Jump to content

Recommended Posts

Hi

I have a trojan in my temp folder using my CPU.

At the moment i have deleted the svchost.exe and made a folder with the same name to try and stop it making a new one (if that works LOL)

When I quarantined it, it came back after reboot.

I ran FRST, but i hope you can see the problem after i deleted the trojan itself... I think there is something else making a new one every time, i have uninstalled VUZE already for this.

 

 

Addition.txt

FRST.txt

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Read the following link before we continue and run Combofix:

 

ComboFix usage, Questions, Help? - Look here

 

Next,

 

Download Combofix from either of the following links :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

http://www.infospyware.net/antimalware/combofix/

 


Ensure that Combofix is saved directly to the Desktop <--- Very important
 
Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
 
Close any open browsers and any other programs you might have running
 
Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
 
Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
 
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
 
When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*


    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

Link to post
Share on other sites

ComboFix 15-01-08.01 - Stan 09-01-2015  22:15:18.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1033.18.3957.1436 [GMT 1:00]

Gestart vanuit: d:\desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\END

c:\users\Stan\AppData\Roaming\Local

c:\users\Stan\AppData\Roaming\Local\Skyrim\DLCList.txt

c:\users\Stan\AppData\Roaming\Local\Skyrim\plugins.txt

c:\windows\MICROSOFT

c:\windows\MICROSOFT\sogr\BaseLibrary.dll

c:\windows\MICROSOFT\sogr\ConfigurationData.dll

c:\windows\MICROSOFT\sogr\InstallerLibrary.dll

c:\windows\MICROSOFT\sogr\Newtonsoft.Json.dll

c:\windows\MICROSOFT\sogr\SQLite.Interop.dll

c:\windows\MICROSOFT\sogr\System.Data.SQLite.dll

.

.

((((((((((((((((((((   Bestanden Gemaakt van 2014-12-09 to 2015-01-09  ))))))))))))))))))))))))))))))

.

.

2015-01-09 21:18 . 2015-01-09 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2015-01-09 19:19 . 2015-01-09 19:19 79064 ----a-w- c:\windows\system32\drivers\jtvptqe.sys

2015-01-09 19:17 . 2015-01-09 19:23 -------- d-----w- C:\FRST

2015-01-09 19:01 . 2015-01-09 19:01 79064 ----a-w- c:\windows\system32\drivers\wmcmixhe.sys

2015-01-09 15:37 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{119D0598-96CC-4162-8CF7-BF961250954B}\mpengine.dll

2015-01-05 22:00 . 2015-01-07 18:24 -------- d-----w- c:\users\Stan\AppData\Local\osu!

2014-12-27 19:36 . 2014-12-28 15:56 -------- d-----w- c:\users\Stan\AppData\Local\Game Dev Tycoon

2014-12-27 15:39 . 2014-12-27 15:40 -------- d-----w- c:\users\Stan\AppData\Roaming\MMFApplications

2014-12-27 15:39 . 2014-12-27 15:39 -------- d-----w- C:\Games

2014-12-24 23:21 . 2014-12-24 23:21 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET

2014-12-23 16:14 . 2014-11-22 10:46 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys

2014-12-23 16:14 . 2014-11-22 10:46 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll

2014-12-19 22:29 . 2014-12-19 22:29 -------- d-----w- c:\users\Stan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2014-12-19 20:21 . 2014-12-19 20:21 -------- d-----w- c:\users\Stan\AppData\Roaming\PDAppFlex

2014-12-19 20:18 . 2014-12-19 20:18 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2014-12-19 20:18 . 2014-12-19 20:18 -------- d-----w- c:\program files\Adobe

2014-12-19 20:17 . 2014-12-19 20:18 -------- d-----w- c:\program files\Common Files\Adobe

2014-12-19 20:16 . 2014-12-19 20:18 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2014-12-19 20:09 . 2014-12-19 20:09 -------- d-----w- c:\program files\7-Zip

2014-12-18 16:10 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe

2014-12-18 16:10 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2014-12-16 14:35 . 2015-01-09 13:35 -------- d-----w- c:\users\Stan\AppData\Local\Adobe

2014-12-13 12:36 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2014-12-13 12:36 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2014-12-13 12:36 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2014-12-11 16:19 . 2014-11-27 01:43 813744 ----a-w- c:\program files\Internet Explorer\iexplore.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-01-09 19:11 . 2014-08-22 20:19 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-01-06 03:36 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe

2014-12-16 14:36 . 2014-08-22 12:09 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-12-16 14:36 . 2014-08-22 12:09 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-12-13 00:12 . 2014-08-25 10:19 1291464 ----a-w- c:\windows\SysWow64\nvspbridge.dll

2014-12-13 00:12 . 2014-08-22 15:02 2210040 ----a-w- c:\windows\SysWow64\nvspcap.dll

2014-12-13 00:12 . 2014-08-25 10:19 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll

2014-12-13 00:12 . 2014-08-22 15:02 2824504 ----a-w- c:\windows\system32\nvspcap64.dll

2014-12-11 22:44 . 2014-08-22 20:28 112710672 ----a-w- c:\windows\system32\MRT.exe

2014-11-22 10:46 . 2014-08-22 15:01 35472 ----a-w- c:\windows\system32\nvaudcap64v.dll

2014-11-21 05:14 . 2014-08-22 12:08 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-11-21 05:14 . 2014-08-22 12:08 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-11-21 05:14 . 2014-08-22 12:08 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL

2014-11-11 03:08 . 2014-11-19 08:28 241152 ----a-w- c:\windows\system32\pku2u.dll

2014-11-11 03:08 . 2014-11-19 08:28 728064 ----a-w- c:\windows\system32\kerberos.dll

2014-11-11 02:44 . 2014-11-19 08:28 186880 ----a-w- c:\windows\SysWow64\pku2u.dll

2014-11-11 02:44 . 2014-11-19 08:28 550912 ----a-w- c:\windows\SysWow64\kerberos.dll

2014-10-25 01:57 . 2014-11-13 17:46 77824 ----a-w- c:\windows\system32\packager.dll

2014-10-25 01:32 . 2014-11-13 17:46 67584 ----a-w- c:\windows\SysWow64\packager.dll

2014-10-23 15:51 . 2014-10-23 15:51 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2014-10-23 15:51 . 2014-10-23 15:51 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2014-10-18 09:05 . 2014-10-18 09:04 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-10-18 02:05 . 2014-11-13 17:46 861696 ----a-w- c:\windows\system32\oleaut32.dll

2014-10-18 01:33 . 2014-11-13 17:46 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2014-10-14 02:16 . 2014-11-13 17:47 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2014-10-14 02:13 . 2014-11-13 17:47 683520 ----a-w- c:\windows\system32\termsrv.dll

2014-10-14 02:12 . 2014-11-13 17:47 1460736 ----a-w- c:\windows\system32\lsasrv.dll

2014-10-14 02:09 . 2014-11-13 17:47 146432 ----a-w- c:\windows\system32\msaudite.dll

2014-10-14 02:07 . 2014-11-13 17:47 681984 ----a-w- c:\windows\system32\adtschema.dll

2014-10-14 01:50 . 2014-11-13 17:47 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2014-10-14 01:49 . 2014-11-13 17:47 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2014-10-14 01:47 . 2014-11-13 17:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll

2014-10-14 01:46 . 2014-11-13 17:47 681984 ----a-w- c:\windows\SysWow64\adtschema.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify"="c:\users\Stan\AppData\Roaming\Spotify\Spotify.exe" [2014-12-12 6737976]

"Spotify Web Helper"="c:\users\Stan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-12 1676344]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]

"GoogleChromeAutoLaunch_1EB7E314B847FE05F41899FEAEB750CF"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-12-06 856904]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2014-11-21 54072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBET;USB 2.0 WebCAM;c:\windows\system32\DRIVERS\ETdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ETdrv.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S1 netmon_wfp;netmon_wfp;c:\windows\system32\drivers\netmon_wfp.sys;c:\windows\SYSNATIVE\drivers\netmon_wfp.sys [x]

S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files (x86)\HiRez\HiPatchService.exe;d:\program files (x86)\HiRez\HiPatchService.exe [x]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]

S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 rzjstk;Razer Virtual Joystick Driver;c:\windows\system32\DRIVERS\rzjstk.sys;c:\windows\SYSNATIVE\DRIVERS\rzjstk.sys [x]

S3 rzkeypadendpt;Razer Keypad Endpoint;c:\windows\system32\DRIVERS\rzkeypadendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzkeypadendpt.sys [x]

S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-12-10 15:55 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2015-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-22 14:36]

.

2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-04 09:19]

.

2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-04 09:19]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xporteren naar Microsoft Excel - d:\progra~1\Office\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.2

FF - ProfilePath - c:\users\Stan\AppData\Roaming\Mozilla\Firefox\Profiles\3knne5wq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/

.

- - - - ORPHANS VERWIJDERD - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-Setup - The SIMS 4  Deluxe Edition - d:\program files (x86)\The SIMS 4 - Deluxe Edition\unins000.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2015-01-09  22:20:04

ComboFix-quarantined-files.txt  2015-01-09 21:20

.

Pre-Run: 36.334.489.600 bytes free

Post-Run: 38.067.949.568 bytes free

.

- - End Of File - - EC8C69F3FC81399698E926FE8156FBB5

A36C5E4F47E84449FF07ED3517B43A31

Link to post
Share on other sites

Language is ok, One other point, I do not see any Anti-Virus security, is that correct? Continue:

 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

File::c:\windows\system32\drivers\jtvptqe.sysc:\windows\system32\drivers\wmcmixhe.sysClearJavaCache::

 

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply...

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an upate on any remaining issues or concerns....

 

Thanks,

 

Kevin...

Link to post
Share on other sites

jrComboFix 15-01-08.01 - Stan 09-01-2015  22:50:06.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1033.18.3957.2409 [GMT 1:00]

Gestart vanuit: d:\desktop\ComboFix.exe

gebruikte Opdracht switches :: d:\desktop\CFScript.txt.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\drivers\jtvptqe.sys"

"c:\windows\system32\drivers\wmcmixhe.sys"

.

.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\jtvptqe.sys

c:\windows\system32\drivers\wmcmixhe.sys

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_ydfxfa

-------\Service_ynrbdlbb

.

.

((((((((((((((((((((   Bestanden Gemaakt van 2014-12-09 to 2015-01-09  ))))))))))))))))))))))))))))))

.

.

2015-01-09 21:52 . 2015-01-09 21:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2015-01-09 19:17 . 2015-01-09 19:23 -------- d-----w- C:\FRST

2015-01-09 15:37 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{119D0598-96CC-4162-8CF7-BF961250954B}\mpengine.dll

2015-01-05 22:00 . 2015-01-07 18:24 -------- d-----w- c:\users\Stan\AppData\Local\osu!

2014-12-27 19:36 . 2014-12-28 15:56 -------- d-----w- c:\users\Stan\AppData\Local\Game Dev Tycoon

2014-12-27 15:39 . 2014-12-27 15:40 -------- d-----w- c:\users\Stan\AppData\Roaming\MMFApplications

2014-12-27 15:39 . 2014-12-27 15:39 -------- d-----w- C:\Games

2014-12-24 23:21 . 2014-12-24 23:21 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET

2014-12-23 16:14 . 2014-11-22 10:46 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys

2014-12-23 16:14 . 2014-11-22 10:46 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll

2014-12-19 22:29 . 2014-12-19 22:29 -------- d-----w- c:\users\Stan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2014-12-19 20:21 . 2014-12-19 20:21 -------- d-----w- c:\users\Stan\AppData\Roaming\PDAppFlex

2014-12-19 20:18 . 2014-12-19 20:18 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2014-12-19 20:18 . 2014-12-19 20:18 -------- d-----w- c:\program files\Adobe

2014-12-19 20:17 . 2014-12-19 20:18 -------- d-----w- c:\program files\Common Files\Adobe

2014-12-19 20:16 . 2014-12-19 20:18 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2014-12-19 20:09 . 2014-12-19 20:09 -------- d-----w- c:\program files\7-Zip

2014-12-18 16:10 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe

2014-12-18 16:10 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2014-12-16 14:35 . 2015-01-09 13:35 -------- d-----w- c:\users\Stan\AppData\Local\Adobe

2014-12-13 12:36 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2014-12-13 12:36 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2014-12-13 12:36 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2014-12-11 16:19 . 2014-11-27 01:43 813744 ----a-w- c:\program files\Internet Explorer\iexplore.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-01-09 19:11 . 2014-08-22 20:19 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-01-06 03:36 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe

2014-12-16 14:36 . 2014-08-22 12:09 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-12-16 14:36 . 2014-08-22 12:09 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-12-13 00:12 . 2014-08-25 10:19 1291464 ----a-w- c:\windows\SysWow64\nvspbridge.dll

2014-12-13 00:12 . 2014-08-22 15:02 2210040 ----a-w- c:\windows\SysWow64\nvspcap.dll

2014-12-13 00:12 . 2014-08-25 10:19 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll

2014-12-13 00:12 . 2014-08-22 15:02 2824504 ----a-w- c:\windows\system32\nvspcap64.dll

2014-12-11 22:44 . 2014-08-22 20:28 112710672 ----a-w- c:\windows\system32\MRT.exe

2014-11-22 10:46 . 2014-08-22 15:01 35472 ----a-w- c:\windows\system32\nvaudcap64v.dll

2014-11-21 05:14 . 2014-08-22 12:08 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-11-21 05:14 . 2014-08-22 12:08 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-11-21 05:14 . 2014-08-22 12:08 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL

2014-11-11 03:08 . 2014-11-19 08:28 241152 ----a-w- c:\windows\system32\pku2u.dll

2014-11-11 03:08 . 2014-11-19 08:28 728064 ----a-w- c:\windows\system32\kerberos.dll

2014-11-11 02:44 . 2014-11-19 08:28 186880 ----a-w- c:\windows\SysWow64\pku2u.dll

2014-11-11 02:44 . 2014-11-19 08:28 550912 ----a-w- c:\windows\SysWow64\kerberos.dll

2014-10-25 01:57 . 2014-11-13 17:46 77824 ----a-w- c:\windows\system32\packager.dll

2014-10-25 01:32 . 2014-11-13 17:46 67584 ----a-w- c:\windows\SysWow64\packager.dll

2014-10-23 15:51 . 2014-10-23 15:51 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2014-10-23 15:51 . 2014-10-23 15:51 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2014-10-18 09:05 . 2014-10-18 09:04 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-10-18 02:05 . 2014-11-13 17:46 861696 ----a-w- c:\windows\system32\oleaut32.dll

2014-10-18 01:33 . 2014-11-13 17:46 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2014-10-14 02:16 . 2014-11-13 17:47 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2014-10-14 02:13 . 2014-11-13 17:47 683520 ----a-w- c:\windows\system32\termsrv.dll

2014-10-14 02:12 . 2014-11-13 17:47 1460736 ----a-w- c:\windows\system32\lsasrv.dll

2014-10-14 02:09 . 2014-11-13 17:47 146432 ----a-w- c:\windows\system32\msaudite.dll

2014-10-14 02:07 . 2014-11-13 17:47 681984 ----a-w- c:\windows\system32\adtschema.dll

2014-10-14 01:50 . 2014-11-13 17:47 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2014-10-14 01:49 . 2014-11-13 17:47 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2014-10-14 01:47 . 2014-11-13 17:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll

2014-10-14 01:46 . 2014-11-13 17:47 681984 ----a-w- c:\windows\SysWow64\adtschema.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify"="c:\users\Stan\AppData\Roaming\Spotify\Spotify.exe" [2014-12-12 6737976]

"Spotify Web Helper"="c:\users\Stan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-12 1676344]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]

"GoogleChromeAutoLaunch_1EB7E314B847FE05F41899FEAEB750CF"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-12-06 856904]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBET;USB 2.0 WebCAM;c:\windows\system32\DRIVERS\ETdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ETdrv.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S1 netmon_wfp;netmon_wfp;c:\windows\system32\drivers\netmon_wfp.sys;c:\windows\SYSNATIVE\drivers\netmon_wfp.sys [x]

S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]

S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files (x86)\HiRez\HiPatchService.exe;d:\program files (x86)\HiRez\HiPatchService.exe [x]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]

S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 rzjstk;Razer Virtual Joystick Driver;c:\windows\system32\DRIVERS\rzjstk.sys;c:\windows\SYSNATIVE\DRIVERS\rzjstk.sys [x]

S3 rzkeypadendpt;Razer Keypad Endpoint;c:\windows\system32\DRIVERS\rzkeypadendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzkeypadendpt.sys [x]

S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-12-10 15:55 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2015-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-22 14:36]

.

2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-04 09:19]

.

2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-04 09:19]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xporteren naar Microsoft Excel - d:\progra~1\Office\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.2

FF - ProfilePath - c:\users\Stan\AppData\Roaming\Mozilla\Firefox\Profiles\3knne5wq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/

.

- - - - ORPHANS VERWIJDERD - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-Setup - The SIMS 4  Deluxe Edition - d:\program files (x86)\The SIMS 4 - Deluxe Edition\unins000.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\ASUS\APRP\aprp.exe

.

**************************************************************************

.

Voltooingstijd: 2015-01-09  22:54:45 - machine werd herstart

ComboFix-quarantined-files.txt  2015-01-09 21:54

ComboFix2.txt  2015-01-09 21:20

.

Pre-Run: 38.105.153.536 bytes free

Post-Run: 39.208.591.360 bytes free

.

- - End Of File - - 9AA55FCDE2409E9DCDB911CFBC46FAB8

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

And this is MBAM scan... It didnt find anything:

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9-1-2015
Scan Time: 22:56:29
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.09.16
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Stan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339553
Time Elapsed: 5 min, 9 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

# AdwCleaner v4.107 - Report created 09/01/2015 at 23:09:28

# Updated 07/01/2015 by Xplode

# Database : 2015-01-03.1 [Live]

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Stan - STAN-PC

# Running from : D:\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\PicRec

Folder Deleted : C:\Program Files (x86)\PicRec (x86)

File Deleted : C:\Users\Stan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage

File Deleted : C:\Users\Stan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal

File Deleted : C:\Users\Stan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\DF917BEA0BDE9E345B42099FC7E14699

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\DF917BEA0BDE9E345B42099FC7E14699

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DF917BEA0BDE9E345B42099FC7E14699

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17496

 

 

-\\ Mozilla Firefox v32.0.3 (x86 nl)

 

 

-\\ Google Chrome v39.0.2171.95

 

 

-\\ Chromium v

 

 

*************************

 

AdwCleaner[R0].txt - [1668 octets] - [09/01/2015 23:07:54]

AdwCleaner[s0].txt - [1562 octets] - [09/01/2015 23:09:28]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1622 octets] ##########
Link to post
Share on other sites

We're getting there!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Stan on vr 09-01-2015 at 23:11:54,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on vr 09-01-2015 at 23:15:41,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)

Started On Fri Aug 22 22:28:43 2014

 

Engine: 1.1.10802.0

Signatures: 1.179.1796.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 22 22:29:38 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)

Started On Thu Sep 11 22:58:21 2014

 

Engine: 1.1.10904.0

Signatures: 1.183.882.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 11 22:59:47 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Thu Oct 16 23:37:20 2014

 

Engine: 1.1.11005.0

Signatures: 1.185.2035.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 16 23:38:47 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Thu Nov 13 23:16:42 2014

 

Engine: 1.1.11104.0

Signatures: 1.187.1116.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 13 23:18:18 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Dec 11 23:44:33 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 11 23:46:20 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Fri Jan 09 23:18:17 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

 

Results Summary:

----------------

No infection found.

Link to post
Share on other sites

Hey Kevin, I guess were done here! :)

I haven't had any other issues, but if something would happen ill contact you.

Ill install some anti virus tomorrow!

 

If I were in a position to donate I would, maybe in some time. I'm 16 so don't really have the money for it :P

 

Keep up the amazing work! 

 

Hopefully I won't have to bother you anytime soon, so have a great 2015!

 

Sincerely Stan

Link to post
Share on other sites

Don`t worry about donations, but we still need to clean up..

 

Download and run this:

 

http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE

 

That will remove Combofix and associated folders...

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


    Activate UAC
    Remove disinfection tools
     Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

If no remaining issues/concerns are we ok to close out?

 

Thanks,

 

Kevin...

Link to post
Share on other sites

Where does it run from, temp folder again?

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- Vista/W7/8

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

 

Thanks...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.