Malware possibly

[tracer05]

Hello forum ,

This is my first post in which i ask for help so if i missed to include something important please let me know.

So here's the deal  i am having some sort of sluggish computer issues, sometimes windows are opening slowly sometimes they freeze for a second or two and so on ...

(mainly because i have low end hardware) but possibly because of malware i think i have.

 

When i was searching for cause of the problem  in task manager (processhacker) i found in Network tab there is goatse.cx in place of some Local addresses like multiple svchost.exe  lsass.exe 

steam.exe also wininit.exe

 

I will post picture of it here : 

 

I should mention that i have scanned with malwarebytes threat scan and for some reason scan finished up really quickly and didn't take two hours to scan all the stuff like it always did anyway program found nothing, so i am asking here someone to help .

 

I want to say Thanks in an advance.

it was really buggy when i pasted both of the logs here so i had to upload them sorry ;'(

 

FRST.txt

Addition.txt

 

[kevinf80]

Hello and welcome,

P2P/Piracy Warning:
 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Please open Malwarebytes Anti-Malware.
 

• On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
• Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• With some infections, you may or may not see this message box.
  
          'Could not load DDA driver'
• Click 'Yes' to this message, to allow the driver to load after a restart.
• Allow the computer to restart. Continue with the rest of these instructions.
• When the scan is complete, click Apply Actions.
• Wait for the prompt to restart the computer to appear, then click on Yes.
• After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:
 

• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click Export > From export you have three options:
  
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
• Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

• Double-click mbam-setup and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish. Follow the instructions above....

Next,

 

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....

Let me see those logs, also giv an update on any remaining issues or concrns...

 

Thanks,

 

Kevin..
 

Next,

 

Fixlist.txt

[tracer05]

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01

Ran by tracer at 2015-07-03 22:08:32 Run:1

Running from C:\Users\tracer\Desktop

Loaded Profiles: tracer (Available Profiles: tracer)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

Start

IFEO\taskmgr.exe: [Debugger] "C:\Program Files\Process Hacker 2\ProcessHacker.exe"

R1 KProcessHacker2; C:\Program Files\Process Hacker 2\kprocesshacker.sys [39576 2013-11-13] (wj32)

Hosts:

CMD: ipconfig /flushdns

Emptytemp:

End

*****************

 

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe" => key removed successfully

KProcessHacker2 => Service stopped successfully.

KProcessHacker2 => Service removed successfully

C:\Windows\System32\Drivers\etc\hosts => moved successfully.

Hosts restored successfully.

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

EmptyTemp: => 1.1 GB temporary data Removed.

 

 

The system needed a reboot.. 

 

==== End of Fixlog 22:09:06 ====

 

Here is  Frst log file and im currently scanning once more with threat scan option , just to note that i already had checked scan for rootkits when i was first scanning and it did find nothing but hey lets see what it gots this time , i will update you when i get it scanned and everything also i was curious why did you delete services for processhacker and completely remove it is it bad or something is there a better software that can let me see everything i have seen on this program ,im asking because that program was doing great for me because it insta spawned it when i open it and not like other programs where i have to wait for them to spawn new processes to gain elevated condition or what ever they were trying to do so i can kill system stuffs that are protected also is exewatch also bad because i find it very useful to see which processes have moved where and when they spawned and all so i can have my log.txt of that is it all bad because i think i got them from source website of the program .

anyway im still waiting for the scan to finish so it may take a while for me to reply because i will be doing other stuff

 

Anyway Thanks for the help

i really do appreciate your time Thanks again 

[tracer05]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/3/2015

Scan Time: 10:14 PM

Logfile: 

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.07.03.07

Rootkit Database: v2015.07.03.01

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: tracer

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 345915

Time Elapsed: 10 min, 48 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.25, June 2015 (build 5.25.11502.0)

Started On Fri Jul 03 22:39:48 2015

 

Engine: 1.1.11701.0

Signatures: 1.199.892.0

 

Results Summary:

----------------

No infection found.

 

nothing as i said

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01

Ran by tracer (administrator) on PC on 03-07-2015 22:45:06

Running from C:\Users\tracer\Desktop

Loaded Profiles: tracer (Available Profiles: tracer)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

() C:\root\exewatch\exewatch.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 

HKU\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

SearchScopes: HKU\S-1-5-21-2367803196-2067336672-868351685-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-04-08] (IObit)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 212.200.191.166 212.200.190.166

Tcpip\..\Interfaces\{232BC10A-7FD4-4AE4-93F2-4BEC89EBB52F}: [DhcpNameServer] 212.200.191.166 212.200.190.166

 

FireFox:

========

FF ProfilePath: C:\Users\tracer\AppData\Roaming\Mozilla\Firefox\Profiles\bu38ycvz.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-23] ()

FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-14] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-23] ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

FF Extension: Ghostery - C:\Users\tracer\AppData\Roaming\Mozilla\Firefox\Profiles\bu38ycvz.default\Extensions\firefox@ghostery.com.xpi [2015-06-04]

FF Extension: AdBlock for YouTube™ - C:\Users\tracer\AppData\Roaming\Mozilla\Firefox\Profiles\bu38ycvz.default\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2015-04-21]

FF Extension: Adblock Plus - C:\Users\tracer\AppData\Roaming\Mozilla\Firefox\Profiles\bu38ycvz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-21]

 

Chrome: 

=======

CHR Profile: C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-08]

CHR Extension: (Google Docs) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-08]

CHR Extension: (Google Drive) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-08]

CHR Extension: (YouTube) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-08]

CHR Extension: (Google Search) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-08]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-08]

CHR Extension: (Google Wallet) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-08]

CHR Extension: (Gmail) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-08]

CHR Profile: C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Docs) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-08]

CHR Extension: (Google Drive) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-08]

CHR Extension: (Please enter your password) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-06-30]

CHR Extension: (YouTube) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-08]

CHR Extension: (Adblock Plus) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-08]

CHR Extension: (Google Search) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-08]

CHR Extension: (Google Sheets) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-08]

CHR Extension: (Google Keep - notes and lists) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-04-08]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-08]

CHR Extension: (Google Wallet) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-08]

CHR Extension: (Gmail) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-08]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-30] (Advanced Micro Devices, Inc.) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-07-02] ()

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-03] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-07-03 22:39 - 2015-05-27 00:04 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-07-03 22:38 - 2015-07-03 22:39 - 52822240 _____ (Microsoft Corporation) C:\Users\tracer\Desktop\Windows-KB890830-x64-V5.25.exe

2015-07-03 21:35 - 2015-07-03 21:35 - 00000000 ____D C:\Users\tracer\Tracing

2015-07-03 18:01 - 2015-07-03 18:02 - 00344949 _____ C:\Users\tracer\Desktop\Addition.txt

2015-07-03 18:00 - 2015-07-03 22:45 - 00009321 _____ C:\Users\tracer\Desktop\FRST.txt

2015-07-03 18:00 - 2015-07-03 22:45 - 00000000 ____D C:\FRST

2015-07-03 17:59 - 2015-07-03 17:59 - 00000967 _____ C:\Users\tracer\Desktop\00.txt

2015-07-03 17:22 - 2015-07-03 17:22 - 02112512 _____ (Farbar) C:\Users\tracer\Desktop\FRST64.exe

2015-07-03 16:44 - 2015-07-03 16:44 - 00018511 _____ C:\Windows\DirectX.log

2015-07-03 16:24 - 2012-08-17 15:31 - 00000103 _____ C:\Users\tracer\Desktop\autoexec.cfg

2015-07-02 13:30 - 2015-07-02 13:30 - 00002427 _____ C:\Users\tracer\Documents\PRMumbleCertificateBackup.p12

2015-07-02 13:30 - 2015-07-02 13:30 - 00000000 ____D C:\Users\tracer\AppData\Roaming\Project Reality

2015-07-02 13:21 - 2015-07-02 15:41 - 00000000 ____D C:\Users\tracer\AppData\Local\Project Reality

2015-07-02 13:20 - 2015-07-02 13:20 - 00000000 ___SH C:\ProgramData\.rdata

2015-07-02 13:16 - 2015-07-02 13:16 - 00291496 _____ C:\Windows\SysWOW64\PnkBstrB.exe

2015-07-02 13:16 - 2015-07-02 13:16 - 00291496 _____ C:\Windows\SysWOW64\PnkBstrB.ex0

2015-07-02 13:16 - 2015-05-23 11:00 - 00912744 _____ C:\Windows\SysWOW64\pbsvc.exe

2015-07-01 16:17 - 2015-07-01 16:17 - 00000000 ____D C:\Users\tracer\Documents\eagle

2015-07-01 16:05 - 2015-07-01 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EAGLE Layout Editor 7.3.0

2015-07-01 16:04 - 2015-07-01 16:05 - 00000000 ____D C:\EAGLE-7.3.0

2015-07-01 16:04 - 2015-07-01 16:04 - 00000000 ____D C:\Users\tracer\AppData\Roaming\CadSoft

2015-07-01 10:34 - 2015-07-01 10:34 - 00000184 _____ C:\Users\tracer\Desktop\root.txt

2015-06-25 16:47 - 2015-06-25 16:47 - 00000222 _____ C:\Users\tracer\Desktop\Insurgency.url

2015-06-23 14:12 - 2015-06-23 14:16 - 00000000 ____D C:\Users\tracer\Desktop\Arduino DUE

2015-06-23 08:40 - 2015-06-23 08:40 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-06-23 08:40 - 2015-06-23 08:40 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-06-23 08:40 - 2015-06-23 08:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-06-23 08:40 - 2015-06-23 08:40 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-06-15 21:55 - 2015-06-15 22:05 - 00000000 ____D C:\Users\tracer\AppData\Local\CSO

2015-06-15 21:55 - 2015-06-15 21:55 - 00000000 ____D C:\ProgramData\Nexon

2015-06-15 07:12 - 2015-06-15 07:12 - 00000187 _____ C:\Users\tracer\Desktop\0.txt

2015-06-13 10:53 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts - Copy

2015-06-13 10:35 - 2015-06-13 10:35 - 00388608 _____ (Trend Micro Inc.) C:\Users\tracer\Desktop\HijackThis.exe

2015-06-07 06:41 - 2015-06-14 21:31 - 00000000 ____D C:\Users\tracer\AppData\Local\Adobe

2015-06-03 21:02 - 2015-06-04 19:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-07-03 22:18 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-07-03 22:18 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-07-03 22:15 - 2015-03-20 20:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-07-03 22:13 - 2015-04-08 18:47 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-07-03 22:11 - 2015-05-29 20:22 - 00004750 _____ C:\Windows\setupact.log

2015-07-03 22:11 - 2015-04-08 18:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-07-03 22:11 - 2015-02-22 21:12 - 00000216 _____ C:\Windows\Tasks\ExeWatch.job

2015-07-03 22:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-07-03 22:10 - 2015-02-22 00:44 - 00000000 ____D C:\Program Files (x86)\Steam

2015-07-03 22:02 - 2015-04-08 18:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-07-03 21:59 - 2015-03-17 16:04 - 00000000 ____D C:\Users\tracer\AppData\Roaming\Skype

2015-07-03 21:35 - 2015-02-22 09:14 - 00000000 ____D C:\Users\tracer

2015-07-03 17:20 - 2015-04-08 18:43 - 00002888 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_tracer

2015-07-03 16:42 - 2015-04-08 18:47 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-07-03 16:42 - 2015-04-08 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-07-03 16:42 - 2015-04-08 18:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-07-02 13:16 - 2015-04-02 14:59 - 00076152 _____ C:\Windows\SysWOW64\PnkBstrA.exe

2015-07-02 13:15 - 2015-04-02 15:01 - 00000000 ____D C:\Users\tracer\AppData\Local\PunkBuster

2015-07-02 10:32 - 2009-07-14 07:08 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-06-29 10:58 - 2015-05-27 13:27 - 00000000 ____D C:\Users\tracer\AppData\Roaming\.minecraft

2015-06-28 10:38 - 2015-02-24 21:42 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner

2015-06-27 17:06 - 2015-02-22 20:48 - 00000000 ____D C:\root

2015-06-24 00:14 - 2015-02-22 09:15 - 01591071 _____ C:\Windows\WindowsUpdate.log

2015-06-23 23:15 - 2015-03-20 20:06 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-06-23 23:15 - 2015-03-20 20:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-06-23 23:15 - 2015-03-20 20:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-06-23 18:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache

2015-06-23 08:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2015-06-22 18:03 - 2015-04-08 18:53 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-06-19 15:23 - 2015-04-19 18:14 - 00000000 ____D C:\Users\Public\Documents\Altium

2015-06-18 08:41 - 2015-04-08 18:47 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-06-18 08:41 - 2015-04-08 18:47 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-06-18 08:41 - 2015-04-08 18:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-06-18 07:59 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI

2015-06-16 10:54 - 2015-02-22 00:34 - 00005536 _____ C:\000.rar

2015-06-16 10:04 - 2015-05-29 20:21 - 00008016 _____ C:\Windows\PFRO.log

2015-06-13 19:11 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy

2015-06-04 19:39 - 2015-04-21 22:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

 

==================== Files in the root of some directories =======

 

2015-02-22 00:47 - 2015-05-24 22:02 - 0007606 _____ () C:\Users\tracer\AppData\Local\Resmon.ResmonCfg

2015-07-02 13:20 - 2015-07-02 13:20 - 0000000 ___SH () C:\ProgramData\.rdata

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-07-03 00:32

 

==================== End of log ============================

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01

Ran by tracer (administrator) on PC on 03-07-2015 22:45:06

Running from C:\Users\tracer\Desktop

Loaded Profiles: tracer (Available Profiles: tracer)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

() C:\root\exewatch\exewatch.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 

HKU\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

SearchScopes: HKU\S-1-5-21-2367803196-2067336672-868351685-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-04-08] (IObit)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-14] (Oracle Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-14] (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 212.200.191.166 212.200.190.166

Tcpip\..\Interfaces\{232BC10A-7FD4-4AE4-93F2-4BEC89EBB52F}: [DhcpNameServer] 212.200.191.166 212.200.190.166

 

FireFox:

========

FF ProfilePath: C:\Users\tracer\AppData\Roaming\Mozilla\Firefox\Profiles\bu38ycvz.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-23] ()

FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-14] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-14] (Oracle Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-23] ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

FF Extension: Ghostery - C:\Users\tracer\AppData\Roaming\Mozilla\Firefox\Profiles\bu38ycvz.default\Extensions\firefox@ghostery.com.xpi [2015-06-04]

FF Extension: AdBlock for YouTube™ - C:\Users\tracer\AppData\Roaming\Mozilla\Firefox\Profiles\bu38ycvz.default\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2015-04-21]

FF Extension: Adblock Plus - C:\Users\tracer\AppData\Roaming\Mozilla\Firefox\Profiles\bu38ycvz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-21]

 

Chrome: 

=======

CHR Profile: C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-08]

CHR Extension: (Google Docs) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-08]

CHR Extension: (Google Drive) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-08]

CHR Extension: (YouTube) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-08]

CHR Extension: (Google Search) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-08]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-08]

CHR Extension: (Google Wallet) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-08]

CHR Extension: (Gmail) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-08]

CHR Profile: C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Docs) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-08]

CHR Extension: (Google Drive) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-08]

CHR Extension: (Please enter your password) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-06-30]

CHR Extension: (YouTube) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-08]

CHR Extension: (Adblock Plus) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-08]

CHR Extension: (Google Search) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-08]

CHR Extension: (Google Sheets) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-08]

CHR Extension: (Google Keep - notes and lists) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-04-08]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-08]

CHR Extension: (Google Wallet) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-08]

CHR Extension: (Gmail) - C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-08]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-30] (Advanced Micro Devices, Inc.) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-07-02] ()

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-03] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-07-03 22:39 - 2015-05-27 00:04 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-07-03 22:38 - 2015-07-03 22:39 - 52822240 _____ (Microsoft Corporation) C:\Users\tracer\Desktop\Windows-KB890830-x64-V5.25.exe

2015-07-03 21:35 - 2015-07-03 21:35 - 00000000 ____D C:\Users\tracer\Tracing

2015-07-03 18:01 - 2015-07-03 18:02 - 00344949 _____ C:\Users\tracer\Desktop\Addition.txt

2015-07-03 18:00 - 2015-07-03 22:45 - 00009321 _____ C:\Users\tracer\Desktop\FRST.txt

2015-07-03 18:00 - 2015-07-03 22:45 - 00000000 ____D C:\FRST

2015-07-03 17:59 - 2015-07-03 17:59 - 00000967 _____ C:\Users\tracer\Desktop\00.txt

2015-07-03 17:22 - 2015-07-03 17:22 - 02112512 _____ (Farbar) C:\Users\tracer\Desktop\FRST64.exe

2015-07-03 16:44 - 2015-07-03 16:44 - 00018511 _____ C:\Windows\DirectX.log

2015-07-03 16:24 - 2012-08-17 15:31 - 00000103 _____ C:\Users\tracer\Desktop\autoexec.cfg

2015-07-02 13:30 - 2015-07-02 13:30 - 00002427 _____ C:\Users\tracer\Documents\PRMumbleCertificateBackup.p12

2015-07-02 13:30 - 2015-07-02 13:30 - 00000000 ____D C:\Users\tracer\AppData\Roaming\Project Reality

2015-07-02 13:21 - 2015-07-02 15:41 - 00000000 ____D C:\Users\tracer\AppData\Local\Project Reality

2015-07-02 13:20 - 2015-07-02 13:20 - 00000000 ___SH C:\ProgramData\.rdata

2015-07-02 13:16 - 2015-07-02 13:16 - 00291496 _____ C:\Windows\SysWOW64\PnkBstrB.exe

2015-07-02 13:16 - 2015-07-02 13:16 - 00291496 _____ C:\Windows\SysWOW64\PnkBstrB.ex0

2015-07-02 13:16 - 2015-05-23 11:00 - 00912744 _____ C:\Windows\SysWOW64\pbsvc.exe

2015-07-01 16:17 - 2015-07-01 16:17 - 00000000 ____D C:\Users\tracer\Documents\eagle

2015-07-01 16:05 - 2015-07-01 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EAGLE Layout Editor 7.3.0

2015-07-01 16:04 - 2015-07-01 16:05 - 00000000 ____D C:\EAGLE-7.3.0

2015-07-01 16:04 - 2015-07-01 16:04 - 00000000 ____D C:\Users\tracer\AppData\Roaming\CadSoft

2015-07-01 10:34 - 2015-07-01 10:34 - 00000184 _____ C:\Users\tracer\Desktop\root.txt

2015-06-25 16:47 - 2015-06-25 16:47 - 00000222 _____ C:\Users\tracer\Desktop\Insurgency.url

2015-06-23 14:12 - 2015-06-23 14:16 - 00000000 ____D C:\Users\tracer\Desktop\Arduino DUE

2015-06-23 08:40 - 2015-06-23 08:40 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-06-23 08:40 - 2015-06-23 08:40 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-06-23 08:40 - 2015-06-23 08:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-06-23 08:40 - 2015-06-23 08:40 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-06-23 08:40 - 2015-06-23 08:40 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-06-15 21:55 - 2015-06-15 22:05 - 00000000 ____D C:\Users\tracer\AppData\Local\CSO

2015-06-15 21:55 - 2015-06-15 21:55 - 00000000 ____D C:\ProgramData\Nexon

2015-06-15 07:12 - 2015-06-15 07:12 - 00000187 _____ C:\Users\tracer\Desktop\0.txt

2015-06-13 10:53 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts - Copy

2015-06-13 10:35 - 2015-06-13 10:35 - 00388608 _____ (Trend Micro Inc.) C:\Users\tracer\Desktop\HijackThis.exe

2015-06-07 06:41 - 2015-06-14 21:31 - 00000000 ____D C:\Users\tracer\AppData\Local\Adobe

2015-06-03 21:02 - 2015-06-04 19:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-07-03 22:18 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-07-03 22:18 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-07-03 22:15 - 2015-03-20 20:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-07-03 22:13 - 2015-04-08 18:47 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-07-03 22:11 - 2015-05-29 20:22 - 00004750 _____ C:\Windows\setupact.log

2015-07-03 22:11 - 2015-04-08 18:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-07-03 22:11 - 2015-02-22 21:12 - 00000216 _____ C:\Windows\Tasks\ExeWatch.job

2015-07-03 22:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-07-03 22:10 - 2015-02-22 00:44 - 00000000 ____D C:\Program Files (x86)\Steam

2015-07-03 22:02 - 2015-04-08 18:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-07-03 21:59 - 2015-03-17 16:04 - 00000000 ____D C:\Users\tracer\AppData\Roaming\Skype

2015-07-03 21:35 - 2015-02-22 09:14 - 00000000 ____D C:\Users\tracer

2015-07-03 17:20 - 2015-04-08 18:43 - 00002888 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_tracer

2015-07-03 16:42 - 2015-04-08 18:47 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-07-03 16:42 - 2015-04-08 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-07-03 16:42 - 2015-04-08 18:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-07-02 13:16 - 2015-04-02 14:59 - 00076152 _____ C:\Windows\SysWOW64\PnkBstrA.exe

2015-07-02 13:15 - 2015-04-02 15:01 - 00000000 ____D C:\Users\tracer\AppData\Local\PunkBuster

2015-07-02 10:32 - 2009-07-14 07:08 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-06-29 10:58 - 2015-05-27 13:27 - 00000000 ____D C:\Users\tracer\AppData\Roaming\.minecraft

2015-06-28 10:38 - 2015-02-24 21:42 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner

2015-06-27 17:06 - 2015-02-22 20:48 - 00000000 ____D C:\root

2015-06-24 00:14 - 2015-02-22 09:15 - 01591071 _____ C:\Windows\WindowsUpdate.log

2015-06-23 23:15 - 2015-03-20 20:06 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-06-23 23:15 - 2015-03-20 20:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-06-23 23:15 - 2015-03-20 20:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-06-23 18:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache

2015-06-23 08:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2015-06-22 18:03 - 2015-04-08 18:53 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-06-19 15:23 - 2015-04-19 18:14 - 00000000 ____D C:\Users\Public\Documents\Altium

2015-06-18 08:41 - 2015-04-08 18:47 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-06-18 08:41 - 2015-04-08 18:47 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-06-18 08:41 - 2015-04-08 18:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-06-18 07:59 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI

2015-06-16 10:54 - 2015-02-22 00:34 - 00005536 _____ C:\000.rar

2015-06-16 10:04 - 2015-05-29 20:21 - 00008016 _____ C:\Windows\PFRO.log

2015-06-13 19:11 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy

2015-06-04 19:39 - 2015-04-21 22:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

 

==================== Files in the root of some directories =======

 

2015-02-22 00:47 - 2015-05-24 22:02 - 0007606 _____ () C:\Users\tracer\AppData\Local\Resmon.ResmonCfg

2015-07-02 13:20 - 2015-07-02 13:20 - 0000000 ___SH () C:\ProgramData\.rdata

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-07-03 00:32

 

==================== End of log ============================

 

Well I did it in time so apologies for miss information

[tracer05]

i want to add that malwarebytes did not ask me to restart the computer so i did not do that

• Also to ask is there any other program like process hacker that works like it because i am really used to it  also i want to see again if there are still 
• goatse.cx there can i use it or .. ?

[kevinf80]

Yes use process hacker you need to, continue as follows for now:

 

Download AdwCleaner by Xplode onto your Desktop.

• Double click on Adwcleaner.exe to run the tool.
• Click on Scan
• Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
• You will get a prompt asking to close all programs. Click OK.
• Click OK again to reboot your computer.
• A text file will open after the restart. Please post the content of that logfile in your reply.
• You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number
  

 
Next,
 
Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts. (re-enable when done)
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.
  

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
• Post back the report which should also be located here:
  

C:\Programdata\RogueKiller\Logs <-------- W7/8
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

 

Post those logs please...

 

Thank you,

 

Kevin....

[tracer05]

# AdwCleaner v4.207 - Logfile created 04/07/2015 at 09:16:55

# Updated 21/06/2015 by Xplode

# Database : 2015-07-02.1 [server]

# Operating system : Windows 7 Ultimate Service Pack 1 (x64)

# Username : tracer - PC

# Running from : C:\Users\tracer\Desktop\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Avg Secure Update

Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17631

 

 

-\\ Mozilla Firefox v38.0.5 (x86 en-US)

 

 

-\\ Google Chrome v43.0.2357.130

 

[C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\tracer\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [1226 bytes] - [04/07/2015 09:15:44]

AdwCleaner[s0].txt - [1108 bytes] - [04/07/2015 09:16:55]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1167  bytes] ##########

 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.2.8 (07.03.2015:1)

OS: Windows 7 Ultimate x64

Ran by tracer on Sat 07/04/2015 at  9:20:17.80

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Tasks

 

Successfully deleted: [Task] C:\Windows\system32\tasks\Uninstaller_SkipUac_tracer

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] C:\ProgramData\productdata

Successfully deleted: [Folder] C:\Users\tracer\AppData\Roaming\productdata

Successfully deleted: [Folder] C:\Users\tracer\AppData\Roaming\tuneup software

 

 

 

~~~ FireFox

 

 

 

 

~~~ Chrome

 

 

[C:\Users\tracer\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

 

[C:\Users\tracer\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

 

[C:\Users\tracer\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

 

[C:\Users\tracer\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 07/04/2015 at  9:22:58.22

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

RogueKiller V10.8.7.0 [Jun 29 2015] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : tracer [Administrator]

Started from : C:\Users\tracer\Desktop\RogueKiller.exe

Mode : Scan -- Date : 07/04/2015  09:33:04

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 24 ¤¤¤

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 212.200.191.166 212.200.190.166 [YUGOSLAVIA (YU)][YUGOSLAVIA (YU)]  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 212.200.191.166 212.200.190.166 [YUGOSLAVIA (YU)][YUGOSLAVIA (YU)]  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 212.200.191.166 212.200.190.166 [YUGOSLAVIA (YU)][YUGOSLAVIA (YU)]  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{232BC10A-7FD4-4AE4-93F2-4BEC89EBB52F} | DhcpNameServer : 212.200.191.166 212.200.190.166 [YUGOSLAVIA (YU)][YUGOSLAVIA (YU)]  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{232BC10A-7FD4-4AE4-93F2-4BEC89EBB52F} | DhcpNameServer : 212.200.191.166 212.200.190.166 [YUGOSLAVIA (YU)][YUGOSLAVIA (YU)]  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{232BC10A-7FD4-4AE4-93F2-4BEC89EBB52F} | DhcpNameServer : 212.200.191.166 212.200.190.166 [YUGOSLAVIA (YU)][YUGOSLAVIA (YU)]  -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0  -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2367803196-2067336672-868351685-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: WDC WD1600AAJS-00L7A0 ATA Device +++++

--- User ---

[MBR] 310f0a489caefcbbf28bc1193b516b92

[bSP] c45c452b3225d3d93bd93c5fea71f1b5 : Linux|VT.Unknown MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 111565 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 228694014 | Size: 40960 MB

User = LL1 ... OK

User = LL2 ... OK

[kevinf80]

What is the current status of your system, any remaining issues or concerns?

 

Next,

 

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

• Accept the Terms of Use and click Start.
• Allow the running of add-on.
  

If using Mozilla Firefox or Google Chrome:

• Download esetsmartinstaller_enu.exe that you'll be given link to.
• Double click esetsmartinstaller_enu.exe.
• Allow the Terms of Use and click Start.
  

To perform the scan:

• Make sure that Remove found threats is unchecked.
• Scan archives is checked.
• In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
• Under “Enable Stealth Technology select “Change” select any extra drives in that window.
• Click Start
• The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
• When completed, the program will begin to scan. This may take several hours. Please, be patient.
• Do not do anything on your machine as it may interrupt the scan.
• When the scan is done, click Finish.
• A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  

Please include this logfile in your next reply.

Don't forget to re-enable protection software!
 

Thanks,

 

Kevin...

[tracer05]

Everything is fine now and i would like to thank you for your help issue has been fixed , but for sluggishness of the system i dont think anyone can help except me buying new hardware (which wont happen) 

 

Just to add my system specs :

athlon X2 260 3.4GHz

hd 4350

2GB's of ram

sata 2 hdd 

 

So yeah i cant do anything about that

 

As for other scans i can do it by myself so with much more confidence i can say that you or any other moderator can close this thread

 

Thanks for all the help you provided to me 

[kevinf80]

Ok thanks for the update, just need to run the following to clean up..

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

• 
     
• Remove disinfection tools
     
• Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
     
• Reset system settings
  

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

Will close out shortly.......

 

Thank you,

 

Kevin...
 

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!