts
2016-09-13 16:21 - 2016-09-19 11:58 - 00000000 ____D C:\FRST
2016-09-13 16:20 - 2016-09-13 16:20 - 00214806 _____ C:\TDSSKiller.3.1.0.11_13.09.2016_16.20.13_log.txt
2016-09-11 19:15 - 2016-09-19 09:42 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2016-09-11 08:17 - 2016-09-15 11:49 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-09-11 08:14 - 2016-09-15 08:25 - 00000902 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-09-11 08:13 - 2016-09-11 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-09-11 08:11 - 2016-09-11 22:28 - 00000000 ____D C:\Program Files\RogueKiller
2016-09-11 08:08 - 2016-09-11 08:09 - 00000000 ____D C:\ProgramData\RogueKiller
2016-09-11 05:05 - 2016-09-19 11:05 - 00000000 ____D C:\AdwCleaner
2016-09-10 08:45 - 2016-09-14 08:33 - 00006426 _____ C:\Users\Michael\Desktop\Rkill.txt
2016-09-10 08:29 - 2016-09-14 08:31 - 00001238 _____ C:\Users\Michael\Desktop\FixExec.txt
2016-09-09 18:24 - 2016-09-09 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2
2016-09-09 09:24 - 2016-09-09 09:35 - 103284624 _____ (Kaspersky Lab ZAO) C:\Users\Michael\Downloads\KVRT.exe
2016-09-09 00:37 - 2016-09-09 00:37 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\334A061A.sys
2016-09-08 23:57 - 2016-09-09 04:33 - 00001319 _____ C:\Users\Michael\Desktop\Qvo 6 Virus Removal Tool.lnk
2016-09-08 23:57 - 2016-09-09 04:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qvo 6 Virus Removal Tool
2016-09-08 23:57 - 2016-09-09 04:33 - 00000000 ____D C:\Program Files (x86)\Qvo 6 Virus Removal Tool
2016-09-08 23:57 - 2014-10-10 09:44 - 01122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2016-09-08 23:57 - 2014-10-10 09:44 - 00274432 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2016-09-08 21:54 - 2016-09-08 21:54 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-09-08 21:52 - 2016-09-08 21:54 - 00218036 _____ C:\TDSSKiller.3.1.0.11_08.09.2016_21.51.57_log.txt
2016-09-08 21:27 - 2016-09-08 21:27 - 00457824 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\C3CF7B3C6.sys
2016-09-08 20:56 - 2016-09-09 08:22 - 00000000 ____D C:\KVRT_Data
2016-09-08 20:44 - 2016-09-08 20:47 - 00000000 ____D C:\Users\Michael\AppData\Local\AvgSetupLog
2016-09-08 20:44 - 2016-09-08 20:44 - 00000000 ____D C:\Users\Michael\AppData\Local\Avg
2016-09-08 19:42 - 2016-09-08 19:45 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-08 04:40 - 2016-09-10 16:57 - 00000000 ____D C:\Users\Michael\Desktop\mbar
2016-09-08 00:48 - 2016-09-15 05:27 - 00004141 _____ C:\Users\Michael\Desktop\JRT.txt
2016-09-07 19:22 - 2016-09-10 17:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-09-07 13:59 - 2016-09-07 13:59 - 03392664 _____ C:\Users\Michael\Desktop\Untitled-1a.psd
2016-09-06 03:07 - 2016-09-08 22:53 - 01859496 _____ C:\Windows\ntbtlog.txt
2016-09-03 22:20 - 2016-09-03 22:18 - 01007004 _____ C:\Users\Michael\Desktop\^1BDA8D4571F067DF33B764D6A0FE805DE5B074E6168043125F^pimgpsh_fullsize_distr.jpg
2016-09-03 21:55 - 2016-09-03 21:55 - 02100758 _____ C:\Users\Michael\Desktop\the_pirate_madeline_animtated_by_ravingneonmonkey-daerkas2.swf
2016-09-02 23:38 - 2016-09-02 23:38 - 02100758 _____ C:\Users\Michael\Desktop\the_pirate_madeline_animtated_by_ravingneonmonkey-daerkas.swf
2016-08-31 13:51 - 2016-08-31 15:22 - 00013859 _____ C:\Users\Michael\Desktop\Madeline Steals the First Golem.txt
2016-08-27 15:32 - 2016-08-27 15:37 - 00000158 _____ C:\Users\Michael\Desktop\MST3K references.txt
2016-08-25 19:32 - 2016-09-04 16:48 - 137269929 _____ C:\Users\Michael\Desktop\STARCITIZEN1a1.psd
2016-08-24 15:13 - 2016-08-24 19:31 - 00001280 _____ C:\Users\Michael\Desktop\GEARS AND MIKE SEASON 1 FINALE.txt
2016-08-22 22:46 - 2016-08-22 22:46 - 00000217 _____ C:\Users\Michael\Desktop\Chu PEOPLE advice.txt
2016-08-21 22:22 - 2016-08-21 22:22 - 00000035 _____ C:\Users\Michael\Desktop\yep.txt
2016-08-21 14:26 - 2016-08-21 14:26 - 04605861 _____ C:\Users\Michael\Desktop\starwolf spaceherostarwolf.psd
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-19 11:48 - 2013-02-27 14:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-19 11:22 - 2010-05-29 18:59 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3304199171-3590334341-994263956-1000UA.job
2016-09-19 10:34 - 2009-07-14 00:45 - 00023904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-19 10:34 - 2009-07-14 00:45 - 00023904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-19 10:09 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-18 10:39 - 2013-10-25 13:27 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2016-09-16 22:10 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-09-16 16:22 - 2010-05-29 18:59 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3304199171-3590334341-994263956-1000Core.job
2016-09-15 10:50 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-09-15 04:54 - 2010-05-31 12:56 - 00000376 _____ C:\Users\Michael\AppData\Roamingprivacy.xml
2016-09-14 21:56 - 2011-06-27 15:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-14 08:00 - 2010-05-30 01:40 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Adobe
2016-09-14 00:46 - 2010-05-30 03:11 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-13 12:33 - 2015-01-30 18:44 - 00000000 __SHD C:\Users\Michael\AppData\LocalLow\EmieUserList
2016-09-13 12:33 - 2015-01-30 18:44 - 00000000 __SHD C:\Users\Michael\AppData\LocalLow\EmieSiteList
2016-09-13 12:33 - 2015-01-30 18:44 - 00000000 __SHD C:\Users\Michael\AppData\LocalLow\EmieBrowserModeList
2016-09-12 23:47 - 2009-07-14 00:45 - 00092160 _____ C:\Windows\system32\umstartup.etl
2016-09-12 03:30 - 2009-07-14 01:13 - 00006178 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-12 00:36 - 2015-07-24 00:37 - 00000000 ____D C:\Users\Michael\AppData\Local\ElevatedDiagnostics
2016-09-11 20:11 - 2009-07-14 00:45 - 00012288 _____ C:\Windows\system32\umstartup000.etl
2016-09-08 03:27 - 2010-05-29 16:30 - 00000000 ____D C:\Users\Michael
2016-09-07 19:05 - 2016-07-07 15:41 - 00000000 ____D C:\Users\Michael\Desktop\CRIMSON KNIGHT
2016-09-07 18:10 - 2012-01-07 00:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\AnvSoft
2016-09-07 18:04 - 2011-03-06 03:17 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-07 10:37 - 2016-06-28 14:45 - 00000000 ____D C:\Users\Michael\Desktop\WRITING
2016-09-06 04:07 - 2010-05-30 03:16 - 00000052 _____ C:\Windows\system32\ashttpstats.csv
2016-09-06 02:17 - 2010-10-15 07:45 - 00000000 ____D C:\Windows\Minidump
2016-09-06 02:08 - 2016-06-23 13:25 - 27009587 _____ C:\Users\Michael\Desktop\ThePirateMadeline52BPLUS.psd
2016-09-06 02:08 - 2012-03-28 23:16 - 2110641152 _____ C:\Users\Michael\AppData\Local\SageThumbs.db3
2016-09-06 00:23 - 2014-12-17 16:15 - 00000000 ____D C:\Users\Michael\Desktop\WOLFY2
2016-09-06 00:21 - 2012-01-30 14:53 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2016-09-04 16:51 - 2016-06-28 18:48 - 00000000 ____D C:\Users\Michael\Desktop\ALL SEER INSIDE
2016-08-31 11:27 - 2010-06-22 12:20 - 00000000 ____D C:\Users\Michael\.smplayer
2016-08-29 04:35 - 2016-08-12 18:43 - 00000000 ____D C:\Users\Michael\Desktop\The Pirate Madeline
2016-08-25 21:35 - 2012-01-07 16:16 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Audacity
 
==================== Files in the root of some directories =======
 
2013-03-01 21:56 - 2013-12-23 10:03 - 0010866 _____ () C:\Users\Michael\AppData\Local\CleanupUninstall.txt
2015-01-31 02:01 - 2015-01-31 02:01 - 0007606 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2012-03-28 23:16 - 2016-09-06 02:08 - 2110641152 _____ () C:\Users\Michael\AppData\Local\SageThumbs.db3
2015-11-05 03:22 - 2015-11-05 03:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-15 01:39
 
==================== End of FRST.txt ============================
 
- SR  :thumbsup2:
 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 PM

Posted 19 September 2016 - 01:41 PM

If not using this Yahoo Messenger remove it via the Control Panel > Programs > Programs and Features.
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3304199171-3590334341-994263956-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - No Name - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [No File]
R0 C3CF7B3C6; C:\Windows\System32\drivers\C3CF7B3C6.sys [457824 2016-09-08] (Kaspersky Lab ZAO)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Windows\System32\drivers\C3CF7B3C6.sys
CustomCLSID: HKU\S-1-5-21-3304199171-3590334341-994263956-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3304199171-3590334341-994263956-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3304199171-3590334341-994263956-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3304199171-3590334341-994263956-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3304199171-3590334341-994263956-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3304199171-3590334341-994263956-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3304199171-3590334341-994263956-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3304199171-3590334341-994263956-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3304199171-3590334341-994263956-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3304199171-3590334341-994263956-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3304199171-3590334341-994263956-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3304199171-3590334341-994263956-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3304199171-3590334341-994263956-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {3E220D11-27D7-46A0-81EB-7D3AE12DDA71} - System32\Tasks\{BAC3FDC7-6D89-4194-8A4E-140F00C147A4} => pcalua.exe -a "C:\Users\Michael\Downloads\Zombe Mod Installer.exe" -d C:\Users\Michael\Downloads
HKLM\...\.scr: SageThumbsImage.scr => "%1" /S <===== ATTENTION
HKU\S-1-5-21-3304199171-3590334341-994263956-1000\Software\Classes\.reg:  => "C:\Program Files (x86)\AnvSoft\Any Video Converter\AVCFree.exe" "%1" <===== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

Your version of Shockwave is out-or-date and vulnerable.

Navigate to this page and follow the instructions to get the latest version.
https://www.adobe.com/shockwave/welcome/

Go to Start > Control Panel > Programs and Features and uninstall the old version(s) if present.
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
<<<>>>

Your versions of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java™ 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)

Please post the log and let me know if the problem persists.

#7 Superrobot

Superrobot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 20 September 2016 - 12:22 PM

Ummm.... it ran the first program you said, it reset, and now it just goes to a black screen with white text that says "A disk read error occurred" Press Ctrl + Alt + Del to restart and if you do that it just restarts and repeats that in an endless loop.....

 

This is bad isn't it Nas? :o 



#8 Superrobot

Superrobot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 20 September 2016 - 03:44 PM

Actually no, it'll be okay. I've seen your skills at work :D 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,191 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 PM

Posted 21 September 2016 - 09:07 AM


This is a hardware problem. It's not malware and not my forte.

I suggest you start a new topic in the Internal Hardware problem and Technician will be able to help you better than I can.
http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

I will leave this topic open for 6 days. If you need to return please do.

#10 Superrobot

Superrobot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 21 September 2016 - 02:52 PM

Well.... it certainly solved the Malware situation didn't it? lol 

 

Alright I will do just that, and if I can get it run again within that window I will return. Thank you so much for your kind assistance Nas. You are a true gentleman. I was very grateful to meet and speak with a true hero of justice like yourself. You're like a superhero dealing with the world of viruses and malware everyday.  






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users