Jump to content

Fake security alert for win32/caphaw - not found by any scanner


dooder

Recommended Posts

I have a popup box that continuously appears every 3-5 minutes that says malware:win32/capshaw has been found. It asks me to call a 1-800 number to fix it, but that seems to be about it. I tried scanning with multiple antivirus/antimalware programs including when in safe mode but nothing has worked.

 

Please help! Thanks in advance.

Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
P2P/Piracy Warning:
  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Hi,
 
please do the following:


Step 1

 
Scan with mbam.pngMalwarebytes Anti-Malware

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Click on Dashboard, then click on Scan Now to start the scan.
    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 3
 



I have a popup box that continuously appears every 3-5 minutes that says malware:win32/capshaw has been found.

 
Please post a screenshot by using
 
post-155276-0-19034800-1406371428_thumb.

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Malwarebytes scan log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/20/2014
Scan Time: 4:59:00 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.20.05
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Villert

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 1
Time Elapsed: 0 min, 17 sec

Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

ADWCleaner Log:

 

# AdwCleaner v3.310 - Report created 20/09/2014 at 17:59:18
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Villert - VILLERT-PC
# Running from : C:\Users\Villert\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\SearchProtect
File Deleted : C:\END

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16496


-\\ Mozilla Firefox v32.0.2 (x86 en-GB)

[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x2jq0onk.default\prefs.js ]


[ File : C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default\prefs.js ]


-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[ File : C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP4818B43F-BE6C-48A3-98B5-BC55C9DFE7E5&q={searchTerms}&SSPV=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [3090 octets] - [20/09/2014 13:07:49]
AdwCleaner[R1].txt - [3150 octets] - [20/09/2014 17:58:06]
AdwCleaner[s0].txt - [3113 octets] - [20/09/2014 17:59:18]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3173 octets] ##########

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Villert (administrator) on VILLERT-PC on 20-09-2014 18:16:55
Running from C:\Users\Villert\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2014-02-03] (Power Software Ltd)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-2084067044-1947426265-2331628076-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2084067044-1947426265-2331628076-1001\...\Run: [iDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3858000 2014-08-06] (Tonec Inc.)
HKU\S-1-5-21-2084067044-1947426265-2331628076-1001\...\MountPoints2: E - E:\EverQuestTrilogy.exe
HKU\S-1-5-21-2084067044-1947426265-2331628076-1001\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-2084067044-1947426265-2331628076-1001\...\MountPoints2: {15b60ace-e9dd-11e2-8d08-806e6f6e6963} - D:\blank.exe
HKU\S-1-5-21-2084067044-1947426265-2331628076-1001\...\MountPoints2: {5ef647d5-1bf3-11e3-96ec-0022159188ec} - "I:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2084067044-1947426265-2331628076-1001\...\MountPoints2: {6bf4215a-cb31-11e3-9f16-0022159188ec} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2084067044-1947426265-2331628076-1001\...\MountPoints2: {d3850e86-3547-11e4-837f-0022159188ec} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2084067044-1947426265-2331628076-1001\...\Winlogon: [shell] C:\Windows\expstart.exe [925184 2013-07-11] () <==== ATTENTION
ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCC82D51480B0CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} -  No File
Handler-x32: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll (MH)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.59.176.13 64.59.177.226

FireFox:
========
FF ProfilePath: C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.ca
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Villert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Image Picker - C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default\Extensions\ImagePicker@topolog.org [2014-08-06]
FF Extension: ImageHost Grabber - C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2014-06-24]
FF Extension: Bazzacuda Image Saver Plus - C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default\Extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593} [2014-09-20]
FF Extension: MEGA - C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default\Extensions\firefox@mega.co.nz.xpi [2014-09-10]
FF Extension: fontinfo - C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default\Extensions\{70ded480-0a45-4099-84d1-65aa1cb1575e}.xpi [2014-02-24]
FF Extension: NoScript - C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-24]
FF Extension: Adblock Plus - C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-24]
FF Extension: DownThemAll! - C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-02-26]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Villert\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Villert\AppData\Roaming\IDM\idmmzcc5 [2014-08-06]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Villert\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-10]
CHR Extension: (Google Drive) - C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (YouTube) - C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-10]
CHR Extension: (Google Search) - C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-10]
CHR Extension: (IDM Integration Module) - C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-11-10]
CHR Extension: (PoE Helper) - C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdnfedfopfbealaokkpjbngaphfceoi [2013-12-27]
CHR Extension: (Google Wallet) - C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-10]
CHR Extension: (Gmail) - C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-10]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Blackberry Device Manager; "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [181040 2011-02-09] (Marvell Semiconductor, Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 18:12 - 2014-09-20 18:12 - 00003265 _____ () C:\Users\Villert\Desktop\AdwCleaner[s0].txt
2014-09-20 13:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-20 13:07 - 2014-09-20 17:59 - 00000000 ____D () C:\AdwCleaner
2014-09-20 13:07 - 2014-09-20 13:07 - 01373475 _____ () C:\Users\Villert\Desktop\AdwCleaner.exe
2014-09-19 19:59 - 2014-09-20 13:18 - 00001446 _____ () C:\Users\Villert\Documents\AutoHotkey.ahk
2014-09-19 19:59 - 2014-09-19 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2014-09-19 19:59 - 2014-09-19 19:59 - 00000000 ____D () C:\Program Files (x86)\AutoHotkey
2014-09-19 16:51 - 2014-09-20 18:17 - 00015966 _____ () C:\Users\Villert\Desktop\FRST.txt
2014-09-19 16:51 - 2014-09-20 18:16 - 00000000 ____D () C:\FRST
2014-09-19 16:51 - 2014-09-19 16:51 - 02105856 _____ (Farbar) C:\Users\Villert\Desktop\FRST64.exe
2014-09-18 22:06 - 2014-09-18 22:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-18 22:06 - 2014-09-18 22:06 - 00000000 _____ () C:\autoexec.bat
2014-09-18 22:05 - 2014-09-19 00:55 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-18 18:05 - 2014-09-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-17 23:19 - 2014-09-17 23:19 - 00026112 _____ () C:\Users\Villert\Desktop\Links.xls
2014-09-17 19:59 - 2014-09-17 20:00 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-10 17:55 - 2014-09-10 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-09-10 17:40 - 2014-09-10 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2014-09-10 17:40 - 2014-09-10 17:40 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-09-10 17:27 - 2014-09-10 17:27 - 00000000 _____ () C:\Windows\SysWOW64\skip
2014-09-10 17:26 - 2014-09-10 17:26 - 00002960 _____ () C:\Windows\System32\Tasks\{530B3672-1954-43B1-A21A-D9B5E0C56994}
2014-09-08 17:24 - 2014-09-11 18:18 - 00000000 ____D () C:\Users\Villert\AppData\Roaming\XBMC
2014-09-08 17:22 - 2014-09-08 17:22 - 00000000 ____D () C:\Users\Villert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
2014-09-08 17:21 - 2014-09-08 17:22 - 00000000 ____D () C:\Program Files (x86)\XBMC
2014-09-07 22:38 - 2014-09-07 22:38 - 00000000 ____D () C:\Users\Villert\Documents\Klei
2014-09-07 14:01 - 2014-09-10 17:45 - 00000000 ____D () C:\GOG Games
2014-09-07 13:51 - 2014-09-20 18:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-07 13:51 - 2014-09-07 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-07 13:51 - 2014-09-07 13:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-07 13:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-07 13:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-07 13:48 - 2014-09-07 13:48 - 00000000 ____D () C:\Users\Villert\AppData\Local\SFPC_Auto_Updater
2014-09-07 13:33 - 2014-09-07 13:36 - 00000000 ____D () C:\Users\Villert\AppData\Roaming\Developerts LLC USA
2014-09-07 13:33 - 2014-09-07 13:33 - 00004018 _____ () C:\Windows\System32\Tasks\Secure Fast PC Auto Updater
2014-09-07 13:33 - 2014-09-07 13:33 - 00000000 ____D () C:\Users\Villert\AppData\Local\Developerts_LLC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 18:17 - 2014-09-19 16:51 - 00015966 _____ () C:\Users\Villert\Desktop\FRST.txt
2014-09-20 18:16 - 2014-09-19 16:51 - 00000000 ____D () C:\FRST
2014-09-20 18:15 - 2013-07-11 00:05 - 00000000 ____D () C:\Users\Villert\AppData\Roaming\DMCache
2014-09-20 18:15 - 2013-07-10 22:53 - 01808487 _____ () C:\Windows\WindowsUpdate.log
2014-09-20 18:14 - 2014-09-07 13:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-20 18:12 - 2014-09-20 18:12 - 00003265 _____ () C:\Users\Villert\Desktop\AdwCleaner[s0].txt
2014-09-20 18:12 - 2013-11-10 18:13 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-20 18:12 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-20 18:12 - 2009-07-13 23:51 - 00118251 _____ () C:\Windows\setupact.log
2014-09-20 18:11 - 2013-07-10 22:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-20 18:11 - 2013-07-10 21:16 - 00395840 _____ () C:\Windows\PFRO.log
2014-09-20 18:08 - 2013-11-10 18:13 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-20 17:59 - 2014-09-20 13:07 - 00000000 ____D () C:\AdwCleaner
2014-09-20 17:51 - 2013-07-11 00:21 - 00000000 ____D () C:\Users\Villert\AppData\Roaming\vlc
2014-09-20 13:18 - 2014-09-19 19:59 - 00001446 _____ () C:\Users\Villert\Documents\AutoHotkey.ahk
2014-09-20 13:07 - 2014-09-20 13:07 - 01373475 _____ () C:\Users\Villert\Desktop\AdwCleaner.exe
2014-09-20 12:51 - 2009-07-13 23:45 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-20 12:51 - 2009-07-13 23:45 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-19 19:59 - 2014-09-19 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2014-09-19 19:59 - 2014-09-19 19:59 - 00000000 ____D () C:\Program Files (x86)\AutoHotkey
2014-09-19 19:59 - 2009-07-14 02:46 - 00000000 ____D () C:\Windows\ShellNew
2014-09-19 17:01 - 2013-07-11 00:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-19 16:51 - 2014-09-19 16:51 - 02105856 _____ (Farbar) C:\Users\Villert\Desktop\FRST64.exe
2014-09-19 01:38 - 2013-07-15 00:26 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2014-09-19 00:55 - 2014-09-18 22:05 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-19 00:55 - 2013-11-04 20:57 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-18 22:06 - 2014-09-18 22:06 - 00000000 _____ () C:\autoexec.bat
2014-09-18 18:05 - 2014-09-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 18:33 - 2014-03-23 10:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-10 18:32 - 2014-09-10 18:32 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-10 18:32 - 2013-07-12 16:07 - 00436594 _____ () C:\Windows\DirectX.log
2014-09-10 18:32 - 2013-07-10 22:31 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-10 17:55 - 2014-09-10 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-09-10 17:45 - 2014-09-07 14:01 - 00000000 ____D () C:\GOG Games
2014-09-10 17:45 - 2014-08-10 13:51 - 00000000 ____D () C:\Program Files (x86)\GMT-MAX.ORG
2014-09-10 17:40 - 2014-09-10 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2014-09-10 17:40 - 2014-09-10 17:40 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-09-10 17:27 - 2014-09-10 17:27 - 00000000 _____ () C:\Windows\SysWOW64\skip
2014-09-10 17:26 - 2014-09-10 17:26 - 00002960 _____ () C:\Windows\System32\Tasks\{530B3672-1954-43B1-A21A-D9B5E0C56994}
2014-09-09 19:13 - 2009-07-14 00:13 - 00799336 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-07 23:10 - 2013-09-24 19:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-07 22:38 - 2014-09-07 22:38 - 00000000 ____D () C:\Users\Villert\Documents\Klei
2014-09-07 22:38 - 2013-07-12 18:37 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-07 22:38 - 2013-07-12 16:06 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-09-07 13:51 - 2014-09-07 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-07 13:51 - 2014-09-07 13:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-07 13:51 - 2013-08-10 22:34 - 00000000 ____D () C:\Users\Villert\AppData\Roaming\Malwarebytes
2014-09-07 13:51 - 2013-07-10 23:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-07 13:48 - 2014-09-07 13:48 - 00000000 ____D () C:\Users\Villert\AppData\Local\SFPC_Auto_Updater
2014-09-07 13:36 - 2014-09-07 13:33 - 00000000 ____D () C:\Users\Villert\AppData\Roaming\Developerts LLC USA
2014-09-07 13:33 - 2014-09-07 13:33 - 00004018 _____ () C:\Windows\System32\Tasks\Secure Fast PC Auto Updater
2014-09-07 13:33 - 2014-09-07 13:33 - 00000000 ____D () C:\Users\Villert\AppData\Local\Developerts_LLC
2014-09-07 13:19 - 2014-09-07 13:19 - 00000000 ____D () C:\Users\Villert\Documents\7 Days To Die
2014-09-07 12:36 - 2014-05-19 01:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-07 12:36 - 2014-05-19 01:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-06 13:56 - 2014-05-19 01:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-04 02:34 - 2014-04-06 23:30 - 00000000 ____D () C:\Users\Villert\Samsung Link
2014-08-31 22:41 - 2014-08-06 16:47 - 00000000 ____D () C:\Users\Villert\AppData\Roaming\IDM
2014-08-21 20:19 - 2009-07-14 00:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Users\Villert\AppData\Roaming\Origin\update.vbe


Some content of TEMP:
====================
C:\Users\Villert\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-17 17:37

==================== End Of Log ============================

 

Addtition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Villert at 2014-09-20 18:17:57
Running from C:\Users\Villert\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
BASSMIDI System Synth (HKLM-x32\...\BASSMIDI System Synth) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Flash Movie Player 1.5 (HKLM-x32\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
GalCiv II - Dark Avatar (HKLM-x32\...\GalCiv II - Dark Avatar) (Version:  - GameStop)
GalCiv II - Twilight of the Arnor (HKLM-x32\...\GalCiv II - Twilight of the Arnor) (Version:  - GameStop)
Gmask 1.70 English (HKLM-x32\...\Gmask 1.70 English) (Version:  - )
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.50.5145 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hotline Miami (HKLM-x32\...\GOGPACKHOTLINEMIAMI_is1) (Version: 2.0.0.4 - GOG.com)
Impulse (HKLM-x32\...\Impulse) (Version:  - Stardock)
Impulse (x32 Version: 1.0 - Stardock Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iWisoft Flash SWF to Video Converter 3.4 (HKLM-x32\...\iWisoft Flash SWF to Video Converter_is1) (Version: 3.4.0 - www.flash-swf-converter.com)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 55 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
K-Lite Codec Pack 9.9.9 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.9 - )
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.46 (HKLM\...\Logitech Gaming Software) (Version: 8.46.27 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Metro 2033 Redux (HKLM-x32\...\Metro 2033 Redux_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version:  - )
Mozilla Firefox 32.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-GB)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NavNet (HKLM-x32\...\{B9E848B3-A64D-4005-8DA1-DC3981C902A8}_is1) (Version: 4.0 - NavNet Solutions)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.4 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA Control Panel 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049 - NVIDIA Corporation) Hidden
NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PC Connectivity Solution (HKLM-x32\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Sothink SWF Decompiler (HKLM-x32\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.4 - SourceTec Software Co., LTD)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
The KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR 5.00 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.6 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2084067044-1947426265-2331628076-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Villert\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No

File

==================== Restore Points  =========================

15-09-2014 06:19:07 Windows Update
18-09-2014 01:02:44 Removed WinZip 18.5
18-09-2014 22:07:48 Windows Update
18-09-2014 23:01:40 Removed File Association Helper
19-09-2014 03:05:51 Installed SpyHunter
19-09-2014 05:54:52 Removed SpyHunter

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-04-25 20:29 - 2014-09-20 00:36 - 00000898 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                   65.52.240.48
54.77.219.166                 kerafyrm.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {5454BED5-5F98-46A9-B5B8-3D765BA4862B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-10] (Google Inc.)
Task: {699EEE2F-8400-4911-8B94-D8BD87708187} - System32\Tasks\Origin
Task: {ACFFA74E-5C56-490E-A350-5F619D6CFBDA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-10] (Google Inc.)
Task: {B06A960B-7852-4C32-BE7F-0FDE69D53818} - System32\Tasks\Secure Fast PC Auto Updater => C:\Users\Villert\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe [2014-09-02] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-07-10 22:31 - 2013-06-21 05:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-18 10:24 - 2012-06-18 10:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-09-18 18:05 - 2014-09-18 18:05 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:6B50FDB5

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Broadcom 802.11n Network Adapter
Description: Broadcom 802.11n Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/20/2014 04:07:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 32.0.2.5373 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action

Center control panel.

Process ID: 1018

Start Time: 01cfd51607adc575

Termination Time: 59

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 20ea92a9-410a-11e4-9f3e-0022159188ec

Error: (09/20/2014 00:53:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msseces.exe version 4.4.304.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action

Center control panel.

Process ID: 10d8

Start Time: 01cfd496ae1ec297

Termination Time: 0

Application Path: C:\Program Files\Microsoft Security Client\msseces.exe

Report Id:

Error: (09/20/2014 00:49:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msseces.exe version 4.4.304.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action

Center control panel.

Process ID: a20

Start Time: 01cfd49502251c11

Termination Time: 0

Application Path: C:\Program Files\Microsoft Security Client\msseces.exe

Report Id:

Error: (09/20/2014 00:37:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msseces.exe version 4.4.304.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action

Center control panel.

Process ID: 5ac

Start Time: 01cfd45643f86016

Termination Time: 0

Application Path: C:\Program Files\Microsoft Security Client\msseces.exe

Report Id:

Error: (09/18/2014 11:07:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000374
Fault offset: 0x00000000000c40f2
Faulting process id: 0x770
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (09/18/2014 10:01:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
The RPC server is unavailable.
.

Error: (09/18/2014 10:00:53 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: A critical system process, C:\Windows\system32\lsm.exe, failed with status code 1.  The machine must now be restarted.

Error: (09/18/2014 10:00:51 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 1.  The machine must now be restarted.

Error: (09/18/2014 09:52:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msseces.exe version 4.4.304.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action

Center control panel.

Process ID: 128c

Start Time: 01cfd3b4891fefe6

Termination Time: 0

Application Path: C:\Program Files\Microsoft Security Client\msseces.exe

Report Id:


System errors:
=============
Error: (09/20/2014 05:59:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following

error:
%%1056

Error: (09/20/2014 05:59:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/20/2014 05:59:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the

service.

Error: (09/20/2014 05:59:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/20/2014 05:59:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/20/2014 05:59:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/20/2014 05:59:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/20/2014 05:59:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/20/2014 05:59:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/18/2014 10:03:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:00:34 PM on ‎9/‎18/‎2014 was unexpected.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core2 Quad CPU Q9300 @ 2.50GHz
Percentage of memory in use: 30%
Total physical RAM: 6143.05 MB
Available physical RAM: 4239.5 MB
Total Pagefile: 12284.29 MB
Available Pagefile: 10161.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:279.36 GB) (Free:50.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 279.5 GB) (Disk ID: 0A320A32)
Partition 1: (Active) - (Size=279.4 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End Of Log ============================
 

post-173660-0-30866900-1411255977_thumb.

Link to post
Share on other sites

The full log reads:

 

Installation

Win32/Caphaw often uses a legitimate file name to avoid suspicion. It scans the <system folder> folder for legitimate file names, then copies itself into the %APPDATA% folder using the same name. For example, the file name for Task Manager is <system folder>\taskmgr.exe. Caphaw might copy itself into your PC as %APPDATA%\taskmgr.exe.
Caphaw can also use these file names:

    <system folder> \lssas.exe - note that a legitimate file called lsass.exe exists in the same folder
    %windir% \assembly\nativeimages_v2.0.50727_32\temp\zapf.tmp\system.data.entity.design.dll
    %windir% \svchost.exe - note that a legitimate file with the same name exists in <system folder>

Caphaw injects itself into legitimate processes like the following to make it more difficult to remove:
    cmd.exe
    explorer.exe
    firefox.exe
    iexplore.exe
    reader_sl.exe
    svchost.exe

Caphaw creates mutexes to make sure that only one instance of itself is running in memory.
To run every time Windows starts, some variants of Caphaw create an entry in the system registry:

In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Sets value: "<random CLSID>" (for example, {FAD5ADC3-DABB-6BFF-ED11-CB329C7D70E2})
With data: "<malware path and file name>" (for example "%APPDATA%\Microsoft\Excel\xlstart\winmine.exe")

Older variants of Caphaw also install a rootkit component. An infected master boot record (MBR) is detected as Trojan:DOS/Caphaw.A.

Spreads Via
    
Skype
One Caphaw variant, Win32/Caphaw.N, can do a number of actions on Skype, including:
    Disabling audio alerts
    Downloading files from a remote server
    Sending messages and files to your
    Removing traces of its actions on Skype, like file transfers , recent conversations

Facebook
Caphaw can spread by hijacking your Facebook account and posting a copy of itself into your friends' walls.

 Shared and removable drives
Caphaw can spread to other PCs via shared and removable drives. It creates shortcut files that link to a hidden Caphaw copy in the root folder of the shared or removable drive. If you click on the shortcut file, the Caphaw copy runs.

Drive-by malware
Caphaw can be installed via drive-by exploits. It's been known to be installed using vulnerabilities in Adobe Flash or Java.

Payload

Lets a malicious hacker control your PC

Caphaw lets a malicious hacker access and control your PC. The actions we've observed include:

    Control your desktop
    Control your mouse and keyboard
    Access your files and folders
    Upload your files to a hacker-controlled FTP server
    Delete files
    Download and run other files
    Redirect Internet traffic via a proxy server
    Send ICMP packets that can be used in distributed denial-of-service
    Log and redirect web traffic from Firefox and Internet Explorer
    Shut down or restart your PC
    Spread to other PCs upon command
    Log keystrokes
    Change your PC settings
    Start or stop programs
    Update itself

Steals banking information

Caphaw can inject code and fake phone numbers into online banking websites when you visit them. It does this to try and steal your login information for these websites. It targets the online banking websites for these institutions:

    Barclays
    Bank of Scotland
    Co-Operative Bank
    Egg.Com
    Fidelity
    First Direct
    HSBC
    InterActive Brokers
    John Lewis Financial
    Leicester
    Lloyds Bank
    MBNA
    NatWest
    POFS Save Credit
    RBS
    Santander
    Tesco Finance
    Theaa
    Ulster Bank
    VirginMoney
    YorkShire Bank

post-173660-0-09339400-1411256957_thumb.

Link to post
Share on other sites

:) OK.

 

Please run Malwarebytes again. We will scan more than one file now... ;)

Scan Type: Threat ScanResult: CompletedObjects Scanned: 1Time Elapsed: 0 min, 17 secMemory: DisabledStartup: DisabledFilesystem: Enabled

I am pretty sure that MBAM is able to remove this malware.

 

Please click on scan and select custom scan. Click on scan now. Make sure that following options are checked:

 

post-155276-0-49812500-1411288294_thumb.

 

 

If you don't have encrypted harddrives, then you can also select scan for rootkits.

 

Please run MBAM with this configuration and post the log.

 

 

Link to post
Share on other sites

Haha,wow that was silly of me. The log is pasted below, but it didn't come up with anything. Malwarebytes was the first scan I ran when it started happening. Thanks.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/21/2014
Scan Time: 12:35:39 PM
Logfile: test.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.21.07
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Villert

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 729205
Time Elapsed: 2 hr, 32 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).

    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
Link to post
Share on other sites

Combofix log:

 

ComboFix 14-09-18.01 - Villert 09/21/2014  23:22:00.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.6143.3500 [GMT -5:00]
Running from: c:\users\Villert\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Villert\AppData\Roaming\1.7z
c:\users\Villert\AppData\Roaming\7za.exe
c:\users\Villert\AppData\Roaming\stub1.exe
c:\users\Villert\Documents\DCSCMIN
c:\windows\SysWow64\sysdir
c:\windows\SysWow64\sysdir\sycd7.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-22 to 2014-09-22  )))))))))))))))))))))))))))))))
.
.
2014-09-22 04:28 . 2014-09-22 04:28    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-09-22 04:28 . 2014-09-22 04:28    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-09-22 04:28 . 2014-09-22 04:28    --------    d-----w-    c:\users\Admin\AppData\Local\temp
2014-09-21 22:58 . 2014-09-21 22:58    75888    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8CFBE7F-A642-4F93-BC6D-CC28A99E8EE5}\offreg.dll
2014-09-20 23:23 . 2014-09-09 02:05    11578928    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8CFBE7F-A642-4F93-BC6D-CC28A99E8EE5}\mpengine.dll
2014-09-20 18:08 . 2010-08-30 13:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-09-20 18:07 . 2014-09-20 22:59    --------    d-----w-    C:\AdwCleaner
2014-09-19 22:21 . 2014-09-09 02:05    11578928    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-19 21:51 . 2014-09-20 23:18    --------    d-----w-    C:\FRST
2014-09-19 03:06 . 2014-09-19 03:06    --------    d-----w-    c:\program files\Enigma Software Group
2014-09-19 03:05 . 2014-09-19 05:55    --------    d-----w-    c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-16 21:59 . 2014-09-16 21:58    1188440    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B23B2A2-4C3F-464B-A2AD-E310615C7C4D}\gapaengine.dll
2014-09-07 19:01 . 2014-09-10 22:45    --------    d-----w-    C:\GOG Games
2014-09-07 18:51 . 2014-09-21 23:31    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-07 18:51 . 2014-05-12 12:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-09-07 18:51 . 2014-09-07 18:51    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-07 18:51 . 2014-05-12 12:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-20 05:35 . 2014-02-18 23:26    1169712    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-05 05:26 . 2014-08-05 05:26    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-08-06 3858000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2014-02-03 337432]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi1"=bassmididrv\bassmididrv.dll
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv61xx.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-15 06:08    1096520    ----a-w-    c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-10 23:13]
.
2014-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-10 23:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02    25112    ----a-w-    c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-04-24 7477016]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Sothink Flash Downloader For IE - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 64.59.176.13 64.59.177.226
FF - ProfilePath - c:\users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2084067044-1947426265-2331628076-1001_Classes\Wow6432Node\CLSID\{58e8834c-f48a-433a-931d-a14907a1aa6e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000137
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2084067044-1947426265-2331628076-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):c5,2b,bf,59,9b,21,17,4b,b3,97,a0,32,bb,8e,28,c2,7c,fe,80,54,19,
   7d,7d,e8,0f,23,ae,3d,dd,c0,f2,3a,15,b0,f7,2b,14,a1,24,9e,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-21  23:31:16
ComboFix-quarantined-files.txt  2014-09-22 04:31
.
Pre-Run: 55,836,160,000 bytes free
Post-Run: 55,300,243,456 bytes free
.
- - End Of File - - DE88573462937E8A62113949F34B9A80
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

Please run FRST for fresh logs....

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

    Please copy and paste these logs in your next reply.

Link to post
Share on other sites

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Villert (administrator) on VILLERT-PC on 22-09-2014 16:57:25
Running from C:\Users\Villert\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCC82D51480B0CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} -  No File
Handler-x32: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll (MH)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.59.176.13 64.59.177.226

FireFox:
========
FF ProfilePath: C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.ca
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Villert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Image Picker - C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default\Extensions\ImagePicker@topolog.org [2014-08-06]
FF Extension: ImageHost Grabber - C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2014-06-24]
FF Extension: Bazzacuda Image Saver Plus - C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default\Extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593} [2014-09-20]
FF Extension: MEGA - C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default\Extensions\firefox@mega.co.nz.xpi [2014-09-10]
FF Extension: fontinfo - C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default\Extensions\{70ded480-0a45-4099-84d1-65aa1cb1575e}.xpi [2014-02-24]
FF Extension: NoScript - C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-02-24]
FF Extension: Adblock Plus - C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-24]
FF Extension: DownThemAll! - C:\Users\Villert\AppData\Roaming\Mozilla\Firefox\Profiles\pdvm7xni.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-02-26]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-10]
CHR Extension: (Google Drive) - C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (YouTube) - C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-10]
CHR Extension: (Google Search) - C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-10]
CHR Extension: (IDM Integration Module) - C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2013-11-10]
CHR Extension: (PoE Helper) - C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdnfedfopfbealaokkpjbngaphfceoi [2013-12-27]
CHR Extension: (Google Wallet) - C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-10]
CHR Extension: (Gmail) - C:\Users\Villert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Blackberry Device Manager; "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [181040 2011-02-09] (Marvell Semiconductor, Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-21 23:31 - 2014-09-21 23:31 - 00017962 _____ () C:\ComboFix.txt
2014-09-21 23:19 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-21 23:19 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-21 23:19 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-21 23:19 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-21 23:19 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-21 23:19 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-21 23:19 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-21 23:19 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-21 23:17 - 2014-09-21 23:31 - 00000000 ____D () C:\Qoobox
2014-09-21 23:16 - 2014-09-21 23:29 - 00000000 ____D () C:\Windows\erdnt
2014-09-21 16:27 - 2014-09-21 16:27 - 05578824 ____R (Swearware) C:\Users\Villert\Desktop\ComboFix.exe
2014-09-21 15:21 - 2014-09-21 15:21 - 00001059 _____ () C:\Users\Villert\Desktop\test2.txt
2014-09-21 15:10 - 2014-09-21 15:34 - 00001066 _____ () C:\Users\Villert\Desktop\test.txt
2014-09-20 18:12 - 2014-09-20 18:12 - 00003265 _____ () C:\Users\Villert\Desktop\AdwCleaner[s0].txt
2014-09-20 13:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-20 13:07 - 2014-09-20 17:59 - 00000000 ____D () C:\AdwCleaner
2014-09-20 13:07 - 2014-09-20 13:07 - 01373475 _____ () C:\Users\Villert\Desktop\AdwCleaner.exe
2014-09-19 19:59 - 2014-09-21 17:10 - 00001444 _____ () C:\Users\Villert\Documents\AutoHotkey.ahk
2014-09-19 16:51 - 2014-09-22 16:58 - 00015051 _____ () C:\Users\Villert\Desktop\FRST.txt
2014-09-19 16:51 - 2014-09-22 16:57 - 00000000 ____D () C:\FRST
2014-09-19 16:51 - 2014-09-19 16:51 - 02105856 _____ (Farbar) C:\Users\Villert\Desktop\FRST64.exe
2014-09-18 22:06 - 2014-09-18 22:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-18 22:06 - 2014-09-18 22:06 - 00000000 _____ () C:\autoexec.bat
2014-09-18 22:05 - 2014-09-19 00:55 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-18 18:05 - 2014-09-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-17 23:19 - 2014-09-17 23:19 - 00026112 _____ () C:\Users\Villert\Desktop\Links.xls
2014-09-17 19:59 - 2014-09-17 20:00 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-10 17:55 - 2014-09-10 17:55 - 00001669 _____ () C:\Users\Public\Desktop\Hotline Miami.lnk
2014-09-10 17:55 - 2014-09-10 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-09-10 17:40 - 2014-09-10 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2014-09-10 17:40 - 2014-09-10 17:40 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-09-10 17:27 - 2014-09-10 17:27 - 00000000 _____ () C:\Windows\SysWOW64\skip
2014-09-10 17:26 - 2014-09-10 17:26 - 00002960 _____ () C:\Windows\System32\Tasks\{530B3672-1954-43B1-A21A-D9B5E0C56994}
2014-09-07 13:51 - 2014-09-21 18:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-07 13:51 - 2014-09-07 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-07 13:51 - 2014-09-07 13:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-07 13:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-07 13:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-07 13:48 - 2014-09-07 13:48 - 00000000 ____D () C:\Users\Villert\AppData\Local\SFPC_Auto_Updater
2014-09-07 13:33 - 2014-09-07 13:36 - 00000000 ____D () C:\Users\Villert\AppData\Roaming\Developerts LLC USA
2014-09-07 13:33 - 2014-09-07 13:33 - 00004018 _____ () C:\Windows\System32\Tasks\Secure Fast PC Auto Updater

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 16:58 - 2014-09-19 16:51 - 00015051 _____ () C:\Users\Villert\Desktop\FRST.txt
2014-09-22 16:57 - 2014-09-19 16:51 - 00000000 ____D () C:\FRST
2014-09-22 16:54 - 2013-07-10 22:53 - 01857491 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 16:53 - 2013-11-10 18:13 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 16:51 - 2013-07-10 22:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-22 16:51 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-22 16:51 - 2009-07-13 23:51 - 00118643 _____ () C:\Windows\setupact.log
2014-09-22 02:14 - 2013-07-11 00:05 - 00000000 ____D () C:\Users\Villert\AppData\Roaming\DMCache
2014-09-22 02:13 - 2013-07-11 00:21 - 00000000 ____D () C:\Users\Villert\AppData\Roaming\vlc
2014-09-22 02:09 - 2013-07-10 21:07 - 00000000 ____D () C:\Users\Villert
2014-09-22 02:08 - 2013-11-10 18:13 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 00:39 - 2009-07-13 23:45 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 00:39 - 2009-07-13 23:45 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 00:31 - 2013-07-10 21:16 - 00396380 _____ () C:\Windows\PFRO.log
2014-09-21 23:31 - 2014-09-21 23:31 - 00017962 _____ () C:\ComboFix.txt
2014-09-21 23:31 - 2014-09-21 23:17 - 00000000 ____D () C:\Qoobox
2014-09-21 23:31 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-09-21 23:29 - 2014-09-21 23:16 - 00000000 ____D () C:\Windows\erdnt
2014-09-21 23:28 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-21 23:14 - 2009-07-14 00:13 - 00799336 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-21 18:31 - 2014-09-07 13:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 16:27 - 2014-09-21 16:27 - 05578824 ____R (Swearware) C:\Users\Villert\Desktop\ComboFix.exe
2014-09-21 15:34 - 2014-09-21 15:10 - 00001066 _____ () C:\Users\Villert\Desktop\test.txt
2014-09-21 15:21 - 2014-09-21 15:21 - 00001059 _____ () C:\Users\Villert\Desktop\test2.txt
2014-09-20 18:12 - 2014-09-20 18:12 - 00003265 _____ () C:\Users\Villert\Desktop\AdwCleaner[s0].txt
2014-09-20 17:59 - 2014-09-20 13:07 - 00000000 ____D () C:\AdwCleaner
2014-09-20 13:07 - 2014-09-20 13:07 - 01373475 _____ () C:\Users\Villert\Desktop\AdwCleaner.exe
2014-09-19 19:59 - 2009-07-14 02:46 - 00000000 ____D () C:\Windows\ShellNew
2014-09-19 17:01 - 2013-07-11 00:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-19 16:51 - 2014-09-19 16:51 - 02105856 _____ (Farbar) C:\Users\Villert\Desktop\FRST64.exe
2014-09-19 01:38 - 2013-07-15 00:26 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2014-09-19 00:55 - 2014-09-18 22:05 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-19 00:55 - 2013-11-04 20:57 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-18 22:06 - 2014-09-18 22:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-18 22:06 - 2014-09-18 22:06 - 00000000 _____ () C:\autoexec.bat
2014-09-18 18:05 - 2014-09-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-17 23:19 - 2014-09-17 23:19 - 00026112 _____ () C:\Users\Villert\Desktop\Links.xls
2014-09-17 23:06 - 2014-08-12 21:13 - 00023040 ___SH () C:\Users\Villert\Thumbs.db
2014-09-17 20:00 - 2014-09-17 19:59 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-10 18:33 - 2014-03-23 10:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-10 18:32 - 2014-09-10 18:32 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-10 18:32 - 2013-07-12 16:07 - 00436594 _____ () C:\Windows\DirectX.log
2014-09-10 18:32 - 2013-07-10 22:31 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-10 17:40 - 2014-09-10 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2014-09-10 17:40 - 2014-09-10 17:40 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-09-10 17:27 - 2014-09-10 17:27 - 00000000 _____ () C:\Windows\SysWOW64\skip
2014-09-10 17:26 - 2014-09-10 17:26 - 00002960 _____ () C:\Windows\System32\Tasks\{530B3672-1954-43B1-A21A-D9B5E0C56994}
2014-09-07 23:10 - 2013-09-24 19:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-07 22:38 - 2014-09-07 22:38 - 00000000 ____D () C:\Users\Villert\Documents\Klei
2014-09-07 22:38 - 2013-07-12 18:37 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-07 22:38 - 2013-07-12 16:06 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-09-07 14:01 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-07 13:51 - 2014-09-07 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-07 13:51 - 2014-09-07 13:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-07 13:51 - 2013-08-10 22:34 - 00000000 ____D () C:\Users\Villert\AppData\Roaming\Malwarebytes
2014-09-07 13:51 - 2013-07-10 23:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-07 13:48 - 2014-09-07 13:48 - 00000000 ____D () C:\Users\Villert\AppData\Local\SFPC_Auto_Updater
2014-09-07 13:33 - 2014-09-07 13:33 - 00004018 _____ () C:\Windows\System32\Tasks\Secure Fast PC Auto Updater
2014-09-07 12:36 - 2014-05-19 01:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-07 12:36 - 2014-05-19 01:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-06 13:56 - 2014-05-19 01:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-04 02:34 - 2014-04-06 23:30 - 00000000 ____D () C:\Users\Villert\Samsung Link

Files to move or delete:
====================
C:\Users\Villert\AppData\Roaming\Origin\update.vbe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-17 17:37

==================== End Of Log ============================

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Villert at 2014-09-22 16:58:35
Running from C:\Users\Villert\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
sion: 1.0.0 - Shining Rock Software LLC)
BASSMIDI System Synth (HKLM-x32\...\BASSMIDI System Synth) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Flash Movie Player 1.5 (HKLM-x32\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Gmask 1.70 English (HKLM-x32\...\Gmask 1.70 English) (Version:  - )
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.50.5145 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Icaros 2.2.2 (HKLM\...\Icaros_is1) (Version: 2.2.2.0 - Tabibito Technology)
iWisoft Flash SWF to Video Converter 3.4 (HKLM-x32\...\iWisoft Flash SWF to Video Converter_is1) (Version: 3.4.0 - www.flash-swf-converter.com)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 55 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
K-Lite Codec Pack 9.9.9 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.9 - )
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.46 (HKLM\...\Logitech Gaming Software) (Version: 8.46.27 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Metro 2033 Redux (HKLM-x32\...\Metro 2033 Redux_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 32.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-GB)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NavNet (HKLM-x32\...\{B9E848B3-A64D-4005-8DA1-DC3981C902A8}_is1) (Version: 4.0 - NavNet Solutions)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.4 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA Control Panel 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049 - NVIDIA Corporation) Hidden
NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PC Connectivity Solution (HKLM-x32\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Plague Inc Evolved (HKLM-x32\...\Plague Inc Evolved_is1) (Version: 0.7.4 - Decepticon)
Rule Britannia 1.7 (HKLM-x32\...\Rule_Deploy_0) (Version: 1.7 - Rule Britannia)
Sothink SWF Decompiler (HKLM-x32\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.4 - SourceTec Software Co., LTD)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR 5.00 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.6 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2084067044-1947426265-2331628076-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Villert\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================

19-09-2014 05:54:52 Removed SpyHunter
22-09-2014 04:19:27 ComboFix created restore point
22-09-2014 05:42:42 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-04-25 20:29 - 2014-09-21 23:45 - 00000057 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
54.77.219.166                 kerafyrm.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {5454BED5-5F98-46A9-B5B8-3D765BA4862B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-10] (Google Inc.)
Task: {60572B57-E099-4C39-B861-3A4EB542B2D0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970835742GUI => C:\Users\Villert\AppData\Roaming\DAEMON Tools Lite\googleupd.exe <==== ATTENTION
Task: {699EEE2F-8400-4911-8B94-D8BD87708187} - System32\Tasks\Origin => C:\Users\Villert\AppData\Roaming\Origin\update.vbe [2014-04-26] () <==== ATTENTION
Task: {9088871D-EB08-48D3-8C59-36BE174CB102} - System32\Tasks\{530B3672-1954-43B1-A21A-D9B5E0C56994} => C:\GOG Games\Hotline Miami\HotlineMiami.exe [2013-01-11] ()
Task: {ACFFA74E-5C56-490E-A350-5F619D6CFBDA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-10] (Google Inc.)
Task: {B06A960B-7852-4C32-BE7F-0FDE69D53818} - System32\Tasks\Secure Fast PC Auto Updater => C:\Users\Villert\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe [2014-09-02] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-07-10 22:31 - 2013-06-21 05:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-18 18:05 - 2014-09-18 18:05 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:6B50FDB5

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Broadcom 802.11n Network Adapter
Description: Broadcom 802.11n Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/21/2014 11:41:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msseces.exe version 4.4.304.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a14

Start Time: 01cfd61c589e8c75

Termination Time: 0

Application Path: C:\Program Files\Microsoft Security Client\msseces.exe

Report Id:

Error: (09/21/2014 11:18:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msseces.exe version 4.4.304.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: dd4

Start Time: 01cfd61c27c76462

Termination Time: 5

Application Path: C:\Program Files\Microsoft Security Client\msseces.exe

Report Id:

Error: (09/20/2014 04:07:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 32.0.2.5373 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1018

Start Time: 01cfd51607adc575

Termination Time: 59

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 20ea92a9-410a-11e4-9f3e-0022159188ec

Error: (09/20/2014 00:53:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msseces.exe version 4.4.304.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10d8

Start Time: 01cfd496ae1ec297

Termination Time: 0

Application Path: C:\Program Files\Microsoft Security Client\msseces.exe

Report Id:

Error: (09/20/2014 00:49:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msseces.exe version 4.4.304.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a20

Start Time: 01cfd49502251c11

Termination Time: 0

Application Path: C:\Program Files\Microsoft Security Client\msseces.exe

Report Id:

Error: (09/20/2014 00:37:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msseces.exe version 4.4.304.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5ac

Start Time: 01cfd45643f86016

Termination Time: 0

Application Path: C:\Program Files\Microsoft Security Client\msseces.exe

Report Id:

Error: (09/18/2014 11:07:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000374
Fault offset: 0x00000000000c40f2
Faulting process id: 0x770
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3

Error: (09/18/2014 10:01:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
The RPC server is unavailable.
.

Error: (09/18/2014 10:00:53 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: A critical system process, C:\Windows\system32\lsm.exe, failed with status code 1.  The machine must now be restarted.


System errors:
=============
Error: (09/22/2014 04:53:35 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (09/21/2014 11:28:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/21/2014 11:28:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/21/2014 11:25:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (09/20/2014 05:59:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (09/20/2014 05:59:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/20/2014 05:59:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/20/2014 05:59:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/20/2014 05:59:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/20/2014 05:59:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-21 23:28:11.728
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-21 23:28:11.697
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core2 Quad CPU Q9300 @ 2.50GHz
Percentage of memory in use: 27%
Total physical RAM: 6143.05 MB
Available physical RAM: 4428.89 MB
Total Pagefile: 12284.29 MB
Available Pagefile: 10404.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:279.36 GB) (Free:49.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 279.5 GB) (Disk ID: 0A320A32)
Partition 1: (Active) - (Size=279.4 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End Of Log ============================

Link to post
Share on other sites

Ok, please do the following:

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:

    Task: {B06A960B-7852-4C32-BE7F-0FDE69D53818} - System32\Tasks\Secure Fast PC Auto Updater => C:\Users\Villert\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe [2014-09-02] ()Task: {60572B57-E099-4C39-B861-3A4EB542B2D0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970835742GUI => C:\Users\Villert\AppData\Roaming\DAEMON Tools Lite\googleupd.exe <==== ATTENTIONTask: {699EEE2F-8400-4911-8B94-D8BD87708187} - System32\Tasks\Origin => C:\Users\Villert\AppData\Roaming\Origin\update.vbe [2014-04-26] () <==== ATTENTIONS3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]2014-09-18 22:06 - 2014-09-18 22:06 - 00000000 ____D () C:\Program Files\Enigma Software Group2014-09-10 17:27 - 2014-09-10 17:27 - 00000000 _____ () C:\Windows\SysWOW64\skip2014-09-10 17:26 - 2014-09-10 17:26 - 00002960 _____ () C:\Windows\System32\Tasks\{530B3672-1954-43B1-A21A-D9B5E0C56994}2014-09-07 13:48 - 2014-09-07 13:48 - 00000000 ____D () C:\Users\Villert\AppData\Local\SFPC_Auto_Updater2014-09-07 13:33 - 2014-09-07 13:36 - 00000000 ____D () C:\Users\Villert\AppData\Roaming\Developerts LLC USA2014-09-07 13:33 - 2014-09-07 13:33 - 00004018 _____ () C:\Windows\System32\Tasks\Secure Fast PC Auto UpdaterC:\Users\Villert\AppData\Roaming\Origin\update.vbeReboot: 
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Tell me if that worked for you.

Link to post
Share on other sites

Thanks will have to wait and see if it pops up again. Fixlog below.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-09-2014
Ran by Villert at 2014-09-23 16:23:03 Run:3
Running from C:\Users\Villert\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {B06A960B-7852-4C32-BE7F-0FDE69D53818} - System32\Tasks\Secure Fast PC Auto Updater => C:\Users\Villert\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe [2014-09-02] ()
Task: {60572B57-E099-4C39-B861-3A4EB542B2D0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970835742GUI => C:\Users\Villert\AppData\Roaming\DAEMON Tools Lite\googleupd.exe <==== ATTENTION
Task: {699EEE2F-8400-4911-8B94-D8BD87708187} - System32\Tasks\Origin => C:\Users\Villert\AppData\Roaming\Origin\update.vbe [2014-04-26] () <==== ATTENTION
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-09-18 22:06 - 2014-09-18 22:06 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-10 17:27 - 2014-09-10 17:27 - 00000000 _____ () C:\Windows\SysWOW64\skip
2014-09-10 17:26 - 2014-09-10 17:26 - 00002960 _____ () C:\Windows\System32\Tasks\{530B3672-1954-43B1-A21A-D9B5E0C56994}
2014-09-07 13:48 - 2014-09-07 13:48 - 00000000 ____D () C:\Users\Villert\AppData\Local\SFPC_Auto_Updater
2014-09-07 13:33 - 2014-09-07 13:36 - 00000000 ____D () C:\Users\Villert\AppData\Roaming\Developerts LLC USA
2014-09-07 13:33 - 2014-09-07 13:33 - 00004018 _____ () C:\Windows\System32\Tasks\Secure Fast PC Auto Updater
C:\Users\Villert\AppData\Roaming\Origin\update.vbe
Reboot:

*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B06A960B-7852-4C32-BE7F-0FDE69D53818}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B06A960B-7852-4C32-BE7F-0FDE69D53818}" => Key deleted successfully.
C:\Windows\System32\Tasks\Secure Fast PC Auto Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Secure Fast PC Auto Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{60572B57-E099-4C39-B861-3A4EB542B2D0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60572B57-E099-4C39-B861-3A4EB542B2D0}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970835742GUI => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1970835742GUI" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{699EEE2F-8400-4911-8B94-D8BD87708187}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{699EEE2F-8400-4911-8B94-D8BD87708187}" => Key deleted successfully.
C:\Windows\System32\Tasks\Origin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully.
esgiguard => Service deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Windows\SysWOW64\skip => Moved successfully.
C:\Windows\System32\Tasks\{530B3672-1954-43B1-A21A-D9B5E0C56994} => Moved successfully.
C:\Users\Villert\AppData\Local\SFPC_Auto_Updater => Moved successfully.
C:\Users\Villert\AppData\Roaming\Developerts LLC USA => Moved successfully.
"C:\Windows\System32\Tasks\Secure Fast PC Auto Updater" => File/Directory not found.
C:\Users\Villert\AppData\Roaming\Origin\update.vbe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

OK,

let's do a final check up:

Step 1

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.