Jump to content

Recommended Posts

So I was using internet explorer 11 when I had a malware whatever pop up and say I had 72 hrs to send them 300 to a bit coin account. I immediately ran Malwarebytes.

 

So my comp froze so I had to restart. Did that in safe mode. Rand malware again it found the things and deleted them then restarted. I then ran it again. Got to this page

 

https://forums.malwarebytes.org/index.php?/topic/164032-cryptowall-30-removal/

 

Did what it said for me to do.

 

So far can't find anything now its coming up clean.

 

So my question is am I in the clear now? Or do I need to do something else or what. Never incountered anything like this before.

 

Any advise would be helpful thanks.

 

PS.

 

Am running Avira and Malwarebytes. Also have run Amigo360 and cleaned out things with that.

Also deleted IE 11.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015

Ran by Scratchy (administrator) on SCRATCHY-PC on 29-01-2015 17:23:32

Running from C:\Users\Scratchy\Downloads

Loaded Profiles: Scratchy &  (Available profiles: Scratchy)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

() C:\Users\Scratchy\AppData\Local\Amazon Music\Amazon Music Helper.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe

(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(360Amigo) C:\Program Files\360Amigo\360Amigo.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Google Inc.) C:\Users\Scratchy\AppData\Local\Google\Update\GoogleUpdate.exe

() C:\Users\Scratchy\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Users\Scratchy\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Scratchy\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Scratchy\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Scratchy\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Scratchy\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Scratchy\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Scratchy\AppData\Local\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11858536 2011-06-07] (Realtek Semiconductor)

HKLM\...\Run: [mgshe] => "C:\Windows\System32\rundll32.exe" ,Get

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)

HKLM-x32\...\Run: [sTCAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-03-04] (Splashtop Inc.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [ZyngaGamesAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-590944080-3211527877-2132988303-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)

HKU\S-1-5-21-590944080-3211527877-2132988303-1000\...\Run: [360Amigo] => C:\Program files\360Amigo\360Amigo.exe [5156128 2012-04-20] (360Amigo)

HKU\S-1-5-21-590944080-3211527877-2132988303-1000\...\Run: [Google Update] => C:\Users\Scratchy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-12] (Google Inc.)

HKU\S-1-5-21-590944080-3211527877-2132988303-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-03] (Google Inc.)

HKU\S-1-5-21-590944080-3211527877-2132988303-1000\...\Run: [Amazon Music] => C:\Users\Scratchy\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()

HKU\S-1-5-21-590944080-3211527877-2132988303-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Scratchy\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()

HKU\S-1-5-21-590944080-3211527877-2132988303-1000\...\Run: [WINUP] => regsvr32 "C:\Users\Scratchy\AppData\Local\Temp\reg.dll <===== ATTENTION

HKU\S-1-5-21-590944080-3211527877-2132988303-1000\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-21-590944080-3211527877-2132988303-1000\...\MountPoints2: {5afe634a-62cd-11e1-b0ec-806e6f6e6963} - D:\Run.exe

HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)

HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [360Amigo] => C:\Program files\360Amigo\360Amigo.exe [5156128 2012-04-20] (360Amigo)

HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Scratchy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-12] (Google Inc.)

HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-03] (Google Inc.)

HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\Scratchy\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()

HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Scratchy\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()

HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WINUP] => regsvr32 "C:\Users\Scratchy\AppData\Local\Temp\reg.dll <===== ATTENTION

HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5afe634a-62cd-11e1-b0ec-806e6f6e6963} - D:\Run.exe

AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)

AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)

Startup: C:\Users\Scratchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

Startup: C:\Users\Scratchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk

ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\Impulse\Now\GameStopNow.exe (GameStop Corp.)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 

HKU\S-1-5-21-590944080-3211527877-2132988303-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =http://www.msn.com/?ocid=iehp

HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

URLSearchHook: HKU\S-1-5-21-590944080-3211527877-2132988303-1000 - Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)

URLSearchHook: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)

SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect..._oid=07-02-2013

&tb_mrud=07-02-2013

 

SearchScopes: HKU\.DEFAULT -> {B902F36E-EDE2-42af-A117-BA6A5B978C79} URL = http://www.google.co...q={searchTerms}

SearchScopes: HKU\.DEFAULT -> {EC7400E0-53B8-4a69-A200-04929560874B} URL = http://search.yahoo....evm&type=IEBDSV

SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000 -> DefaultScope {8E7C3C2A-4466-4E6A-9EFE-05B1660E9EF0} URL = http://start.mysearc...r=302719530&ir=

SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000 -> {07E4D740-86EF-4757-A721-D5A5A92613F3} URL =http://websearch.ask...70-9D7D6B0FE3BE

SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000 -> {35AA4286-66B2-425A-BCA4-9385E01DC8FD} URL =http://search.condui...&ctid=CT3225826

SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =http://slirsredirect..._oid=07-02-2013

&tb_mrud=07-02-2013

 

SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000 -> {8E7C3C2A-4466-4E6A-9EFE-05B1660E9EF0} URL =http://start.mysearc...r=302719530&ir=

SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000 -> {AECF64BB-D29B-4b43-B1C9-EA611F9E2563} URL =http://search.yahoo....evm&type=IEBDSV

SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000 -> {B22E1F22-D649-4630-8BDF-BD549BAB6018} URL =http://www.google.co...q={searchTerms}

SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000 -> {F532ED18-9A09-42c8-B668-E5DE08B3AD4F} URL =http://www.bing.com/...=SPLBR1&pc=SPLH

SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {8E7C3C2A-4466-4E6A-9EFE-05B1660E9EF0} URL = http://start.mysearc...r=302719530&ir=

SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {07E4D740-86EF-4757-A721-D5A5A92613F3} URL = http://websearch.ask...70-9D7D6B0FE3BE

SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {35AA4286-66B2-425A-BCA4-9385E01DC8FD} URL = http://search.condui...&ctid=CT3225826

SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect..._oid=07-02-2013

&tb_mrud=07-02-2013

 

SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {8E7C3C2A-4466-4E6A-9EFE-05B1660E9EF0} URL = http://start.mysearc...r=302719530&ir=

SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AECF64BB-D29B-4b43-B1C9-EA611F9E2563} URL = http://search.yahoo....evm&type=IEBDSV

SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B22E1F22-D649-4630-8BDF-BD549BAB6018} URL = http://www.google.co...q={searchTerms}

SearchScopes: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {F532ED18-9A09-42c8-B668-E5DE08B3AD4F} URL = http://www.bing.com/...=SPLBR1&pc=SPLH

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Splashtop Connect VisualBookmark -> {0E5680D1-BF44-4929-94AF-FD30D784AD1D} -> C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-590944080-3211527877-2132988303-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield....er_1.0.80.2.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab

Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9-x64 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()

FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)

FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @Webzen.com/NPBrowserExt -> C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Scratchy\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()

FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Scratchy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Scratchy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Scratchy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Scratchy\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Scratchy\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()

FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Scratchy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Scratchy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Scratchy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Scratchy\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

FF Plugin HKU\S-1-5-21-590944080-3211527877-2132988303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF HKLM-x32\...\Firefox\Extensions: [{d9284e50-81fc-11da-a72b-0800200c9a66}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66}

FF Extension: Yoono - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2012-02-29]

FF HKLM-x32\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}

FF Extension: Splashtop Connect - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2012-02-29]

FF HKLM-x32\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}

FF Extension: Splashtop Connect Companion - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2012-02-29]

 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Polycraft @ turbulenz.com) - C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmbldmkkdelpflgfadnegaapddjekee [2013-06-12]

CHR Extension: (Angry Birds) - C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-10-13]

CHR Extension: (From Dust) - C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2012-10-13]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]

CHR Extension: (Adblock Plus) - C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-10]

CHR Extension: (Desktop Wallpaper Tool) - C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcfhbpblckhcihdkoogjmgfpkpnfndel [2013-04-23]

CHR Extension: (Universe) - C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\igcicgpahfpikagbhofhehldknadneld [2013-04-23]

CHR Extension: (Toggle Adblock Plus) - C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdlpiobbbbdcaklklfalojacgifffohf [2014-01-16]

CHR Extension: (Google Wallet) - C:\Users\Scratchy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (PriceChopp) - C:\ProgramData\lekoiodednopoblpmiocomkfpfhlinng\ [2013-08-23]

CHR HKLM-x32\...\Chrome\Extension: [cdjbnddbclciabnckgeahmneohjlahdm] - No Path

StartMenuInternet: Google Chrome.HS5XYGE5RBAQRB4IWWFG6PSKTU - C:\Users\Scratchy\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [805112 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-12-28] (EasyAntiCheat Ltd)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-01] (Electronic Arts)

R2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-03-03] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-03-03] ()

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S3 gdrv; \??\C:\Windows\gdrv.sys [X]

S3 GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\atBIOS\GPCIDrv64.sys [X]

S3 X6va006; \??\C:\Users\Scratchy\AppData\Local\Temp\0062371.tmp [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-29 00:28 - 2015-01-29 17:23 - 00004049 _____ () C:\Users\Scratchy\Downloads\FRST.txt

2015-01-29 00:28 - 2015-01-29 00:29 - 00039852 _____ () C:\Users\Scratchy\Downloads\Addition.txt

2015-01-29 00:10 - 2015-01-29 00:10 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Scratchy\Downloads\tdsskiller.exe

2015-01-29 00:09 - 2015-01-29 17:23 - 00000000 ____D () C:\FRST

2015-01-29 00:08 - 2015-01-29 00:08 - 02130432 _____ (Farbar) C:\Users\Scratchy\Downloads\FRST64.exe

2015-01-28 22:44 - 2015-01-28 22:46 - 00000000 ____D () C:\Users\Scratchy\Downloads\ransom_file_unlocker

2015-01-28 22:43 - 2015-01-28 22:44 - 00062065 _____ () C:\Users\Scratchy\Downloads\ransom_file_unlocker.zip

2015-01-25 18:28 - 2015-01-25 18:28 - 00000000 ____D () C:\Users\Scratchy\AppData\Roaming\java

2015-01-24 16:31 - 2015-01-24 16:32 - 02471776 _____ (mIRC Co. Ltd.) C:\Users\Scratchy\Downloads\mirc738.exe

2015-01-22 15:25 - 2015-01-22 15:24 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2015-01-22 15:25 - 2012-06-16 11:55 - 00955840 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll

2015-01-22 15:25 - 2012-06-16 11:55 - 00839096 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll

2015-01-14 07:29 - 2015-01-14 07:29 - 00000000 ____D () C:\Users\Scratchy\AppData\Local\Doctor Entertainment AB

2015-01-13 22:20 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-13 22:20 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-13 22:20 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-13 22:20 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-01-13 22:20 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-01-13 22:20 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-13 22:20 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-13 22:20 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-13 22:20 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-13 22:19 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-13 22:19 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-01-13 22:19 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-01-13 22:19 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-01-12 22:14 - 2015-01-12 22:15 - 00000000 ____D () C:\Users\Scratchy\AppData\Roaming\Trove

2015-01-12 22:02 - 2015-01-12 22:02 - 00001821 _____ () C:\Users\Scratchy\Desktop\Trove.lnk

2015-01-05 14:28 - 2015-01-05 14:28 - 02176097 _____ () C:\Users\Scratchy\Downloads\Equanimity.zip

2015-01-04 22:42 - 2015-01-04 22:42 - 00000000 ____D () C:\ProgramData\lekoiodednopoblpmiocomkfpfhlinng

2015-01-04 22:42 - 2015-01-04 22:42 - 00000000 ____D () C:\ProgramData\3571515561652893507

2015-01-04 15:00 - 2015-01-04 15:00 - 00000003 _____ () C:\Windows\system32\HRUPPROG.EXIT

2015-01-02 07:59 - 2015-01-02 07:59 - 00000000 _____ () C:\dummy.wav

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-29 17:01 - 2012-08-29 14:29 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590944080-3211527877-2132988303-1000UA.job

2015-01-29 16:52 - 2012-03-03 20:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-29 16:01 - 2012-08-29 14:29 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590944080-3211527877-2132988303-1000Core.job

2015-01-29 15:28 - 2012-02-29 02:12 - 01392689 _____ () C:\Windows\WindowsUpdate.log

2015-01-29 00:08 - 2014-06-13 14:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-28 23:46 - 2009-07-13 22:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-28 23:46 - 2009-07-13 22:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-28 23:37 - 2012-03-03 06:41 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-01-28 23:36 - 2012-03-10 22:42 - 00000000 ____D () C:\Users\Scratchy\AppData\Local\Deployment

2015-01-28 23:34 - 2013-09-29 20:36 - 00000000 ____D () C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

2015-01-28 23:34 - 2012-03-03 20:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-28 23:34 - 2012-02-29 02:20 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-01-28 23:34 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-28 22:11 - 2014-10-21 07:27 - 00000000 ____D () C:\Users\Scratchy\AppData\Local\Adobe

2015-01-28 22:08 - 2012-02-29 02:12 - 00000000 ____D () C:\Users\Scratchy

2015-01-28 20:51 - 2012-03-24 19:58 - 00000000 ____D () C:\Users\Scratchy\AppData\Roaming\TS3Client

2015-01-25 20:23 - 2012-06-15 18:49 - 00000000 ____D () C:\Users\Scratchy\Documents\My Kindle Content

2015-01-25 19:58 - 2013-09-29 14:12 - 00000000 ____D () C:\Users\Scratchy\AppData\Roaming\Guild Wars 2

2015-01-25 19:57 - 2012-08-24 21:32 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2

2015-01-25 18:28 - 2012-03-07 21:02 - 00000000 ____D () C:\Users\Scratchy\AppData\Roaming\.minecraft

2015-01-24 17:01 - 2014-04-05 16:13 - 00000000 ____D () C:\Users\Scratchy\AppData\Roaming\mIRC

2015-01-24 16:32 - 2014-04-05 16:13 - 00000911 _____ () C:\Users\Public\Desktop\mIRC.lnk

2015-01-24 16:32 - 2014-04-05 16:13 - 00000000 ____D () C:\Program Files (x86)\mIRC

2015-01-24 07:49 - 2012-04-02 14:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-24 07:49 - 2012-03-03 03:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-22 15:43 - 2013-10-19 19:35 - 00000000 ____D () C:\ProgramData\Oracle

2015-01-22 15:27 - 2012-03-07 21:02 - 00000000 ____D () C:\Program Files (x86)\Java

2015-01-22 15:25 - 2013-11-09 20:28 - 00002433 _____ () C:\Users\Scratchy\Desktop\Wurm Online.lnk

2015-01-22 15:24 - 2012-06-16 11:56 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2015-01-22 15:24 - 2012-06-16 11:55 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2015-01-22 15:24 - 2012-06-16 11:55 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2015-01-22 15:24 - 2012-06-16 11:55 - 00000000 ____D () C:\Program Files\Java

2015-01-22 15:23 - 2014-11-06 20:45 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2015-01-22 15:23 - 2014-11-06 20:44 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2015-01-22 15:23 - 2014-11-06 20:44 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2015-01-22 15:23 - 2014-11-06 20:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-01-15 20:50 - 2012-06-26 21:49 - 00000024 _____ () C:\Users\Scratchy\random.dat

2015-01-15 20:36 - 2012-06-26 21:49 - 00000047 _____ () C:\Users\Scratchy\jagex_cl_runescape_LIVE.dat

2015-01-15 19:03 - 2012-03-27 20:31 - 00000000 ____D () C:\Users\Scratchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2015-01-14 20:11 - 2014-07-18 16:17 - 00000000 ____D () C:\Users\Scratchy\Documents\ArcheAge

2015-01-14 19:34 - 2014-07-18 13:47 - 00000000 ____D () C:\Program Files (x86)\Glyph

2015-01-14 03:12 - 2013-08-07 21:48 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-14 03:01 - 2012-03-03 16:38 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-13 20:06 - 2012-02-29 03:04 - 00000000 ____D () C:\ProgramData\Splashtop

2015-01-13 20:06 - 2012-02-29 02:59 - 00000000 ____D () C:\Program Files (x86)\Splashtop

2015-01-08 14:04 - 2012-09-28 06:58 - 00000000 ____D () C:\ProgramData\Origin

2015-01-08 13:10 - 2012-09-28 06:58 - 00000000 ____D () C:\Program Files (x86)\Origin

2015-01-06 06:26 - 2014-06-13 14:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-06 06:26 - 2012-04-07 11:58 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios

2015-01-06 06:24 - 2013-11-24 23:33 - 00000000 ____D () C:\Users\Scratchy\AppData\Roaming\Search Protection

2015-01-06 06:24 - 2012-12-07 13:14 - 00000000 ____D () C:\Users\Scratchy\AppData\Local\CRE

2015-01-06 04:36 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2015-01-04 23:00 - 2014-06-13 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-04 23:00 - 2012-03-25 16:08 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-04 15:29 - 2012-03-03 08:21 - 00000000 ____D () C:\Users\Scratchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2015-01-04 15:02 - 2012-04-07 11:58 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios

2015-01-04 15:02 - 2012-02-29 02:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-01-04 15:00 - 2012-05-29 20:26 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT

2015-01-01 20:18 - 2012-03-26 16:07 - 00000000 ____D () C:\Users\Scratchy\Documents\Settlers7

2014-12-31 07:13 - 2012-06-04 17:32 - 00000000 ____D () C:\Program Files (x86)\Impulse

 

==================== Files in the root of some directories =======

 

2012-08-19 15:58 - 2012-08-19 15:58 - 0001193 _____ () C:\Program Files (x86)\InstLog.txt

2012-03-10 00:16 - 2012-03-10 00:16 - 0066652 _____ () C:\Users\Scratchy\AppData\Roaming\icarus-dxdiag.xml

2013-03-16 14:40 - 2013-03-16 14:40 - 0000000 _____ () C:\Users\Scratchy\AppData\Roaming\SharedSettings.ccs

2014-02-28 09:57 - 2014-02-28 09:57 - 0000045 _____ () C:\Users\Scratchy\AppData\Roaming\WB.CFG

2012-03-06 19:33 - 2012-03-06 19:33 - 0000096 _____ () C:\Users\Scratchy\AppData\Local\fusioncache.dat

2012-03-03 17:52 - 2013-11-17 00:37 - 0007602 _____ () C:\Users\Scratchy\AppData\Local\Resmon.ResmonCfg

2013-03-16 14:45 - 2013-03-16 14:45 - 0046499 _____ () C:\Users\Scratchy\AppData\Local\vmkijeqi

2012-10-19 15:24 - 2012-10-19 15:24 - 0000040 _____ () C:\ProgramData\ra3.ini

 

Files to move or delete:

====================

C:\Users\Scratchy\jagex_cl_runescape_LIVE.dat

C:\Users\Scratchy\random.dat

 

 

Some content of TEMP:

====================

C:\Users\Scratchy\AppData\Local\Temp\42187uninstall.exe

C:\Users\Scratchy\AppData\Local\Temp\85570a40b7f6fc68.exe

C:\Users\Scratchy\AppData\Local\Temp\aol_toolbar.exe

C:\Users\Scratchy\AppData\Local\Temp\AskSLib.dll

C:\Users\Scratchy\AppData\Local\Temp\avgnt.exe

C:\Users\Scratchy\AppData\Local\Temp\bdfilters.dll

C:\Users\Scratchy\AppData\Local\Temp\BRSVC_44720291_hlp.exe

C:\Users\Scratchy\AppData\Local\Temp\drm_dyndata_7370014.dll

C:\Users\Scratchy\AppData\Local\Temp\HitmanPro.exe

C:\Users\Scratchy\AppData\Local\Temp\install_flashplayer11x32axau_mssd_aaa_aih.exe

C:\Users\Scratchy\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe

C:\Users\Scratchy\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe

C:\Users\Scratchy\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Scratchy\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Scratchy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Scratchy\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Scratchy\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Scratchy\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Scratchy\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\Scratchy\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Scratchy\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

C:\Users\Scratchy\AppData\Local\Temp\jre-8u31-windows-au.exe

C:\Users\Scratchy\AppData\Local\Temp\mirc732.exe

C:\Users\Scratchy\AppData\Local\Temp\mirc738.exe

C:\Users\Scratchy\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.6.exe

C:\Users\Scratchy\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.7.exe

C:\Users\Scratchy\AppData\Local\Temp\Nexus%20Mod%20Manager-0.48.1.exe

C:\Users\Scratchy\AppData\Local\Temp\Nexus%20Mod%20Manager-0.48.2.exe

C:\Users\Scratchy\AppData\Local\Temp\Nexus%20Mod%20Manager-0.49.8.exe

C:\Users\Scratchy\AppData\Local\Temp\Nexus%20Mod%20Manager-0.50.3.exe

C:\Users\Scratchy\AppData\Local\Temp\Nexus%20Mod%20Manager-0.52.2.exe

C:\Users\Scratchy\AppData\Local\Temp\NGMDll.dll

C:\Users\Scratchy\AppData\Local\Temp\NGMResource.dll

C:\Users\Scratchy\AppData\Local\Temp\NGMSetup.exe

C:\Users\Scratchy\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Scratchy\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\Scratchy\AppData\Local\Temp\nvSCPAPISvr.exe

C:\Users\Scratchy\AppData\Local\Temp\nvStInst.exe

C:\Users\Scratchy\AppData\Local\Temp\q32xljsy.dll

C:\Users\Scratchy\AppData\Local\Temp\riftuninstall.exe

C:\Users\Scratchy\AppData\Local\Temp\Setup_Downloader_3.5.6_beta.exe

C:\Users\Scratchy\AppData\Local\Temp\Sqlite3.dll

C:\Users\Scratchy\AppData\Local\Temp\SRLDetectionLibrary501718332155855235.dll

C:\Users\Scratchy\AppData\Local\Temp\SRLDetectionLibrary5983991367547541598.dll

C:\Users\Scratchy\AppData\Local\Temp\SRLDetectionLibrary7453401083426791772.dll

C:\Users\Scratchy\AppData\Local\Temp\swt-win32-3740.dll

C:\Users\Scratchy\AppData\Local\Temp\tmp2E06.exe

C:\Users\Scratchy\AppData\Local\Temp\tmp3ED8.exe

C:\Users\Scratchy\AppData\Local\Temp\tmp5047.exe

C:\Users\Scratchy\AppData\Local\Temp\tmp6696.exe

C:\Users\Scratchy\AppData\Local\Temp\tmp8C98.exe

C:\Users\Scratchy\AppData\Local\Temp\tmp9B77.exe

C:\Users\Scratchy\AppData\Local\Temp\tmpA5D4.exe

C:\Users\Scratchy\AppData\Local\Temp\tmpC344.exe

C:\Users\Scratchy\AppData\Local\Temp\unicows.dll

C:\Users\Scratchy\AppData\Local\Temp\Uninstaller-4020.exe

C:\Users\Scratchy\AppData\Local\Temp\Uninstaller-4432.exe

C:\Users\Scratchy\AppData\Local\Temp\Uninstaller-8188.exe

C:\Users\Scratchy\AppData\Local\Temp\uttD6B6.tmp.exe

C:\Users\Scratchy\AppData\Local\Temp\_is6DF0.exe

C:\Users\Scratchy\AppData\Local\Temp\__pythonRunner.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-25 00:16

 

==================== End Of Log ============================

 

Oops sorry about that.

 

Also A buddy of mine told me to get something called advanced System Care. Running it now its finding and fixing a lot of stuff.

Link to post
Share on other sites

Also A buddy of mine told me to get something called advanced System Care. Running it now its finding and fixing a lot of stuff.

 

I don't think even the creators of this software know what actually it is fixing  :D

 

No offense, but your buddy don't know what is he doing. Just pray this software doesn't mess something on your PC. This software should never be used on any PC, it is full of bugs and their company steals work of other companies, MalwareBytes is one of them.

 

You're missing Addition.txt report and please upload reports instead of copy paste.

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.