Jump to content

Removing Bitcoin miner


Recommended Posts

After nearly a year of my computer being unbootable, not sure why, I tried to turn it back on, then suddenly, amazingly it booted back on!

 

My old topic was locked due to inactivity

 

"http://www.search.ask.com/?tpid=BTR-V7&o=APN11584&pf=V7&trgb=CR&p2=Replaced,[94d18f0a94f68da9b1c0531d897db34d]EBJ2Replaced,[94d18f0a94f68da9b1c0531d897db34d]EYYYYYYReplaced,[94d18f0a94f68da9b1c0531d897db34d]EYYReplaced,[94d18f0a94f68da9b1c0531d897db34d]EMY&gct=hp&apn_ptnrs=Replaced,[94d18f0a94f68da9b1c0531d897db34d]EBJ2&apn_dtid=Replaced,[94d18f0a94f68da9b1c0531d897db34d]EYYYYYYReplaced,[94d18f0a94f68da9b1c0531d897db34d]EYYReplaced,[94d18f0a94f68da9b1c0531d897db34d]EMY&apn_dbr=cr_34.0.1847.131&apn_uid=D9B9A5A1-B412-4ABE-9662-EAA1524012A9&itbv=12.11.0.5199&doi=2014-05-22&psv=&pt=crx" ],), Replaced,[94d18f0a94f68da9b1c0531d897db34d]

 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by user (administrator) on ADMIN on 29-05-2015 06:48:01
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Windows\DAODx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17129_none_fa6387b99b0c7738\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816272 2014-06-23] (LogMeIn Inc.)
HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [Desura] => C:\Program Files (x86)\Desura\desura.exe [2529096 2013-11-29] (Desura Pty Ltd)
HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-30] (Spotify Ltd)
HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\MountPoints2: {a321c301-5660-11e3-824f-806e6f6e6963} - "E:\Autorun.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-05-19]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-06-22] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-06-22] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{7B973AAA-AC39-4459-AC01-505769C22994}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-22] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-1375052093-4268391962-1033398323-1001: @nsroblox.roblox.com/launcher -> C:\Users\user\AppData\Local\Roblox\Versions\version-266c1c454a3c46ab\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.73\coFFFw
 
Chrome: 
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2649840 2013-03-01] (Blue Coat Systems, Inc.)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-13] (Hi-Rez Studios) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
S3 athur; C:\Windows\system32\DRIVERS\athuw8x.sys [3744256 2012-11-22] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
R2 bckd; C:\Windows\System32\drivers\bckd.sys [127216 2013-03-01] (Blue Coat Systems, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-12-15] (DT Soft Ltd)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 cpuz136; \??\C:\Users\user\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-29 06:48 - 2015-05-29 06:49 - 00009513 _____ () C:\Users\user\Desktop\FRST.txt
2015-05-29 06:45 - 2015-05-29 06:45 - 02108928 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2015-05-29 05:59 - 2015-05-29 05:59 - 00010482 _____ () C:\Users\user\Desktop\MBAM.txt
2015-05-29 05:26 - 2015-05-29 05:26 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-05-29 05:26 - 2015-05-29 05:26 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-05-19 02:30 - 2015-05-19 02:30 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-19 02:30 - 2015-05-19 02:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-19 02:30 - 2015-05-19 02:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-19 02:30 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-19 02:30 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-19 02:30 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-19 02:29 - 2015-05-19 02:29 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-19 01:43 - 2015-05-19 01:43 - 00000000 ____D () C:\Users\user\AppData\Local\openvr
2015-05-19 01:42 - 2015-05-19 01:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\TP-LINK
2015-05-19 01:42 - 2015-05-19 01:42 - 00002287 _____ () C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
2015-05-19 01:42 - 2015-05-19 01:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2015-05-19 01:42 - 2015-05-19 01:42 - 00000000 ____D () C:\Program Files (x86)\TP-LINK
2015-05-19 01:40 - 2013-04-18 17:13 - 00010414 _____ () C:\WINDOWS\system32\athw8x.cat
2015-05-19 01:40 - 2013-01-22 14:41 - 03653632 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw8x.sys
2015-05-19 01:40 - 2013-01-22 14:41 - 03653632 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athw8x.sys
2015-05-19 01:34 - 2015-03-23 06:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-05-19 01:34 - 2015-03-23 06:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-05-19 01:34 - 2015-03-23 06:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-05-19 01:34 - 2015-03-23 06:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-05-19 01:34 - 2015-03-23 06:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-05-19 01:34 - 2015-03-23 06:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-05-19 01:34 - 2015-03-23 06:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-05-19 01:34 - 2014-12-03 07:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-05-19 01:33 - 2015-05-19 01:33 - 00000000 ____D () C:\Users\user\AppData\Local\Steam
2015-05-19 01:33 - 2015-01-21 13:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-05-19 01:33 - 2015-01-21 13:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-05-19 00:43 - 2015-05-19 00:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\java
2015-05-19 00:42 - 2015-05-19 00:42 - 00000973 _____ () C:\Users\Public\Desktop\Minecraft.lnk
2015-05-19 00:41 - 2015-05-19 00:41 - 02314240 _____ () C:\Users\user\Downloads\MinecraftInstaller.msi
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-29 06:49 - 2013-11-26 14:29 - 01966152 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-29 06:48 - 2014-05-04 17:01 - 00000000 ____D () C:\FRST
2015-05-29 06:47 - 2012-12-15 15:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2015-05-29 06:45 - 2012-12-08 21:11 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1375052093-4268391962-1033398323-1001
2015-05-29 06:44 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-29 06:40 - 2013-05-30 17:33 - 00000000 ____D () C:\Users\user\AppData\Local\LogMeIn Hamachi
2015-05-29 06:39 - 2013-09-30 04:03 - 00341126 _____ () C:\WINDOWS\PFRO.log
2015-05-29 06:39 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-29 05:59 - 2014-05-22 19:52 - 00000000 ____D () C:\ProgramData\APN
2015-05-29 05:33 - 2014-05-04 13:43 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-29 05:27 - 2013-08-22 21:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-29 05:20 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-19 01:48 - 2013-12-12 22:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\.minecraft
2015-05-19 01:42 - 2012-12-08 23:56 - 00000000 ____D () C:\ProgramData\TP-LINK
2015-05-19 01:42 - 2012-12-08 21:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-19 00:59 - 2014-06-27 15:50 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-19 00:59 - 2014-06-27 15:50 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-19 00:59 - 2014-06-27 15:50 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-19 00:59 - 2014-05-11 00:31 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-19 00:56 - 2013-11-26 15:30 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F6F87AA2-47CE-4E25-997E-0D75514F58AB}
2015-05-19 00:43 - 2014-04-22 18:37 - 00000000 ____D () C:\Program Files (x86)\Minecraft
2015-05-19 00:42 - 2014-05-07 17:30 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2015-05-19 00:42 - 2014-04-22 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-05-18 20:36 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
 
==================== Files in the root of some directories =======
 
2013-09-10 23:35 - 2013-09-10 23:35 - 0000001 _____ () C:\Users\user\AppData\Roaming\asds.txt
2014-04-13 11:22 - 2014-04-13 11:22 - 0000072 _____ () C:\Users\user\AppData\Roaming\mbam.context.scan
2013-11-18 07:58 - 2013-11-18 07:58 - 0087552 _____ () C:\Users\user\AppData\Roaming\tdd.exe
2013-11-17 22:12 - 2013-11-17 22:12 - 0000001 _____ () C:\Users\user\AppData\Roaming\V1.5.txt
2013-11-18 07:58 - 2013-11-18 07:58 - 0000001 _____ () C:\Users\user\AppData\Roaming\V4.0.txt
2013-11-17 22:12 - 2013-11-17 22:12 - 0086528 _____ () C:\Users\user\AppData\Roaming\wrk.exe
2013-10-04 18:11 - 2013-12-17 14:51 - 0011776 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-08 21:14 - 2012-12-08 21:14 - 0000017 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2013-11-09 12:07 - 2013-11-10 13:56 - 0000915 _____ () C:\Users\user\AppData\Local\_settings.ini
2014-05-25 19:58 - 2014-05-25 19:58 - 0000000 _____ () C:\Users\user\AppData\Local\{C621875F-4F20-4806-9FFC-135DA85D11BE}
 
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\user\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\user\AppData\Local\Temp\speccycpuid.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-18 23:05
 
==================== End of log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by user at 2015-05-29 06:50:06
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1375052093-4268391962-1033398323-500 - Administrator - Disabled)
Guest (S-1-5-21-1375052093-4268391962-1033398323-501 - Limited - Disabled)
user (S-1-5-21-1375052093-4268391962-1033398323-1001 - Administrator - Enabled) => C:\Users\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.19.2 - Mirillis)
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.2.455 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BeamNG-DRIVE-0.3 (remove only) (HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\BeamNG-DRIVE-0.3) (Version:  - )
BeamNG-Techdemo-0.3 (remove only) (HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\BeamNG-Techdemo-0.3) (Version:  - )
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.268 - Blue Coat Systems, Inc.)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Desura: MTBFreeride (HKLM-x32\...\Desura_101674760798240) (Version: Alpha - mtbfdeveloper)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
Euro Truck Simulator 2 - Going East! (HKLM-x32\...\Euro Truck Simulator 2 - Going East!_is1) (Version:  - )
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.1.1 - SCS Software)
Euro Truck Simulator 2 v1.3.1 (HKLM-x32\...\Euro Truck Simulator 2 v1.3.11.3.1) (Version: 1.3.1 - Friends in War)
Euro Truck Simulator 2 v1.7.0 Update incl DLC (HKLM-x32\...\Euro Truck Simulator 2 v1.7.0 Update incl DLC_is1) (Version:  - )
Euro Truck Simulator 2 v1.8.2.5s (DLC Going East) (HKLM-x32\...\Euro Truck Simulator 2 v1.8.2.5s (DLC Going East)1.8.2.5s) (Version: 1.8.2.5s - Friends in War)
Euro Truck Simulator 2 v1.9.22s (Pink Truck Fix)(DLC Going East) (HKLM-x32\...\Euro Truck Simulator 2 v1.9.22s (Pink Truck Fix)(DLC Going East)1.9.22s) (Version: 1.9.22s - Friends in War)
Euro Truck Simulator 2 version 1.9.22s + 3 DLC (HKLM-x32\...\Euro Truck Simulator 2_is1) (Version: 1.9.22s + 3 DLC - )
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0981 - Ezvid, inc.)
Farming Simulator 2013 (HKLM-x32\...\FarmingSimulator2013INT_is1) (Version: 1.0 - GIANTS Software)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Goat Simulator (HKLM-x32\...\Goat Simulator_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Goat Simulator 2014 v1.0.27849 (HKLM-x32\...\Goat Simulator 2014 v1.0.278491.0.27849) (Version: 1.0.27849 - Friends in War)
Google Chrome (HKLM-x32\...\{E86E510B-CBAD-354D-841B-853E23EF038A}) (Version: 64.240.49198 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
LEGO MINDSTORMS EV3 (HKLM-x32\...\LEGO_SW.{5B0CB826-E499-4E6B-94F0-75B6327ED934}) (Version: 1.0.0 - The LEGO Group)
LEGO MINDSTORMS EV3 Home Content (x32 Version: 1.0.259 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Home Edition (x32 Version: 1.0.346 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Home English Support (x32 Version: 1.0.229 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Uninstaller (x32 Version: 1.0.11 - The LEGO Group) Hidden
LEGO MINDSTORMS NXT x64 Driver (HKLM\...\{A0831C28-A6FA-49A3-86AE-B5AE3C9EE19C}) (Version: 1.20.115.0 - LEGO)
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.214 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.214 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1651.0) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft version 1.7.9 (HKLM-x32\...\{FB5EDA20-9E19-4C9B-876C-65F7E8229F8B}_is1) (Version: 1.7.9 - P2P)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Need For Speed Most Wanted version 1.3 (HKLM-x32\...\{4B65137F-9AB3-45DC-BFBC-93B3659CF840}_is1) (Version: 1.3 - SandBox Repacks)
NI .NET Framework 4 (x32 Version: 4.00.49152 - National Instruments) Hidden
NI EulaDepot (x32 Version: 3.11.190 - National Instruments) Hidden
NI MDF Support (x32 Version: 3.11.190 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden
NI Uninstaller (x32 Version: 3.11.190 - National Instruments) Hidden
NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.10.297 - Electronic Arts, Inc.)
PAYDAY 2 Demo (HKLM-x32\...\Steam App 251040) (Version:  - OVERKILL - a Starbreeze Studio.)
PileFile reminder (HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\{56837588-F559-40CF-91D9-D439D405FB28}) (Version:  - LADY'S WOOD 2013 LIMITED) <==== ATTENTION
Portal 2 (HKLM-x32\...\Postal 2_is1) (Version:  - )
Prompt Downloader (HKLM-x32\...\Prompt Downloader) (Version:  - )
RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
RIDGE RACER™ Driftopia (HKLM-x32\...\Steam App 226410) (Version:  - BUGBEAR)
ROBLOX Player for user (HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
RollerCoaster Tycoon 3 Demo (HKLM-x32\...\{990036E7-D647-45A4-8F7F-1CB277EF0ABD}) (Version: 1.00.000 - )
Shopping Helper Smartbar (HKLM-x32\...\{E3CE881D-94D9-435A-9DEA-EBB5390BC2CC}) (Version: 10.196.63.14120 - ReSoft Ltd.) <==== ATTENTION
Shopping Helper Smartbar Engine (HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\{e451cd0b-5948-419b-bc4d-f65265a1461d}) (Version: 10.196.63.14120 - ReSoft Ltd.) <==== ATTENTION
Soldier Front 2 (HKLM-x32\...\Steam App 239660) (Version:  - Dragonfly)
Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version:  - Valve)
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
SpinTires Tech Demo (June 040613) (HKLM-x32\...\{9AF7D6F5-50A5-432C-9F7B-83BCE03B11A0}) (Version: 1.3 - Oovee)
Spotify (HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tactical Intervention (HKLM-x32\...\Steam App 51100) (Version:  - FIX Korea)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Test Drive Unlimited 2 (HKLM-x32\...\Test Drive Unlimited 2_is1) (Version:  - Atari)
TP-LINK TL-WN881ND Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Trials Fusion (HKLM-x32\...\Trials Fusion_is1) (Version:  - )
Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version:  - Hi-Rez Studios)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1375052093-4268391962-1033398323-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
 
==================== Restore Points =========================
 
30-06-2014 14:59:10 Windows Update
19-05-2015 00:41:35 Installed Minecraft
29-05-2015 05:20:45 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {073E2B9B-848C-4811-8635-706BE4A87F2D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {5265E97E-07F8-48D7-8CEA-6F98C61EC45C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {8ACF9D33-1AAC-4F34-858C-28AB2EB62094} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {9D3C3E7F-AA25-439F-962C-99EBF3520C1A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {AB6AC8A2-3BAF-4531-9124-226901609DBF} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {C2A668A7-6A7A-4ACD-BB76-99D8B01A0423} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-19] (Google Inc.)
Task: {C5633CCA-FDD4-4F6C-8DF4-85F76C74791B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-19] (Google Inc.)
Task: {DC0AD4C1-DAB7-4A77-A015-2D8B1A4426B9} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {DC48DDD1-2A8C-4552-B195-73D671519CE7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-06-30] (Microsoft Corporation)
Task: {ED8CF134-E65B-4846-990F-2C1C60A7EAB5} - System32\Tasks\{41C27BF2-FAFA-4283-B392-B9D095FA5E52} => pcalua.exe -a C:\Users\user\Downloads\setup.exe -d C:\Users\user\Downloads
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-12-06 16:06 - 2013-12-06 16:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 05:59 - 2013-07-26 05:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-12-06 16:06 - 2013-12-06 16:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-12-08 21:02 - 2009-03-30 14:32 - 00032768 ____R () C:\Windows\DAODx.exe
2015-05-19 01:42 - 2013-04-09 11:05 - 00846848 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-05-19 01:42 - 2013-01-22 14:40 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2015-05-19 01:42 - 2013-04-02 13:41 - 00193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2015-05-19 01:42 - 2013-05-07 11:16 - 00138752 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF.dll
2015-05-19 01:42 - 2013-05-07 11:16 - 00115712 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJWF\WJWF_WPS_WIN7.DLL
2014-06-13 13:40 - 2014-06-05 21:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-13 13:40 - 2014-06-05 21:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-13 13:40 - 2014-06-05 21:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-13 13:40 - 2014-06-05 21:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-13 13:40 - 2014-06-05 21:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44327231.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44327231.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\Pictures\2013-12-28_23.00.43 (2).png
DNS Servers: 192.168.43.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\StartupApproved\Run: => "Desura"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1E3C7AF3-65BF-4A9F-8DE8-BC438539E11C}] => (Allow) D:\Program Files\steamapps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_46358301.exe
FirewallRules: [{7FF86E2D-F34A-4D30-A288-4E5B6552CB15}] => (Allow) D:\Program Files\steamapps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_46358301.exe
FirewallRules: [{1FC0E159-B5D7-4E55-83DD-2687CA86DE85}] => (Allow) D:\Program Files\steamapps\common\Tribes\Binaries\Win32\HirezBridge.exe
FirewallRules: [{0E8AB6DC-D880-4184-9DE0-C754D1FED3D6}] => (Allow) D:\Program Files\steamapps\common\Tribes\Binaries\Win32\HirezBridge.exe
FirewallRules: [{CF14F1C4-D6E1-4946-8641-702FAE5DE842}] => (Block) D:\program files\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [{3B9E835A-545D-4D10-A598-78E922CD6C56}] => (Block) D:\program files\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [uDP Query User{BA280FEA-B409-4895-93D6-D8E453590CE9}D:\program files\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\program files\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [TCP Query User{08AA894A-F6A7-41EC-8293-7AC267860B5E}D:\program files\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) D:\program files\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [{02009A3A-B7E6-4E0E-AD1D-A0059904F6CC}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{168083F7-3502-4DC9-AFA8-A424277B71C4}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2A3A61C8-A76B-42A7-B0BF-71FCC6C9C31C}] => (Allow) D:\Program Files\steamapps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_f9f6997e.exe
FirewallRules: [{E725DA10-851C-44A9-A952-71B91EDAE0DA}] => (Allow) D:\Program Files\steamapps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_f9f6997e.exe
FirewallRules: [{081A1C63-A368-4DC0-8798-7588A1FA5142}] => (Allow) D:\Program Files\steamapps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_c55e077c.exe
FirewallRules: [{7B949E91-5122-4308-A913-4A2C374A0346}] => (Allow) D:\Program Files\steamapps\common\RIDGE RACER Driftopia\RIDGE RACER Driftopia_c55e077c.exe
FirewallRules: [TCP Query User{F468232A-782C-4386-AF14-03CFA72EB0FB}D:\Program Files\Lego Mindstorms\MindstormsEV3.exe] => (Allow) D:\Program Files\Lego Mindstorms\MindstormsEV3.exe
FirewallRules: [uDP Query User{68E46633-8DC3-499C-A590-8A85F5FE92AD}D:\Program Files\Lego Mindstorms\MindstormsEV3.exe] => (Allow) D:\Program Files\Lego Mindstorms\MindstormsEV3.exe
FirewallRules: [{C79B1E80-363E-41C5-9538-3E49164CB65B}] => (Block) C:\users\user\downloads\teamspeak3-server_win32-3.0.8\teamspeak3-server_win32\ts3server_win32.exe
FirewallRules: [{D00E8359-597B-4ECC-AA16-EDB3DFA042E6}] => (Block) C:\users\user\downloads\teamspeak3-server_win32-3.0.8\teamspeak3-server_win32\ts3server_win32.exe
FirewallRules: [uDP Query User{66097882-2892-4F29-9C2C-01F212D11224}C:\users\user\downloads\teamspeak3-server_win32-3.0.8\teamspeak3-server_win32\ts3server_win32.exe] => (Allow) C:\users\user\downloads\teamspeak3-server_win32-3.0.8\teamspeak3-server_win32\ts3server_win32.exe
FirewallRules: [TCP Query User{760DB34F-E5EE-4A41-89B4-6A873224B08E}C:\users\user\downloads\teamspeak3-server_win32-3.0.8\teamspeak3-server_win32\ts3server_win32.exe] => (Allow) C:\users\user\downloads\teamspeak3-server_win32-3.0.8\teamspeak3-server_win32\ts3server_win32.exe
FirewallRules: [{6054DD04-08D5-433F-987B-FD839CAB84AD}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{11E620C5-8121-4FBD-BCDC-5E76234277B5}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A63716F6-2167-4CEB-862D-803D3E8074B5}] => (Allow) D:\Program Files\steamapps\common\raceroom racing experience\Game\Game.exe
FirewallRules: [{0B49BC28-781A-43B6-9546-39A8C1C16269}] => (Allow) D:\Program Files\steamapps\common\raceroom racing experience\Game\Game.exe
FirewallRules: [{E5179318-7820-43FA-BD75-FA896471F406}] => (Allow) LPort=26675
FirewallRules: [{9A9E58E1-3E8D-4C1D-902D-05857E9F2B92}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{45C3A5A0-2DC7-41A2-9D10-A02BCF9FE295}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{0405ED83-B952-44B6-AE35-0F7124D2A0F8}] => (Allow) LPort=1900
FirewallRules: [{BA568B17-BC68-40DA-A44E-DE96BEF762B1}] => (Allow) LPort=2869
FirewallRules: [{B4FBDBF5-2AFE-4F69-AAD9-E391C722E2C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [uDP Query User{C71F9437-3377-498D-AA9B-3AC88821587B}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{3DCBA8B6-5F11-4BBD-82EB-19F7AA5639C4}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{74B9F59F-3713-40ED-BA23-E82814A674C8}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{DC0AB3EF-BAE9-49C6-AEEB-02579EE279C2}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [uDP Query User{BF399073-CBE8-475D-8A63-C69F74F1B483}C:\users\user\desktop\uplauncher.exe] => (Block) C:\users\user\desktop\uplauncher.exe
FirewallRules: [TCP Query User{2104E453-C5BE-461A-B7DE-9F6363C8E489}C:\users\user\desktop\uplauncher.exe] => (Block) C:\users\user\desktop\uplauncher.exe
FirewallRules: [uDP Query User{D50CD0FA-181D-450A-9942-101F8E80EC45}D:\program files\atari\tdu2\uplauncher.exe] => (Allow) D:\program files\atari\tdu2\uplauncher.exe
FirewallRules: [TCP Query User{C2AECDC3-7BF1-4168-BA96-904291F6E3D5}D:\program files\atari\tdu2\uplauncher.exe] => (Allow) D:\program files\atari\tdu2\uplauncher.exe
FirewallRules: [uDP Query User{5951E80D-2064-4611-AFCD-2D170D9E660E}D:\program files\atari\tdu2\downloadcache\20120921080914\uplauncher.exe] => (Block) D:\program files\atari\tdu2\downloadcache\20120921080914\uplauncher.exe
FirewallRules: [TCP Query User{6DC336B3-E67D-4F2D-B0E9-9859CFD8DEE1}D:\program files\atari\tdu2\downloadcache\20120921080914\uplauncher.exe] => (Block) D:\program files\atari\tdu2\downloadcache\20120921080914\uplauncher.exe
FirewallRules: [uDP Query User{587DD3DD-1908-4B48-BE86-0A2B21B4DC20}D:\program files\atari\tdu2\_uplauncher.exe] => (Block) D:\program files\atari\tdu2\_uplauncher.exe
FirewallRules: [TCP Query User{0B32D214-2DBB-4C76-850D-E9AED4E59BCC}D:\program files\atari\tdu2\_uplauncher.exe] => (Block) D:\program files\atari\tdu2\_uplauncher.exe
FirewallRules: [uDP Query User{0FB115D3-23E0-4A3D-BBCC-26AA626E705C}D:\program files\atari\tdu2\testdrive2.exe] => (Allow) D:\program files\atari\tdu2\testdrive2.exe
FirewallRules: [TCP Query User{A619DDDE-662E-482A-9D61-E58F54B0DECE}D:\program files\atari\tdu2\testdrive2.exe] => (Allow) D:\program files\atari\tdu2\testdrive2.exe
FirewallRules: [uDP Query User{9743B154-86BE-4E03-916A-9ACD40CEEAA0}D:\program files\atari\tdu2\uplauncher.exe] => (Block) D:\program files\atari\tdu2\uplauncher.exe
FirewallRules: [TCP Query User{52CCA8EA-5B75-4372-98A4-12B26151E905}D:\program files\atari\tdu2\uplauncher.exe] => (Block) D:\program files\atari\tdu2\uplauncher.exe
FirewallRules: [uDP Query User{865DF156-B2D9-46BD-BD31-7845649553E5}D:\program files\steamapps\azmeir03\team fortress 2\hl2.exe] => (Allow) D:\program files\steamapps\azmeir03\team fortress 2\hl2.exe
FirewallRules: [TCP Query User{34BCEBE7-EF39-41D9-9C0F-AAFCCF2DAE17}D:\program files\steamapps\azmeir03\team fortress 2\hl2.exe] => (Allow) D:\program files\steamapps\azmeir03\team fortress 2\hl2.exe
FirewallRules: [uDP Query User{3676A772-6DA6-4E0D-947F-6D894EEC5AE7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{562FA853-FC61-4DED-9BD2-AD0F49B974BA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{1C1129A0-0E33-4ABA-AD28-F8F5982BCAE7}] => (Allow) D:\Program Files\Steam.exe
FirewallRules: [{C57618BE-156D-497D-A55F-7973D768E008}] => (Allow) D:\Program Files\Steam.exe
FirewallRules: [TCP Query User{EF2CFC04-58B9-4E6F-9B41-774E95465815}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [uDP Query User{A2656CFC-576C-43D1-9696-BB7736FB2F25}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{EC7303F6-927B-4679-8B8E-C8D7EB0EAC80}] => (Allow) C:\Program Files (x86)\Cracked Steam\steam.exe
FirewallRules: [{9095D935-7291-4074-8026-4FE434FE78FB}] => (Allow) C:\Program Files (x86)\Cracked Steam\steam.exe
FirewallRules: [TCP Query User{D1CEABE3-E1CE-4992-AA74-2B3A3B62553A}D:\program files\steam.exe] => (Allow) D:\program files\steam.exe
FirewallRules: [uDP Query User{8E208AAA-B0ED-4093-8997-E6E2E4CE16EB}D:\program files\steam.exe] => (Allow) D:\program files\steam.exe
FirewallRules: [{3EA12052-EEC8-495F-B562-20675C7C91F5}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E70C8879-010D-4927-A66B-41D6F4E321A7}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{143744F6-E92C-4182-A0C2-22E33A1FB6A8}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{5F071589-0865-463A-9F96-9CA05DE1DDD2}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{D716AE26-F60D-48DA-882F-E7E55D91C9ED}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{8DF22B6B-6904-42EE-AE30-5BE9081D891C}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{0B46AD3B-ACE3-404D-A88E-C6B8A2123E42}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{EFCB6CF7-8F3B-4B13-BB4F-E1AC7710EBAD}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{13FDB23B-DCB2-4489-B1B3-A85CAA401E3A}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{8C28215F-E165-4E70-8E99-D9A710F9684D}] => (Allow) D:\Program Files\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{884B4848-7478-48D8-8678-A537B328121E}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{AEFF887F-F789-48BB-AF94-D2C1A8BCE310}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{AE24A916-BAAE-42DF-8E3E-33CDCF659E6B}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{4CDC6FF5-1CF2-4584-BC48-D76D62CE5E9A}] => (Allow) D:\Program Files\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{375A9B80-9239-4CD1-A9D7-80E05E965E2A}] => (Allow) D:\Program Files\steamapps\common\SoldierFront2\DFUBG.exe
FirewallRules: [{61A9BA56-E1E7-49A4-AB1F-F71BC21CE8FE}] => (Allow) D:\Program Files\steamapps\common\SoldierFront2\DFUBG.exe
FirewallRules: [{1AC09AAC-FF5B-4D91-B524-A63756F8F4A6}] => (Allow) D:\Program Files (x86)\Farming Simulator 2013\FarmingSimulator2013.exe
FirewallRules: [{9BA7AAE7-0685-4D46-8DCE-D272D48A620E}] => (Allow) D:\Program Files (x86)\Farming Simulator 2013\FarmingSimulator2013.exe
FirewallRules: [{1D633722-A241-481B-BBAD-844120A65FC3}] => (Allow) D:\Program Files (x86)\Farming Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{6AAF0F69-58D5-4A2D-A90A-85107230CA0F}] => (Allow) D:\Program Files (x86)\Farming Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [TCP Query User{5DFC2585-1803-4E6F-813A-010CB5F9A2AF}C:\users\user\desktop\crashtastic v0.4.1\iws.exe] => (Allow) C:\users\user\desktop\crashtastic v0.4.1\iws.exe
FirewallRules: [uDP Query User{39E4267C-D6A8-4908-8FE0-904D9FDD4F1B}C:\users\user\desktop\crashtastic v0.4.1\iws.exe] => (Allow) C:\users\user\desktop\crashtastic v0.4.1\iws.exe
FirewallRules: [TCP Query User{2CE41157-C655-4A5B-B112-33DB14BB7DCE}C:\users\user\appdata\local\temp\rar$exa0.668\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.668\7daystodie-alpha pre-cracked 64bit\7daystodie.exe
FirewallRules: [uDP Query User{BA1AA273-A777-4CB0-BAD4-3375D877B52C}C:\users\user\appdata\local\temp\rar$exa0.668\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.668\7daystodie-alpha pre-cracked 64bit\7daystodie.exe
FirewallRules: [{08CA2B1E-C13C-4608-94F6-998853B03E6C}] => (Allow) D:\Program Files\steamapps\common\SoldierFront2\Binaries\Win32\sf2.exe
FirewallRules: [{5A4FABAB-9AC9-4E1F-B44D-6435E9274C0C}] => (Allow) D:\Program Files\steamapps\common\SoldierFront2\Binaries\Win32\sf2.exe
FirewallRules: [{10F9B284-FD91-40C9-B025-55C51E732029}] => (Allow) D:\Program Files\steamapps\common\PAYDAY 2 Demo\payday2_win32_release.exe
FirewallRules: [{B8C38507-A8C7-4221-9522-4A1CAD08B04A}] => (Allow) D:\Program Files\steamapps\common\PAYDAY 2 Demo\payday2_win32_release.exe
FirewallRules: [TCP Query User{733DA32E-1D80-4952-91C4-C4EAD506318A}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [uDP Query User{5375E89B-465B-4F05-A1F3-66CCACE4FB03}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [TCP Query User{F544596E-4136-4291-93A0-00F2FE211E5F}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [uDP Query User{FCB4937B-AF58-4547-8250-6E4AD0266907}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [TCP Query User{922682AF-63CB-4951-9275-D00193785615}C:\program files (x86)\r.g. mechanics\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Block) C:\program files (x86)\r.g. mechanics\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [uDP Query User{D699B964-7E01-4C22-824E-72B9445AE4C6}C:\program files (x86)\r.g. mechanics\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Block) C:\program files (x86)\r.g. mechanics\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [TCP Query User{E56BF15D-3FFF-4B88-AB90-EE8425EB2D86}C:\users\user\appdata\local\temp\rar$exa0.391\crashtastic v0.4.1\iws.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.391\crashtastic v0.4.1\iws.exe
FirewallRules: [uDP Query User{980ECAAA-7373-489C-93E8-E31ACF4CA03D}C:\users\user\appdata\local\temp\rar$exa0.391\crashtastic v0.4.1\iws.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.391\crashtastic v0.4.1\iws.exe
FirewallRules: [TCP Query User{53F512B5-644B-43A1-AD6B-1AD4037D5128}C:\program files (x86)\prompt downloader\promptdownloader.exe] => (Allow) C:\program files (x86)\prompt downloader\promptdownloader.exe
FirewallRules: [uDP Query User{D16EBBEA-6F80-4E60-BB6F-C090227CAB46}C:\program files (x86)\prompt downloader\promptdownloader.exe] => (Allow) C:\program files (x86)\prompt downloader\promptdownloader.exe
FirewallRules: [{5CC16690-0C72-40C5-975C-159692CC8CDB}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [{007F339C-FC2C-4ADF-861D-3C4E9E387B21}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe
FirewallRules: [TCP Query User{A43343C2-A23F-45B7-9628-14C00B67FBF7}C:\users\user\appdata\local\temp\rar$exa0.956\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.956\7daystodie-alpha pre-cracked 64bit\7daystodie.exe
FirewallRules: [uDP Query User{A93A8565-447C-4094-925E-D7CD90734BD3}C:\users\user\appdata\local\temp\rar$exa0.956\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.956\7daystodie-alpha pre-cracked 64bit\7daystodie.exe
FirewallRules: [TCP Query User{E8B2EDB3-8DE4-4BC2-94ED-77C9D0E9AEC3}C:\users\user\appdata\local\temp\rar$exa0.844\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.844\7daystodie-alpha pre-cracked 64bit\7daystodie.exe
FirewallRules: [uDP Query User{E9880A37-B85F-4C4B-8DA4-522F70ADACFD}C:\users\user\appdata\local\temp\rar$exa0.844\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.844\7daystodie-alpha pre-cracked 64bit\7daystodie.exe
FirewallRules: [TCP Query User{E0AD350C-EC53-434B-B553-D927F4AA4B42}C:\users\user\appdata\local\temp\rar$exa0.731\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.731\7daystodie-alpha pre-cracked 64bit\7daystodie.exe
FirewallRules: [uDP Query User{4A76BDC1-619E-48BE-A159-48A6221E5D4D}C:\users\user\appdata\local\temp\rar$exa0.731\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.731\7daystodie-alpha pre-cracked 64bit\7daystodie.exe
FirewallRules: [TCP Query User{5493A4BA-134F-4442-85E2-CF0B13B48B74}C:\users\user\appdata\local\temp\rar$exa0.113\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.113\7daystodie-alpha pre-cracked 64bit\7daystodie.exe
FirewallRules: [uDP Query User{ECEB1586-D44D-4364-8809-69C8959EACA9}C:\users\user\appdata\local\temp\rar$exa0.113\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.113\7daystodie-alpha pre-cracked 64bit\7daystodie.exe
FirewallRules: [TCP Query User{E8548C27-87B6-4017-B7DC-0A2C7A30BDCB}C:\users\user\appdata\local\temp\rar$exa0.899\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.899\7daystodie-alpha pre-cracked 64bit\7daystodie.exe
FirewallRules: [uDP Query User{B1C5E174-1C60-4AFA-8663-4DC002D65CDB}C:\users\user\appdata\local\temp\rar$exa0.899\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.899\7daystodie-alpha pre-cracked 64bit\7daystodie.exe
FirewallRules: [TCP Query User{0E1512AF-AB99-4099-9222-A04768F518CD}C:\users\user\appdata\local\temp\rar$exa0.605\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.605\7daystodie-alpha pre-cracked 64bit\7daystodie.exe
FirewallRules: [uDP Query User{A287784B-514A-4932-B769-E0A0ED154A21}C:\users\user\appdata\local\temp\rar$exa0.605\7daystodie-alpha pre-cracked 64bit\7daystodie.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.605\7daystodie-alpha pre-cracked 64bit\7daystodie.exe
FirewallRules: [TCP Query User{16498674-0305-4C71-87CD-1E7C47F41B2B}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{379B634E-010D-405E-B5AC-17ABA48F3456}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AA875F1D-FC9D-4477-A16F-2215E07CC60B}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{A5A94404-0DE4-4BDB-9F1A-9A3ECA83BB4A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{545EE3D3-AAA2-4CDE-BAF0-DECFA7542E54}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{50A43744-5DA9-429F-92DA-92680373D85B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{1781652B-5FD4-416B-A6B9-8F6B24A0D2DB}] => (Allow) D:\Program Files\steamapps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [{397E5244-DB5B-4A92-907B-19E8A7CFCDF0}] => (Allow) D:\Program Files\steamapps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [{C80295C5-6C4A-41FF-B038-D25A0697C1D2}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{2890AA4B-6227-4F66-A976-B28A8358605E}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{26CD9514-F1CA-4FEF-AB7B-7EF5855A7DFB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [uDP Query User{1ABEFE11-2408-48F6-82C5-5B57A17FCCA7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{7CC45A8E-5A00-4D22-8B46-6062DD17BE07}] => (Allow) D:\Program Files\bin\steamwebhelper.exe
FirewallRules: [{78F7C78D-C13D-45F3-8104-A964471192D8}] => (Allow) D:\Program Files\bin\steamwebhelper.exe
StandardProfile\AuthorizedApplications: [C:\Users\user\AppData\Local\Temp\T3Q0VJMZY1.exe] => Enabled:Windows Messanger
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe] => Enabled:Windows Messanger
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/29/2015 06:46:49 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (05/29/2015 05:20:42 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: admin)
Description: There was an error communicating to the Orion inference server
 
Error: (05/29/2015 05:20:30 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: There was an error communicating to the Orion inference server
 
Error: (05/19/2015 02:40:28 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: admin)
Description: There was an error communicating to the Orion inference server
 
Error: (05/19/2015 02:40:16 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: There was an error communicating to the Orion inference server
 
Error: (05/19/2015 02:40:00 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (05/19/2015 02:26:17 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)
Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Google Chrome
 
Error: (05/19/2015 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)
Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Google Chrome
 
Error: (05/19/2015 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)
Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Google Chrome
 
Error: (05/19/2015 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)
Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Google Chrome
 
 
System errors:
=============
Error: (05/29/2015 06:39:09 AM) (Source: DCOM) (EventID: 10005) (User: admin)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (05/29/2015 06:39:09 AM) (Source: DCOM) (EventID: 10005) (User: admin)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (05/29/2015 06:37:10 AM) (Source: DCOM) (EventID: 10005) (User: admin)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
Microsoft Office:
=========================
Error: (05/29/2015 06:46:49 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
 
Error: (05/29/2015 05:20:42 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: admin)
Description: -2143485936
 
Error: (05/29/2015 05:20:30 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: -2143485936
 
Error: (05/19/2015 02:40:28 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: admin)
Description: -2143485936
 
Error: (05/19/2015 02:40:16 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: -2143485936
 
Error: (05/19/2015 02:40:00 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
 
Error: (05/19/2015 02:26:17 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)
Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (05/19/2015 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)
Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (05/19/2015 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)
Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (05/19/2015 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: admin)
Description: Product: MediaCaster by Ask -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Google Chrome (NULL)(NULL)(NULL)(NULL)(NULL)
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-05-18 23:20:50.669
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-18 23:20:50.534
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-18 23:20:50.358
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-18 23:20:50.200
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-18 23:20:50.005
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-18 23:20:49.869
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-18 23:20:49.691
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-18 23:20:49.543
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-18 23:20:49.364
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-18 23:20:49.226
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX-4170 Quad-Core Processor 
Percentage of memory in use: 49%
Total physical RAM: 3998.93 MB
Available physical RAM: 2011.66 MB
Total Pagefile: 4830.93 MB
Available Pagefile: 2662.89 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.31 GB) (Free:24.69 GB) NTFS
Drive d: () (Fixed) (Total:368.1 GB) (Free:222.5 GB) NTFS
Drive e: (CD218A1) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 79C9A4F0)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)
 
==================== End of log ============================
Link to post
Share on other sites

Hello Azlan! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following programs:

PileFile reminder

Prompt Downloader

Shopping Helper Smartbar

Shopping Helper Smartbar Engine

Step 2

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 3

Please launch Malwarebytes Anti-Malware, update it and perform a threat scan. Post your log file.

In your next reply, post the following log files:

  • FRST log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Step 1

 

Prompt Downloader - Uninstalled!

 

PileFile reminder - Having error uninstalling this, when I log in to an administrator account, it doesnt show up in the program list

 

M5P7mPS.png

 

Shopping Helper Smartbar
Shopping Helper Smartbar Engine  - 
Also having trouble uninstalling this one

 

UKhdJ4h.png

 

Step 2

 

I dont see any attached fixlist.txt file in your post

 

Step 3

 

I did my scan in safe mode because this computer would die by itself in normal mode without any symptoms, it just shuts off..

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 30/05/2015
Scan Time: 14:32:15
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.29.07
Rootkit Database: v2015.05.24.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: user
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 467255
Time Elapsed: 26 min, 8 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

  • 2 weeks later...
Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015

Ran by user at 2015-06-12 19:14:41 Run:6

Running from C:\Users\user\Desktop

Loaded Profiles: user (Available Profiles: user & Administrator)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

start

CloseProcesses:

FirewallRules: [{02009A3A-B7E6-4E0E-AD1D-A0059904F6CC}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{168083F7-3502-4DC9-AFA8-A424277B71C4}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{5CC16690-0C72-40C5-975C-159692CC8CDB}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe

FirewallRules: [{007F339C-FC2C-4ADF-861D-3C4E9E387B21}] => (Allow) C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\dtuser.exe

StandardProfile\AuthorizedApplications: [C:\Users\user\AppData\Local\Temp\T3Q0VJMZY1.exe] => Enabled:Windows Messanger

StandardProfile\AuthorizedApplications: [C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe] => Enabled:Windows Messanger

HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\...\MountPoints2: {a321c301-5660-11e3-824f-806e6f6e6963} - "E:\Autorun.exe" 

2015-05-29 06:47 - 2012-12-15 15:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent

2013-11-18 07:58 - 2013-11-18 07:58 - 0087552 _____ () C:\Users\user\AppData\Roaming\tdd.exe

2013-11-17 22:12 - 2013-11-17 22:12 - 0086528 _____ () C:\Users\user\AppData\Roaming\wrk.exe

C:\Users\user\AppData\Local\Temp\T3Q0VJMZY1.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

C:\Program Files (x86)\Music Toolbar

EmptyTemp:

Reboot:

end

*****************

 

Processes closed successfully.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02009A3A-B7E6-4E0E-AD1D-A0059904F6CC} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{168083F7-3502-4DC9-AFA8-A424277B71C4} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5CC16690-0C72-40C5-975C-159692CC8CDB} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{007F339C-FC2C-4ADF-861D-3C4E9E387B21} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\user\AppData\Local\Temp\T3Q0VJMZY1.exe => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe => value removed successfully

"HKU\S-1-5-21-1375052093-4268391962-1033398323-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a321c301-5660-11e3-824f-806e6f6e6963}" => key removed successfully

HKCR\CLSID\{a321c301-5660-11e3-824f-806e6f6e6963} => key not found. 

C:\Users\user\AppData\Roaming\uTorrent => moved successfully.

C:\Users\user\AppData\Roaming\tdd.exe => moved successfully.

C:\Users\user\AppData\Roaming\wrk.exe => moved successfully.

"C:\Users\user\AppData\Local\Temp\T3Q0VJMZY1.exe" => File/Folder not found.

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe => moved successfully.

"C:\Program Files (x86)\Music Toolbar" => File/Folder not found.

EmptyTemp: => 2.3 GB temporary data Removed.

 

 

The system needed a reboot.. 

 

==== End of Fixlog 19:16:23 ====

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 3

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • In your next reply, post the following log files:
    • Junkware Removal Tool log
    • AdwCleaner log
    • ESET Online Scanner log
Link to post
Share on other sites

Step 1

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.1 (06.08.2015:1)
OS: Windows 8.1 x64
Ran by user on 12/06/2015 at 22:27:25.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Surftastic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Surftastic
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\apn
Successfully deleted: [Folder] C:\Users\user\appdata\local\crashrpt
Successfully deleted: [Folder] C:\ProgramData\5e3feb92df310a18
Successfully deleted: [Folder] C:\ProgramData\DownSave [bHO.Multiplug]
 
 
 
~~~ Chrome
 
 
[C:\Users\user\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\user\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\user\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\user\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/06/2015 at 22:29:25.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 
 
Step 2
 
 
# AdwCleaner v4.206 - Logfile created 12/06/2015 at 22:33:28
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [server]
# Operating system : Windows 8.1  (x64)
# Username : user - ADMIN
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\users\user\AppData\Local\VNT
Folder Deleted : C:\users\user\AppData\Local\Prompt Downloader
Folder Deleted : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prompt Downloader
Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cflheckfmhopnialghigdlggahiomebp
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\WS.Booster
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E3CE881D-94D9-435A-9DEA-EBB5390BC2CC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v43.0.2357.124
 
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_4605&co=MY&userid=dd3fc977-3a30-76d0-0440-f3e0a5387a25&searchtype=ds&q={searchTerms}&installDate=05/02/2014
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms}
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=113&systemid=102&v=n12281-314&apn_uid=7044352060304711&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms}
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?tpid=BTR-V7&o=APN11584&l=dis&pf=V7&p2=%5EBJ2%5EYYYYYY%5EYY%5EMY&gct=&itbv=12.11.0.5199&doi=2014-05-22&apn_uid=D9B9A5A1-B412-4ABE-9662-EAA1524012A9&apn_ptnrs=%5EBJ2&apn_dtid=%5EYYYYYY%5EYY%5EMY&apn_dbr=cr_34.0.1847.131&psv=&pt=crx&trgb=CR&q={searchTerms}
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : 
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [startup_URLs] : 9B3D2D1BAB8FD01B6F53D99E0F12685B1CDAD602AE30E8ACA70BC3C79FF73E04"},"software_reporter":{"prompt_reason":"72BF1E4E7D76442229A3E1B3E10C04AAA952F7EE065689DD9BE60133D28BFB9D","prompt_seed":"4914DCB3CDE7A6C2DE4454ACD1418C7A146E77566A9C58EA0725FF1B8B84E70B","prompt_version":"6290A5CF12FEE0495CDA02B91E6A431AD8F73E96F2BA38124A0CC443004FBF16"},"sync":{"remaining_rollback_tries":"3CC7F0506707A630BB7E3F1EFF7FC4F19944BDE1CC62A723AE4D54BF925C82FA"}},"super_mac":"2AF7A7978A16ED30DD3730B413627F12D6951F9B781533DE4643BAE39750BA13"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.google.com/","hxxp://www.search.ask.com/?tpid=BTR-V7&o=APN11584&pf=V7&trgb=CR&p2=%5EBJ2%5EYYYYYY%5EYY%5EMY&gct=hp&apn_ptnrs=%5EBJ2&apn_dtid=%5EYYYYYY%5EYY%5EMY&apn_dbr=cr_34.0.1847.131&apn_uid=D9B9A5A1-B412-4ABE-9662-EAA1524012A9&itbv=12.11.0.5199&doi=2014-05-22&psv=&pt=crx
 
-\\ Chromium v
 
 
-\\ Comodo Dragon v
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [9826 bytes] - [07/05/2014 20:58:44]
AdwCleaner[R1].txt - [9334 bytes] - [12/06/2015 22:31:07]
AdwCleaner[s0].txt - [9534 bytes] - [07/05/2014 21:01:37]
AdwCleaner[s1].txt - [4723 bytes] - [12/06/2015 22:33:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [4782  bytes] ##########
 
 
Step 3

 

 

C:\Users\All Users\InstallMate\{00589B44-430B-4164-A38F-0B29DBBBB9B2}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\InstallMate\{4EF49C61-DF86-4257-A0BC-97A49517BE97}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\jZip\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\jZip\Uninstall.exe.vir a variant of Win32/Toolbar.SearchSuite.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgohhalecmoicdpmcfejjpoiinemgnol\7.2\w0xl.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\NativeMessaging\CT3289075\1_0_0_4\TBMessagingHost.exe.vir Win32/Toolbar.Conduit.AH potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\torch\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js.vir JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\VNT\vntldr.exe.vir a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\2nUkPnoMa9E.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\2XSAtKL2SDs.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\3Ce7v2QzBqO.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\51dKyVRA6hY.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\7TSTnjaanVe.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\ACVCq41pXPN.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\FkXx2OPZjRM.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\J9HUMLX7Gp4.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\jmXiYnQmOAB.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\L1m3BafHX3k.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\MgrZ2xlUOU7.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\MIAeqaUXNgD.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\MxfOSZavliv.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\nKc1Bb9ZDV9.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\nyXLdiLGBFI.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\o5r8LSPfITE.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\RJ5NKu9vtxr.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\sHYrPfdZgc2.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\ULjftT8sOkR.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\utt8419.tmp.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\uzDAFEwzxQi.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\XFLSKoGkPGO.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\xJ8V8rOYHKG.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\XzW4JBlIbqj.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\zFxd36i52oS.exe.xBAD multiple threats deleted - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX0\klp10svc.exe.xBAD a variant of Win32/BitCoinMiner.BY potentially unsafe application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX0\klp11svc.exe.xBAD a variant of Win32/BitCoinMiner.BV potentially unsafe application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX0\SystemWhileIdle.exe.xBAD Win32/CoinMiner.QN trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX1\klp10svc.exe.xBAD a variant of Win32/BitCoinMiner.BY potentially unsafe application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX1\klp11svc.exe.xBAD a variant of Win32/BitCoinMiner.BV potentially unsafe application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX1\SystemWhileIdle.exe.xBAD Win32/CoinMiner.QN trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\rarsfx16\klp10svc.exe a variant of Win32/BitCoinMiner.BY potentially unsafe application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\rarsfx16\klp11svc.exe a variant of Win32/BitCoinMiner.BV potentially unsafe application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\rarsfx16\SystemWhileIdle.exe Win32/CoinMiner.QN trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX24\SystemWhileIdle.exe Win32/CoinMiner.QN trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\local\temp\RarSFX25\SystemWhileIdle.exe Win32/CoinMiner.QN trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\Roaming\tdd.exe.xBAD a variant of MSIL/Agent.JU trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\user\AppData\Roaming\wrk.exe.xBAD a variant of MSIL/Agent.JU trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\user\bmmqu\70124.vbs.xBAD VBS/Runner.NBV trojan cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\Minecraft\steam_api.dll a variant of Win32/Packed.VMProtect.ABD trojan cleaned by deleting - quarantined
C:\Program Files (x86)\Minecraft\steam_api64.dll a variant of Win32/Packed.VMProtect.ABD trojan cleaned by deleting - quarantined
C:\Program Files (x86)\Minecraft\Data\DirData.exe a variant of MSIL/HarvBot.H trojan cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{00589B44-430B-4164-A38F-0B29DBBBB9B2}\Custom.dll Win32/InstalleRex.M potentially unwanted application cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{4EF49C61-DF86-4257-A0BC-97A49517BE97}\Custom.dll Win32/InstalleRex.M potentially unwanted application cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpmfcgjjpaapfhpadmgodkaibnebnlnc\3.7\Gu3mY6g.js JS/Kryptik.ATB trojan cleaned by deleting - quarantined
C:\Users\user\AppData\Roaming\Systems Cache\IdleServ.exe a variant of MSIL/HarvBot.H trojan cleaned by deleting - quarantined
C:\Users\user\Downloads\spsetup128.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSI4798.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
 
Link to post
Share on other sites

Glad is fine now. :)

Step 1

  • Please download Delfix.exe by Xplode and save it to your desktop.
  • Please start it and check the box next to "Remove disinfection tools" and click on the Run button.
  • The tool will delete itself once it finishes.
Step 2

Some malware preventions:

https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/

Safe surfing! :)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.