Jump to content

Cryptowall effects noted, 1 thing won't work


Recommended Posts

3 help your files notice popped up and were on desktop to run

at start. I shut off computer. I ran Malewarebytes which

found 13 things that looked like adware. 10 odd named things

popped up in Documents. The other thing I see bad is Help your files notice showed up in a folder Brettspieltwelt and the exe

for this game site won't start. I downloaded a new one and

installed but it now loses connection whenever I log on.

Do you have ideas as what is happening and what to fix?

 

what was found

 

Registry Keys: 5

PUP.Optional.GeniusBox, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GeniusBox, Delete-on-Reboot, [20413503e6b3261011cdd0e6ed16659b],

PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ProPCCleaner_Popup, Delete-on-Reboot, [c39ee45472275ed8f275f8d4a75c33cd],

PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ProPCCleaner_Start, Delete-on-Reboot, [600123158a0fad89afb8e0ecc241748c],

PUP.Optional.UpdateAdmin, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UpdateAdmin, Delete-on-Reboot, [84ddc573aeeb61d55287419ad132718f],

PUP.Optional.GeniusBox, HKU\S-1-5-21-3023370978-3506523679-905622001-1001\SOFTWARE\geniusboxinstalled, Quarantined, [2a37de5a930695a1f1e8feb8d42ff709],

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 4

PUP.Optional.PullUpdate, C:\CrimeWatch, Quarantined, [f46dde5a41588aacbedcd4ec9e64768a],

PUP.Optional.ASK.Gen, C:\Users\Dave\AppData\Local\Temp\APN-Stub, Quarantined, [1b4678c0277284b20cfdc00205fd35cb],

PUP.Optional.ASK.Gen, C:\Users\Dave\AppData\Local\Temp\APN-Stub\ARS3-SAT, Quarantined, [1b4678c0277284b20cfdc00205fd35cb],

PUP.Optional.ASK.Gen, C:\Users\Dave\AppData\Local\Temp\APN-Stub\ARS3-V7, Quarantined, [1b4678c0277284b20cfdc00205fd35cb],

Files: 4

PUP.Optional.ASK.Gen, C:\Users\Dave\AppData\Local\Temp\APN-Stub\ARS3-SAT\Msi64840c0a-35eb-4b84-abdc-b10b460089f4.log, Quarantined, [1b4678c0277284b20cfdc00205fd35cb],

PUP.Optional.ASK.Gen, C:\Users\Dave\AppData\Local\Temp\APN-Stub\ARS3-SAT\Stb64840c0a-35eb-4b84-abdc-b10b460089f4.log, Quarantined, [1b4678c0277284b20cfdc00205fd35cb],

PUP.Optional.ASK.Gen, C:\Users\Dave\AppData\Local\Temp\APN-Stub\ARS3-V7\Msid712df06-1228-4fc9-91fb-11b892b2a366.log, Quarantined, [1b4678c0277284b20cfdc00205fd35cb],

PUP.Optional.ASK.Gen, C:\Users\Dave\AppData\Local\Temp\APN-Stub\ARS3-V7\Stbd712df06-1228-4fc9-91fb-11b892b2a366.log, Quarantined, [1b4678c0277284b20cfdc00205fd35cb],

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...



Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make logs named (Addition.txt) and Shortcut.txt Please attach those logs to your reply.



Let me see those logs in your next reply...

Thank you,

Kevin...
 

Link to post
Share on other sites

Did this occur because Windows 7 firewall has never worked. I thought Crypto wiped
out documents, pictures audio and video but I don't see it changed.

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Dave (2016-01-12 15:24:24)
Running from I:\New stuff
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-23 22:43:09)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3023370978-3506523679-905622001-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3023370978-3506523679-905622001-1005 - Limited - Enabled)
Dave (S-1-5-21-3023370978-3506523679-905622001-1001 - Administrator - Enabled) => C:\Users\Dave
Guest (S-1-5-21-3023370978-3506523679-905622001-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3023370978-3506523679-905622001-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AirHockey 3D 1.81 (HKLM-x32\...\AirHockey 3D) (Version: 1.81 - Avalanche Team)
Aliens vs Predator Classic 2000 (HKLM-x32\...\1207665883_is1) (Version: 2.0.0.21 - GOG.com)
AMD Catalyst Install Manager (HKLM\...\{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
America's Army 3 (HKLM-x32\...\Steam App 13140) (Version:  - U.S. Army)
Applian FLV Player (HKLM-x32\...\Applian FLV Player2.0.24) (Version: 2.0.24 - Applian Technologies Inc.)
Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version:  - )
BrettspielWelt (HKLM-x32\...\BrettspielWelt) (Version: 1.0 - BrettspielWelt GmbH)
BrettspielWelt (HKLM-x32\...\BSW) (Version:  - )
CD Audio Reader Filter (remove only) (HKLM-x32\...\CD Audio Reader Filter) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{DC45D291-769A-4608-A688-77E6DBC03498}) (Version: 3.6.1 - IvoSoft)
Combat Arms (HKLM-x32\...\Combat Arms) (Version:  - )
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
Cool Timer 5.2.3.0 (HKLM-x32\...\Cool Timer_is1) (Version:  - Harmony Hollow Software)
Crysis® SP Demo (HKLM-x32\...\{92AF2F5A-4407-4A03-A80A-5A2582264746}) (Version: 1.00.0000 - Electronic Arts)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DCoder Image Source (remove only) (HKLM-x32\...\DCoder Image Source) (Version:  - )
DirectVobSub (remove only) (HKLM-x32\...\DirectVobSub) (Version:  - )
DScaler 5 Mpeg Decoders (HKLM-x32\...\DScaler 5 Mpeg Decoders_is1) (Version:  - )
ffdshow v1.3.4533 [2014-09-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4533.0 - )
FFMPEG Core Files (remove only) (HKLM-x32\...\FFMPEG Core Files) (Version:  - )
Free FLV Converter V 5.81 (HKLM-x32\...\Free FLV Converter_is1) (Version:  - Koyote Soft)
Gabest MPEG Splitter (remove only) (HKLM-x32\...\Gabest MPEG Splitter) (Version:  - )
Galaxy Client (HKLM-x32\...\{D6D1DA54-531F-4FA0-B683-CE66ACE3543F}_is1) (Version: 0.1.0.456 - GOG.com)
GEM+/iGOR & Lee's GPL Setup Manager 2.5.0.32 (HKLM-x32\...\GEM+/iGOR & Lee's GPL Setup Manager_is1) (Version:  - GPLSecrets Group)
Guitar Pro 6 Demo (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
InstaCodecs (HKLM-x32\...\InstaCodecs_is1) (Version: 1.0 - )
Internet Explorer Toolbar 4.8 by SweetPacks (HKLM-x32\...\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}) (Version: 4.8.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jericho Demo (HKLM-x32\...\{1CB55F41-7607-4225-B717-387B3C53FDAD}) (Version: 0.10.0000 - Codemasters)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAV Filters 0.64 (HKLM-x32\...\lavfilters_is1) (Version: 0.64 - Hendrik Leppkes)
MadVR (remove only) (HKLM-x32\...\MadVR) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{B45FABE7-D101-4D99-A671-E16DA40AF7F0}) (Version: 3.0.86.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{B578C85A-A84C-4230-A177-C5B2AF565B8C}) (Version: 3.0.17.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NirSoft VideoCacheView (HKLM-x32\...\NirSoft VideoCacheView) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenSource AVI Splitter (remove only) (HKLM-x32\...\OpenSource AVI Splitter) (Version:  - )
OpenSource DTS/AC3/DD+ Source Filter (remove only) (HKLM-x32\...\OpenSource DTS/AC3/DD+ Source Filter) (Version:  - )
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
Pro Evolution Soccer 5 DEMO(no voice) (HKLM-x32\...\InstallShield_{AEB74EBC-884B-4D76-98BC-4D88FE6F2E7F}) (Version: 1.00.0000 - KONAMI)
Pro Evolution Soccer 5 DEMO(no voice) (x32 Version: 1.00.0000 - KONAMI) Hidden
PT Boats: Knights of The Sea (HKLM-x32\...\PT Boats: Knights of The Sea_is1) (Version: Demo - Akella)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.989 - Even Balance, Inc.)
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TimeShift Demo (HKLM-x32\...\{C319F101-4221-4C5A-A9DE-36A6718F8215}) (Version: 1.00.000 - Sierra)
Tribes Ascend (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.0.1268.1 - Hi-Rez Studios)
Windows 7 Codec Pack 4.0.7 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.7 - Windows 7 Codec Pack)
Windows Essentials Media Codec Pack 4.0 [64-Bit] (HKLM-x32\...\Windows Essentials Media Codec Pack) (Version: 4.0 - Media Codec)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFF 1.2 (HKLM-x32\...\WinFF_is1) (Version:  - WinFF.org)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wireless N-lite USB Adapter Utility (HKLM-x32\...\{71AB49D0-9B47-4624-904C-D44B9B996656}) (Version: 1.5.4.0 - ZyXEL)
Xvid 1.1.3 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version: 10.0.0 - Inmatrix LTD)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3023370978-3506523679-905622001-1001_Classes\CLSID\{A39E563A-2D0A-4909-B52F-051C44A483CE}\InprocServer32 -> C:\Program Files (x86)\TNT2\Profiles\11083\passport64.dll => No File
CustomCLSID: HKU\S-1-5-21-3023370978-3506523679-905622001-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\NativeHooks.dll => No File <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09D77B8A-2823-42F2-9943-A1BF7771595D} - \GeniusBox -> No File <==== ATTENTION
Task: {09EB13AC-9899-476C-A438-CBAF94CEF380} - System32\Tasks\{D2B18D4C-E05A-48E6-96E8-597C25889123} => C:\Aliens versus Predator Demo\AvP_Marine_Demo.exe [1998-11-25] ()
Task: {1349E205-A8F8-4405-8AF5-65DFBC7673C2} - System32\Tasks\{04172568-0C0C-4734-AABA-7AB1EE014C42} => C:\NFL Fever 2000 Trial\NFLFEVER.exe [1999-07-27] (MSFT)
Task: {14CB41F0-0735-495E-A7C4-BBBD6CD17BB8} - System32\Tasks\{F20FAA84-E9D2-4C51-975F-44121E8D5C06} => C:\COMET\COMET.EXE [1996-01-17] ()
Task: {233F6ECB-3A5D-440F-86B9-662522E1612C} - System32\Tasks\{EBEED6CC-BB5C-4D93-8CED-7DD9E88CB025} => G:\Quake3\quake3.exe
Task: {282EE9D0-7945-461F-B443-F94B1C237080} - System32\Tasks\{B294D644-12E0-4391-9854-FF8052825471} => C:\Aliens versus Predator Demo\AvP_Marine_Demo.exe [1998-11-25] ()
Task: {36BA5AF7-D8E7-4A4D-BFA5-8E48D9436B2A} - System32\Tasks\{8E87EF91-E491-4581-960C-6133E34DC5A7} => pcalua.exe -a "G:\Zip files\Software\retrospection_2.1_setup.exe"
Task: {38C14FCE-9899-4E2A-B343-609DE73A743A} - System32\Tasks\Validate Installation => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
Task: {38C55743-B717-4C6B-9B24-2AB39CA3D644} - System32\Tasks\{01D93840-F7FE-4D49-9F30-7CBE6BE4AE0B} => G:\Quake3\quake3.exe
Task: {3A34C632-1B55-4005-9A8F-046C2579460E} - System32\Tasks\{5AED553E-157B-40D2-96BB-7C297884F230} => C:\NHL 2001 Demo\nhl2001demo.exe [2000-09-12] ()
Task: {3C82F805-4F09-48CD-B99D-7191084409C4} - System32\Tasks\{267D3A3C-F1B0-45F2-8404-F9696821CB54} => G:\New stuff\Retrospection\RetrospectionFront.exe
Task: {3ECFE579-31FE-4EC0-85B8-AD789310C5DE} - System32\Tasks\{A96939CF-C34C-4131-80C2-DB3819A5F53B} => C:\Aliens versus Predator Demo\AvP_Marine_Demo.exe [1998-11-25] ()
Task: {5075EA60-34D8-4625-91FF-47F92B787EB4} - System32\Tasks\{D5E7A254-7C82-40CD-A8DE-2B03927B7B88} => C:\NFL Fever 2000 Trial\NFLFEVER.exe [1999-07-27] (MSFT)
Task: {512F5EE8-B32F-47CA-8995-6C42838ECC4A} - System32\Tasks\{AF900DF5-3DD9-4494-8CE6-C654CFE0295D} => C:\adciv\Ac.exe [2001-08-09] ()
Task: {58691C6F-786D-4827-BFA1-E0D113A1F32C} - System32\Tasks\{2FABA12A-E3D8-4AB1-B18B-80D6FAAFB990} => C:\Geardemo\Gear.exe [1996-02-16] ()
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {6BB9CE94-443D-4B62-94D9-D1D391E2830A} - System32\Tasks\Windows Codec Update Service => C:\Program Files (x86)\Essentials Codec Pack\WECPUpdate.exe [2012-02-03] (MediaCodec.Org)
Task: {6F5CB4A0-2160-4E7F-A92B-1B08FC10191E} - System32\Tasks\{D0F0DB4E-54AF-4EAF-8A0A-748EAE9B7E32} => C:\NFL Fever 2000 Trial\NFLFEVER.exe [1999-07-27] (MSFT)
Task: {6FB1B1B1-0983-47D8-B165-5F22423A975B} - System32\Tasks\{32A15600-D985-4995-A0AD-7889FE7F6A28} => G:\Quake3\quake3.exe
Task: {72E2301D-1D4D-4BC4-8ACE-40F607CB01E7} - System32\Tasks\{9CBDDAFA-7DCB-48A8-B2C8-A221F7C359EE} => C:\adciv\Ac.exe [2001-08-09] ()
Task: {822B0483-023B-41F2-8D19-11CB30581FFA} - \UpdateAdmin -> No File <==== ATTENTION
Task: {A2D8E75A-73DE-46EC-B307-F792E663C171} - System32\Tasks\{9526E09E-FE95-4B49-81D6-68B8B736B789} => C:\COMET\COMET.EXE [1996-01-17] ()
Task: {AAE80F59-FCF7-4D59-9D7C-2D0717A388FE} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {B515CB5D-A6C2-4212-90F4-BC9F42768890} - System32\Tasks\{C482FAAA-B35D-405B-B632-305AD9DCDCE6} => C:\Geardemo\Gear.exe [1996-02-16] ()
Task: {B6F0F35D-3A1E-4408-BE7D-E0CC66CD6FEC} - System32\Tasks\Check Updates => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
Task: {B9547313-2419-4495-9AD4-1AA3662ECE2E} - System32\Tasks\{4BAEC7CA-C40C-47D0-8697-691320BD81DE} => G:\New stuff\Retrospection\RetrospectionFront.exe
Task: {BBE5C1BA-53F3-468E-804B-DF40B42D56EF} - System32\Tasks\Anwrerrot => C:\ProgramData\Anwrerrot\1.0.1.0\oiudnoep.exe <==== ATTENTION
Task: {D71DAA71-215D-440C-AD50-AC04C62F14DD} - System32\Tasks\{C5D858F8-B98B-4105-B1C7-B39C47513457} => C:\adciv\Ac.exe [2001-08-09] ()
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E4E3DB73-E7EA-41C3-8C15-933D85818729} - System32\Tasks\{6F59A0A7-8343-4A55-AC88-C3ABC5CF6B21} => pcalua.exe -a C:\Users\Dave\AppData\Local\Temp\Temp1_MotoGP08_PC_demo.zip\setup.exe
Task: {F357EC66-21B3-49B5-BB17-C7818DE7C9AD} - System32\Tasks\{EFC0BF62-DA74-43E3-902C-807466C4942E} => C:\COMET\COMET.EXE [1996-01-17] ()
Task: {F3B9AFD2-5E2E-4151-81D6-C935981482C4} - \ProPCCleaner_Start -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-08-13 10:51 - 2012-10-04 18:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2012-06-11 15:12 - 2012-06-11 15:12 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 18:03 - 2012-03-05 18:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 16:53 - 2012-02-16 16:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-06-11 15:12 - 2012-06-11 15:12 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-09-19 10:13 - 2014-05-18 16:48 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-06-11 15:12 - 2012-06-11 15:12 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-06-11 14:45 - 2012-06-11 14:45 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-01-12 12:22 - 2016-01-12 12:22 - 00204384 _____ () C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2iexp.dll
2016-01-12 12:22 - 2016-01-12 12:22 - 00019040 _____ () C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2native.dll
2011-10-16 15:33 - 2013-07-07 20:02 - 00835584 _____ () I:\Opera\gstreamer\gstreamer.dll
2011-10-16 15:33 - 2013-07-07 20:02 - 00093696 _____ () I:\Opera\gstreamer\plugins\gstaudioconvert.dll
2011-10-16 15:33 - 2013-07-07 20:02 - 00094208 _____ () I:\Opera\gstreamer\plugins\gstaudioresample.dll
2011-10-16 15:33 - 2013-07-07 20:02 - 00057344 _____ () I:\Opera\gstreamer\plugins\gstautodetect.dll
2013-07-07 20:02 - 2013-07-07 20:02 - 00096256 _____ () I:\Opera\gstreamer\plugins\gstcoreplugins.dll
2011-10-16 15:33 - 2013-07-07 20:02 - 00062976 _____ () I:\Opera\gstreamer\plugins\gstdecodebin2.dll
2011-10-16 15:33 - 2013-07-07 20:02 - 00067072 _____ () I:\Opera\gstreamer\plugins\gstdirectsound.dll
2011-10-16 15:33 - 2013-07-07 20:02 - 00158208 _____ () I:\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2011-10-16 15:33 - 2013-07-07 20:02 - 00312832 _____ () I:\Opera\gstreamer\plugins\gstoggdec.dll
2011-10-16 15:33 - 2013-07-07 20:02 - 00038912 _____ () I:\Opera\gstreamer\plugins\gstwaveform.dll
2011-10-16 15:33 - 2013-07-07 20:02 - 00073728 _____ () I:\Opera\gstreamer\plugins\gstwavparse.dll
2011-10-16 15:33 - 2013-07-07 20:02 - 00101888 _____ () I:\Opera\gstreamer\plugins\gstwebmdec.dll
2015-08-05 22:56 - 2015-08-05 22:56 - 17448624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\87696299.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\87696299.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3023370978-3506523679-905622001-1001\...\mail3x.com -> hxxp://ads.mail3x.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3023370978-3506523679-905622001-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: IBUpdaterService => 2
MSCONFIG\Services: Updater By SweetPacks => 2
MSCONFIG\Services: vToolbarUpdater15.4.0 => 2
MSCONFIG\Services: ‮etadpug => 2
MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Accessories^Startup^19DBAD56F.lnk => C:\Windows\pss\19DBAD56F.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Accessories^Startup^HELP_YOUR_FILES.HTML => C:\Windows\pss\HELP_YOUR_FILES.HTML.Startup
MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Accessories^Startup^HELP_YOUR_FILES.PNG => C:\Windows\pss\HELP_YOUR_FILES.PNG.Startup
MSCONFIG\startupfolder: C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Accessories^Startup^HELP_YOUR_FILES.TXT => C:\Windows\pss\HELP_YOUR_FILES.TXT.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: ISUSPM => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: Itibiti.exe => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
MSCONFIG\startupreg: SearchProtectAll => C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

12-01-2016 15:20:50 Windows Update
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2016 11:11:15 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (01/12/2016 11:01:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2016 01:16:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x4fd626ed
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x624
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (01/12/2016 12:36:14 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (01/12/2016 12:26:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2016 10:44:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x4fd626ed
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x608
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (01/11/2016 08:59:19 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (01/11/2016 08:49:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2016 07:32:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x4fd626ed
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x6ec
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (01/11/2016 04:54:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: F1_2002_Demo.exe, version: 0.5.1.8, time stamp: 0x3cc5b524
Faulting module name: F1_2002_Demo.exe, version: 0.5.1.8, time stamp: 0x3cc5b524
Exception code: 0xc0000005
Fault offset: 0x00108e78
Faulting process id: 0xe5c
Faulting application start time: 0xF1_2002_Demo.exe0
Faulting application path: F1_2002_Demo.exe1
Faulting module path: F1_2002_Demo.exe2
Report Id: F1_2002_Demo.exe3

System errors:
=============
Error: (01/12/2016 03:20:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error:
%%1290

Error: (01/12/2016 03:20:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Base Filtering Engine service failed to start due to the following error:
%%1290

Error: (01/12/2016 03:19:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Security Center service failed to start due to the following error:
%%1314

Error: (01/12/2016 03:19:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:
%%1290

Error: (01/12/2016 03:19:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Base Filtering Engine service failed to start due to the following error:
%%1290

Error: (01/12/2016 03:19:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:
%%1290

Error: (01/12/2016 03:19:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Base Filtering Engine service failed to start due to the following error:
%%1290

Error: (01/12/2016 03:19:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Base Filtering Engine service failed to start due to the following error:
%%1290

Error: (01/12/2016 11:01:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (01/12/2016 11:01:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

CodeIntegrity:
===================================
  Date: 2014-11-07 23:26:23.219
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\sfvfs02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-07 23:26:23.199
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\sfvfs02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD FX-4100 Quad-Core Processor
Percentage of memory in use: 58%
Total physical RAM: 8190.46 MB
Available physical RAM: 3360.52 MB
Total Virtual: 16379.11 MB
Available Virtual: 11129.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:231.27 GB) NTFS
Drive e: (DRV3_VOL1) (Fixed) (Total:111.76 GB) (Free:25.13 GB) FAT32
Drive f: (New Volume) (Fixed) (Total:272.85 GB) (Free:272.75 GB) NTFS
Drive i: (New Volume) (Fixed) (Total:292.97 GB) (Free:166.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: ACC8B171)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 486B9E5B)
Partition 1: (Active) - (Size=111.8 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=272.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/12/2016
Scan Time: 2:34 PM
Logfile: malware remove 2.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.12.06
Rootkit Database: v2016.01.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dave

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 381461
Time Elapsed: 37 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Enabled
Heuristics: Disabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{56e4f66d-7128-2dc0-ce2c-5df33ffe5938}, Delete-on-Reboot, [facce94fb9e093a37e2023dfec146f91],

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Dave (administrator) on DAVE-PC (12-01-2016 15:23:25)
Running from I:\New stuff
Loaded Profiles: Dave (Available Profiles: Dave)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hi-Rez Studios) C:\Tribes Ascend\HiPatchService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\ZyXEL\N220\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\ZyXEL\N220\Common\RaRegistry64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(IvoSoft) C:\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Firegraphic.com) C:\Firegraphic 6\Firegraphic.exe
(MMedia Research Corp) C:\Users\Dave\Desktop\LVIEWPRO.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Opera Software) I:\Opera\opera.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2launcher.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2launcher.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Farbar) I:\New stuff\Farbar RST64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Classic Shell\ClassicStartMenu.exe [159744 2012-08-19] (IvoSoft)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Classic Shell\ClassicExplorer64.dll [2012-08-19] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Classic Shell\ClassicExplorer32.dll [2012-08-19] (IvoSoft)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.26 205.171.2.26
Tcpip\..\Interfaces\{35924C7C-99D3-4386-BB4E-704C64247C7A}: [DhcpNameServer] 192.168.0.1 205.171.3.26 205.171.2.26
Tcpip\..\Interfaces\{D429B006-59C4-49E1-8F91-0C08DC2AAF25}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3023370978-3506523679-905622001-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://en.boardgamearena.com/#!gamelobby
SearchScopes: HKLM-x32 -> DefaultScope {10E6CF9A-A768-44F4-BF6E-609B97ABF1EA} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3023370978-3506523679-905622001-1001 -> DefaultScope {BE50A3BD-1E1F-4688-9FD0-334A74D91E79} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3023370978-3506523679-905622001-1001 -> {BE50A3BD-1E1F-4688-9FD0-334A74D91E79} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Classic Shell\ClassicExplorer64.dll [2012-08-19] (IvoSoft)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Classic Shell\ClassicIE9DLL_64.dll [2012-08-19] (IvoSoft)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Classic Shell\ClassicExplorer32.dll [2012-08-19] (IvoSoft)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-12] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: No Name -> {A5366673-E8CA-11D3-9CD9-0090271D075B} -> No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-12] (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Classic Shell\ClassicIE9DLL_32.dll [2012-08-19] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Classic Shell\ClassicExplorer64.dll [2012-08-19] (IvoSoft)
Toolbar: HKLM - FindWide Toolbar - {A39E563A-2D0A-4909-B52F-051C44A483CE} - C:\Program Files (x86)\TNT2\Profiles\11083\passport64.dll No File
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Classic Shell\ClassicExplorer32.dll [2012-08-19] (IvoSoft)
Toolbar: HKLM-x32 - FindWide Toolbar - {A39E563A-2D0A-4909-B52F-051C44A483CE} - C:\Program Files (x86)\TNT2\Profiles\11083\passport.dll No File
Toolbar: HKU\S-1-5-21-3023370978-3506523679-905622001-1001 -> FindWide Toolbar - {A39E563A-2D0A-4909-B52F-051C44A483CE} - C:\Program Files (x86)\TNT2\Profiles\11083\passport64.dll No File
DPF: HKLM-x32 {56505FCF-9DB3-49B4-BA5F-BE3AAE44CF2E} hxxps://cityprojects.talgov.net/projectdox/Resources/BravaClient/en/BravaClientXWrapper.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\11gg3lcq.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-05] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2013-09-05] (Nexon)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Extension: The Addon Bar (restored) - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\11gg3lcq.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2015-06-14]
FF Extension: Video DownloadHelper - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\11gg3lcq.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-09]

Opera:
=======
StartMenuInternet: (HKLM) Opera - G:\Opera\Opera.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-06-11] (Advanced Micro Devices, Inc.) [File not signed]
S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2191648 2014-09-18] (GOG.com)
U2 HiPatchService; C:\Tribes Ascend\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
S2 MBAMService; C:\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-18] ()
R2 RalinkRegistryWriter; C:\ZyXEL\N220\Common\RaRegistry.exe [185632 2009-07-14] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\ZyXEL\N220\Common\RaRegistry64.exe [211232 2009-07-14] (Ralink Technology, Corp.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U0 hsencgo; C:\Windows\System32\drivers\jfnotnwi.sys [79064 2016-01-12] (Malwarebytes)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-12 15:21 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-01-12 15:21 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-01-12 15:21 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-01-12 15:21 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-01-12 15:21 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-01-12 15:21 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-01-12 15:21 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-01-12 15:21 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-01-12 15:21 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-01-12 15:21 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-01-12 15:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-01-12 15:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-01-12 15:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-01-12 15:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-01-12 15:19 - 2016-01-12 15:19 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\jfnotnwi.sys
2016-01-12 15:00 - 2016-01-12 15:23 - 00000000 ____D C:\FRST
2016-01-12 14:59 - 2016-01-12 14:59 - 00000000 ____D C:\AdwCleaner
2016-01-12 12:22 - 2016-01-12 12:22 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Sun
2016-01-12 12:22 - 2016-01-12 12:22 - 00000000 ____D C:\Users\Dave\.oracle_jre_usage
2016-01-12 12:22 - 2016-01-12 12:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-12 12:21 - 2016-01-12 12:21 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-12 12:20 - 2016-01-12 12:20 - 00000000 ____D C:\Users\Dave\AppData\LocalLow\Oracle
2016-01-12 12:00 - 2016-01-12 12:00 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brettspielwelt
2016-01-12 12:00 - 2016-01-12 12:00 - 00000000 ____D C:\BSW
2016-01-11 17:42 - 2016-01-11 22:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-10 21:44 - 2016-01-10 21:44 - 00000000 ____D C:\Users\Dave\AppData\Local\Chromium
2015-12-30 23:58 - 2015-12-30 23:58 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Guitar Pro 6
2015-12-30 23:58 - 2015-12-30 23:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6
2015-12-30 23:58 - 2015-12-30 23:58 - 00000000 ____D C:\ProgramData\Guitar Pro 6
2015-12-30 23:56 - 2015-12-30 23:57 - 00000000 ____D C:\Guitar Pro 6
2015-12-18 10:03 - 2015-12-18 10:03 - 00001147 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Mozilla Firefox.lnk
2015-12-18 10:03 - 2015-12-18 10:03 - 00001031 _____ C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Firegraphic.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-12 15:23 - 2009-07-13 23:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-12 15:23 - 2009-07-13 23:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-12 15:20 - 2015-01-17 19:32 - 00000000 ____D C:\Malwarebytes Anti-Malware
2016-01-12 15:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SchCache
2016-01-12 15:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-12 14:33 - 2015-01-17 19:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-12 14:29 - 2015-06-14 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-12 14:14 - 2013-07-03 14:46 - 00000000 ____D C:\Users\Dave\Documents\Firegraphic
2016-01-12 14:13 - 2013-08-22 10:38 - 00000000 ____D C:\ProgramData\Zoom Player
2016-01-12 12:23 - 2013-10-29 21:23 - 00000000 ____D C:\ProgramData\Oracle
2016-01-12 12:22 - 2013-10-29 21:23 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-12 12:22 - 2012-08-23 17:43 - 00000000 ____D C:\Users\Dave
2016-01-12 12:01 - 2013-07-02 09:15 - 00000000 ____D C:\Users\Dave\AppData\Roaming\BSW
2016-01-12 11:36 - 2013-07-05 08:59 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A4797549-CAB1-4E29-B9E1-E6B9D2F32C13}
2016-01-12 11:05 - 2009-07-14 00:13 - 00740482 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-12 11:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-12 11:01 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-12 00:25 - 2015-06-14 17:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-11 16:44 - 2013-10-29 10:43 - 00000000 ____D C:\Windows\pss
2016-01-11 11:32 - 2013-07-02 22:06 - 00000000 ____D C:\4x4 Evolution
2016-01-10 14:06 - 2013-07-04 11:10 - 00000000 ____D C:\Capture
2016-01-09 00:37 - 2014-02-26 13:41 - 00000000 ____D C:\Steam
2016-01-08 16:34 - 2014-07-02 23:30 - 00000000 ____D C:\Users\Dave\Desktop\Tzolkin
2015-12-30 19:14 - 2013-07-03 15:19 - 00008440 _____ C:\Windows\lviewpro.ini
2015-12-29 10:20 - 2009-07-14 00:08 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-21 20:54 - 2012-08-29 19:27 - 00000000 ____D C:\New Stuff

==================== Files in the root of some directories =======

2015-06-14 09:53 - 2015-06-14 09:53 - 0000064 _____ () C:\Users\Dave\AppData\Local\bdb49bc6be0eab049e86c2a65af0618e
2013-07-04 20:53 - 2013-07-05 15:41 - 0009728 _____ () C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-03 15:02 - 2013-07-03 15:02 - 0000092 _____ () C:\Users\Dave\AppData\Local\fusioncache.dat
2015-09-29 19:42 - 2015-09-29 19:42 - 0000017 _____ () C:\Users\Dave\AppData\Local\resmon.resmoncfg
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Files to move or delete:
====================
C:\Users\Dave\LVIEWPRO.EXE

Some files in TEMP:
====================
C:\Users\Dave\AppData\Local\Temp\bridj.dll5392563786024506545.dll
C:\Users\Dave\AppData\Local\Temp\bridj.dll7326302336878197017.dll
C:\Users\Dave\AppData\Local\Temp\bridj.dll7683881512564236683.dll
C:\Users\Dave\AppData\Local\Temp\bridj.dll8349419641673059256.dll
C:\Users\Dave\AppData\Local\Temp\bridj.dll8880528859784355924.dll
C:\Users\Dave\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\Dave\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Dave\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Dave\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Dave\AppData\Local\Temp\NGMDll.dll
C:\Users\Dave\AppData\Local\Temp\NGMResource.dll
C:\Users\Dave\AppData\Local\Temp\nsjCE8B.exe
C:\Users\Dave\AppData\Local\Temp\nsoAEA9.exe
C:\Users\Dave\AppData\Local\Temp\nss322B.exe
C:\Users\Dave\AppData\Local\Temp\oi_{6773B301-AE48-4A44-AD9F-D04B8650E2B4}.exe
C:\Users\Dave\AppData\Local\Temp\SCC.dll
C:\Users\Dave\AppData\Local\Temp\Setup.exe
C:\Users\Dave\AppData\Local\Temp\sqlite3.dll
C:\Users\Dave\AppData\Local\Temp\unicows.dll
C:\Users\Dave\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Dave\AppData\Local\Temp\uninstaller.exe
C:\Users\Dave\AppData\Local\Temp\zp930free.exe
C:\Users\Dave\AppData\Local\Temp\_is7213.exe
C:\Users\Dave\AppData\Local\Temp\{D69D74D2-425A-4C42-B458-306075415304}.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-10 21:04

==================== End of FRST.txt ============================

 

the only logs that showed up
 

Link to post
Share on other sites

I do not see any anti-virus program installed, is that correct?

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

dr_web_cureit_zpse80d87bf.jpg
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)
 

  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning


    drwebselect.JPG
     
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats


    drwebfolders.JPG
     
  • Press start scan
  • The scan will now commence


    drwebscan.JPG
     
  • Once the scan has finished click open report <<<--- Do not miss this step


    drwebscancomplete.JPG
     
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop


This log will be excessive,  Please attach it to your next reply…
 

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...
 

Let me see those logs in your reply....

 

Thank you,

 

Kevin..

 

 

Fixlist.txt

Link to post
Share on other sites

I do not have an anti virus. The log from DrCureIt causes the page to blow up when I add it. It found 31 items

that malewarebytes didn't get. It had adware and Trojans like CLick.21347 Vittalia.71. Thanks for your effort

 

Dave

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Dave (2016-01-12 19:01:39) Run:1
Running from I:\New stuff
Loaded Profiles: Dave (Available Profiles: Dave)
Boot Mode: Normal
==============================================

fixlist content:

 

 Results of screen317's Security Check version 1.009 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 45 
 Java 8 Update 66 
 Java version 32-bit out of Date!
  Adobe Flash Player 18.0.0.209 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (43.0.4)
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

*****************
Start
CloseProcesses:
CreateRestorePoint:
Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
cmd: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
U0 hsencgo; C:\Windows\System32\drivers\jfnotnwi.sys [79064 2016-01-12] (Malwarebytes)
C:\Windows\System32\drivers\jfnotnwi.sys
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
C:\Program Files (x86)\Google\Desktop\Install
C:\Users\Dave\LVIEWPRO.EXE
C:\Users\Dave\AppData\Local\Temp\bridj.dll5392563786024506545.dll
C:\Users\Dave\AppData\Local\Temp\bridj.dll7326302336878197017.dll
C:\Users\Dave\AppData\Local\Temp\bridj.dll7683881512564236683.dll
C:\Users\Dave\AppData\Local\Temp\bridj.dll8349419641673059256.dll
C:\Users\Dave\AppData\Local\Temp\bridj.dll8880528859784355924.dll
C:\Users\Dave\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\Dave\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Dave\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Dave\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Dave\AppData\Local\Temp\NGMDll.dll
C:\Users\Dave\AppData\Local\Temp\NGMResource.dll
C:\Users\Dave\AppData\Local\Temp\nsjCE8B.exe
C:\Users\Dave\AppData\Local\Temp\nsoAEA9.exe
C:\Users\Dave\AppData\Local\Temp\nss322B.exe
C:\Users\Dave\AppData\Local\Temp\oi_{6773B301-AE48-4A44-AD9F-D04B8650E2B4}.exe
C:\Users\Dave\AppData\Local\Temp\SCC.dll
C:\Users\Dave\AppData\Local\Temp\Setup.exe
C:\Users\Dave\AppData\Local\Temp\sqlite3.dll
C:\Users\Dave\AppData\Local\Temp\unicows.dll
C:\Users\Dave\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Dave\AppData\Local\Temp\uninstaller.exe
C:\Users\Dave\AppData\Local\Temp\zp930free.exe
C:\Users\Dave\AppData\Local\Temp\_is7213.exe
C:\Users\Dave\AppData\Local\Temp\{D69D74D2-425A-4C42-B458-306075415304}.exe
CustomCLSID: HKU\S-1-5-21-3023370978-3506523679-905622001-1001_Classes\CLSID\{A39E563A-2D0A-4909-B52F-051C44A483CE}\InprocServer32 -> C:\Program Files (x86)\TNT2\Profiles\11083\passport64.dll => No File
CustomCLSID: HKU\S-1-5-21-3023370978-3506523679-905622001-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\NativeHooks.dll => No File <==== ATTENTION
Task: {09D77B8A-2823-42F2-9943-A1BF7771595D} - \GeniusBox -> No File <==== ATTENTION
Task: {38C14FCE-9899-4E2A-B343-609DE73A743A} - System32\Tasks\Validate Installation => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
Task: {822B0483-023B-41F2-8D19-11CB30581FFA} - \UpdateAdmin -> No File <==== ATTENTION
Task: {AAE80F59-FCF7-4D59-9D7C-2D0717A388FE} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {B6F0F35D-3A1E-4408-BE7D-E0CC66CD6FEC} - System32\Tasks\Check Updates => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
C:\Program Files (x86)\user extensions
Task: {BBE5C1BA-53F3-468E-804B-DF40B42D56EF} - System32\Tasks\Anwrerrot => C:\ProgramData\Anwrerrot\1.0.1.0\oiudnoep.exe <==== ATTENTION
C:\ProgramData\Anwrerrot
Task: {F3B9AFD2-5E2E-4151-81D6-C935981482C4} - \ProPCCleaner_Start -> No File <==== ATTENTION
EmptyTemp:
end
*****************

Processes closed successfully.
Restore point was successfully created.
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
Winsock: Catalog5-x64 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5-x64 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)

=========  netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

hsencgo => service not found.
"C:\Windows\System32\drivers\jfnotnwi.sys" => not found.
EagleX64 => service removed successfully
C:\Program Files (x86)\Google\Desktop\Install => moved successfully
C:\Users\Dave\LVIEWPRO.EXE => moved successfully
C:\Users\Dave\AppData\Local\Temp\bridj.dll5392563786024506545.dll => moved successfully
C:\Users\Dave\AppData\Local\Temp\bridj.dll7326302336878197017.dll => moved successfully
C:\Users\Dave\AppData\Local\Temp\bridj.dll7683881512564236683.dll => moved successfully
C:\Users\Dave\AppData\Local\Temp\bridj.dll8349419641673059256.dll => moved successfully
C:\Users\Dave\AppData\Local\Temp\bridj.dll8880528859784355924.dll => moved successfully
C:\Users\Dave\AppData\Local\Temp\drm_dyndata_7330017.dll => moved successfully
C:\Users\Dave\AppData\Local\Temp\GenericUninstall.exe => moved successfully
C:\Users\Dave\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe => moved successfully
C:\Users\Dave\AppData\Local\Temp\HiRezLauncherControls.dll => moved successfully
C:\Users\Dave\AppData\Local\Temp\NGMDll.dll => moved successfully
C:\Users\Dave\AppData\Local\Temp\NGMResource.dll => moved successfully
C:\Users\Dave\AppData\Local\Temp\nsjCE8B.exe => moved successfully
C:\Users\Dave\AppData\Local\Temp\nsoAEA9.exe => moved successfully
C:\Users\Dave\AppData\Local\Temp\nss322B.exe => moved successfully
C:\Users\Dave\AppData\Local\Temp\oi_{6773B301-AE48-4A44-AD9F-D04B8650E2B4}.exe => moved successfully
C:\Users\Dave\AppData\Local\Temp\SCC.dll => moved successfully
C:\Users\Dave\AppData\Local\Temp\Setup.exe => moved successfully
C:\Users\Dave\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Dave\AppData\Local\Temp\unicows.dll => moved successfully
C:\Users\Dave\AppData\Local\Temp\UNINSTALL.EXE => moved successfully
"C:\Users\Dave\AppData\Local\Temp\uninstaller.exe" => not found.
C:\Users\Dave\AppData\Local\Temp\zp930free.exe => moved successfully
C:\Users\Dave\AppData\Local\Temp\_is7213.exe => moved successfully
C:\Users\Dave\AppData\Local\Temp\{D69D74D2-425A-4C42-B458-306075415304}.exe => moved successfully
"HKU\S-1-5-21-3023370978-3506523679-905622001-1001_Classes\CLSID\{A39E563A-2D0A-4909-B52F-051C44A483CE}" => key removed successfully
"HKU\S-1-5-21-3023370978-3506523679-905622001-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{09D77B8A-2823-42F2-9943-A1BF7771595D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09D77B8A-2823-42F2-9943-A1BF7771595D}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GeniusBox => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38C14FCE-9899-4E2A-B343-609DE73A743A} => key not found.
C:\Windows\System32\Tasks\Validate Installation => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Validate Installation => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{822B0483-023B-41F2-8D19-11CB30581FFA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{822B0483-023B-41F2-8D19-11CB30581FFA}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateAdmin => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAE80F59-FCF7-4D59-9D7C-2D0717A388FE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAE80F59-FCF7-4D59-9D7C-2D0717A388FE}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6F0F35D-3A1E-4408-BE7D-E0CC66CD6FEC} => key not found.
C:\Windows\System32\Tasks\Check Updates => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Check Updates => key not found.
"C:\Program Files (x86)\user extensions" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BBE5C1BA-53F3-468E-804B-DF40B42D56EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBE5C1BA-53F3-468E-804B-DF40B42D56EF}" => key removed successfully
C:\Windows\System32\Tasks\Anwrerrot => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Anwrerrot" => key removed successfully
"C:\ProgramData\Anwrerrot" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F3B9AFD2-5E2E-4151-81D6-C935981482C4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3B9AFD2-5E2E-4151-81D6-C935981482C4}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start => key not found.
EmptyTemp: => 14.2 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 19:06:58 ====

Link to post
Share on other sites

Do you have the log from DrWeb?

 

Windows Firewall is now showing as active, is that correct?

 

Download and install Microsoft Security Essentials, ensure to update, then run a scan....

 

https://www.microsoft.com/en-gb/download/details.aspx?id=5201

 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader


 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.
 

Untick the option for any security scanner or toolbar if offered.
 

Download and install.
 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Go here http://www.adobe.com/shockwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required.

There maybe an offer of Google Chrome etc, untick those options if offered...

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.


 

Upgrading Java:
 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.


 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

 

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....
 

 

post logs from DrWeb and FRST, also let me know if there are any remaining issues or concerns...

 

Thank you,

 

Kevin

Link to post
Share on other sites

Yes Windows Firewall was reset with FRST fix, what about the other instructions I posted...

 

Can I see the log from DrWeb.

 

Did you install Microsoft Security Essentials?

 

Did you update Adobe Reader?

 

Did you update Flashplayer.

 

Regarding the game issues, can you re-install it, Does that help....

 

Did you update Java and check if old versions were removed?

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.