Jump to content

Recommended Posts

So yesterday I was hit by a virus which installed loads of programs like SafeFinder to my PC, changed all of my browsers and kept opening tabs and showing advertisements everywhere. Through a combination of MalwareBytes and adwcleaner I've managed to get rid of the vast majority of it, however when I restarted my PC following the removal of this malware I was presented with a black screen and my cursor, and after searching it I managed to open task manager and run explorer.exe, which brought back my desktop. That was fine, and it worked again for the next boot, but today when I tried it was back and I had to do the same thing; the help thread I found didn't detail what to do if running explorer.exe actually worked as for the person asking it didn't, so I have functionality but no permanent fix it seems.

Anyone know how to solve this? Thanks for your time.

Link to post
Share on other sites

Hello Ezekiel and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system, continue as follows please:

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs in your reply...

Thank you,

Kevin...
Link to post
Share on other sites

Thanks Kevin - these are the results:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
Ran by Ezekiel (administrator) on Ezekiel-PC (27-04-2016 17:23:54)
Running from F:\Downloads
Loaded Profiles: Ezekiel (Available Profiles: Ezekiel & DefaultAppPool)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Users\Ezekiel\AppData\Roaming\Naevsivam\Naevsivam.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Disc Soft Ltd) I:\DAEMON Tools Lite\DiscSoftBusService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Users\Ezekiel\AppData\Roaming\Naevsivam\Nucavy.exe
() C:\Users\Ezekiel\AppData\Roaming\Naevsivam\Cajjheowi.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) D:\iTunes\iTunesHelper.exe
(MY.COM B.V.) C:\Users\Ezekiel\AppData\Local\MyComGames\MyComGames.exe
(Hammer & Chisel, Inc.) C:\Users\Ezekiel\AppData\Local\Discord\app-0.0.288\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hammer & Chisel, Inc.) C:\Users\Ezekiel\AppData\Local\Discord\app-0.0.288\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Ezekiel\AppData\Local\Discord\app-0.0.288\Discord.exe
(BitTorrent Inc.) C:\Users\Ezekiel\AppData\Roaming\uTorrent\uTorrent.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\K90 Keyboard\CorsTra.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\M90 Mouse\M90Hid.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GamePanel.exe
(Valve Corporation) D:\Steam\Steam.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(BitTorrent Inc.) C:\Users\Ezekiel\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [Corsair Headset Software] => C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe [3167544 2014-02-12] (Corsair Components, Inc.)
HKLM-x32\...\Run: [Corsair laver] => C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe [1780736 2013-06-05] (Corsair Components  Inc)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Corsair Garros] => C:\Program Files (x86)\Corsair\M90 Mouse\M90Hid.exe [1769472 2013-06-05] (Corsair Components  Inc)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-04-05] (Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-05] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] wscript,
HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\...\Run: [Steam] => D:\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\...\Run: [MyComGames] => C:\Users\Ezekiel\AppData\Local\MyComGames\MyComGames.exe [4906864 2016-04-23] (MY.COM B.V.)
HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\...\Run: [DAEMON Tools Lite Automount] => I:\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd)
HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\...\Run: [CCleaner Monitoring] => I:\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\...\Run: [Discord] => C:\Users\Ezekiel\AppData\Local\Discord\app-0.0.288\Discord.exe [53430456 2016-04-21] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\...\Run: [uTorrent] => C:\Users\Ezekiel\AppData\Roaming\uTorrent\uTorrent.exe [1959424 2016-04-10] (BitTorrent Inc.)
HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\...\MountPoints2: {1228e4f4-e96e-11e5-9c02-902b345e79a5} - "J:\setup.exe" 
HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\...\MountPoints2: {68892033-f7cd-11e3-b37e-902b345e79a5} - "H:\LaunchRC.exe" 
HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\...\MountPoints2: {c138dffd-c6ac-11e5-9bf4-902b345e79a5} - "H:\setup.exe" 
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => No File
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a960cc56-c56d-4131-8ce9-7eae94e8bd3f}: [DhcpNameServer] 192.168.0.1
ManualProxies: 

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2853582556-3048126042-2602251027-1000 -> {8C099C03-698E-49C2-A480-AC1C2ADF7EC1} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> I:\Arc\Plugins\ArcPluginIE.dll [2016-02-24] (Perfect World Entertainment Inc)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-11] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> I:\Arc\Plugins\npArcPluginFF.dll [2016-02-24] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2853582556-3048126042-2602251027-1000: @my.com/Games -> C:\Users\Ezekiel\AppData\Local\MyComGames\NPMyComDetector.dll [2016-01-26] (MY.COM B.V.)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325161&octid=EB_ORIGINAL_CTID&ISID=M0CB20FBA-41F8-4578-B315-326BD77876A8&SearchSource=55&CUI=&UM=8&UP=SP486C5427-9CE6-4D02-9624-BEC9CAC9AFC2&D=042616&SSPV="
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR Profile: C:\Users\Ezekiel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ezekiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
CHR HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gflabakpdhodmhnnfechflaoadhiokmm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gflabakpdhodmhnnfechflaoadhiokmm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 ArcService; I:\Arc\ArcService.exe [88024 2016-02-24] (Perfect World Entertainment Inc)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-07-09] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-06-20] (BitRaider, LLC)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; I:\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2104840 2016-02-03] (Electronic Arts)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-04-05] (Plays.tv, LLC)
R2 Rubhetbu; C:\Users\Ezekiel\AppData\Roaming\Naevsivam\Naevsivam.exe [174944 2016-04-26] ()
S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-18] (Advanced Micro Devices)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-02-01] (BitRaider)
R3 CorsairAudioFilter; C:\Windows\system32\DRIVERS\corsveng2kamd64.sys [109912 2014-02-03] (Corsair Components, Inc.)
R3 CORSGKB; C:\Windows\system32\drivers\CORSGKB.sys [25600 2012-03-27] ( )
R3 CORSGMS; C:\Windows\system32\drivers\CORSGMS.sys [25600 2012-03-27] ( )
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-03-20] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-03-20] (Disc Soft Ltd)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [49584 2016-03-05] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [163644 2016-02-07] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 WinRing0_1_2_0; F:\Utilities\RealTemp_3.70\WinRing0x64.sys [14544 2012-04-21] (OpenLibSys.org)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-27 17:23 - 2016-04-27 17:23 - 00000000 ____D C:\FRST
2016-04-27 15:45 - 2016-04-27 15:45 - 00016148 _____ C:\WINDOWS\system32\Ezekiel-PC_Ezekiel_HistoryPrediction.bin
2016-04-26 19:52 - 2016-04-26 19:52 - 00053796 _____ C:\Users\Ezekiel\Documents\cc_20160426_195207.reg
2016-04-26 19:41 - 2016-04-27 15:46 - 00003642 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-04-26 19:30 - 2016-04-26 19:30 - 00000080 _____ C:\Users\Public\Desktop\Need for SpeedT Most Wanted.lnk
2016-04-26 19:18 - 2016-04-26 19:18 - 00000000 ____D C:\Users\Ezekiel\AppData\Roaming\MCorp
2016-04-26 19:14 - 2016-04-26 19:14 - 00000000 ____D C:\ŠÇ˜Ç
2016-04-26 19:10 - 2016-04-26 19:10 - 00000000 ____D C:\WINDOWS\system32\pecn
2016-04-26 19:09 - 2016-04-27 16:47 - 00000000 ____D C:\Users\Ezekiel\AppData\LocalLow\uTorrent
2016-04-26 19:02 - 2016-04-26 19:30 - 00000000 ____D C:\Users\Ezekiel\AppData\Local\app
2016-04-26 19:01 - 2016-04-26 19:06 - 00000360 ____H C:\WINDOWS\Tasks\OUHGDMWHLKIDWEHU.job
2016-04-26 19:01 - 2016-04-26 19:02 - 00000348 _____ C:\WINDOWS\Tasks\YFWOJEFQ1.job
2016-04-26 19:01 - 2016-04-26 19:01 - 00003436 _____ C:\WINDOWS\System32\Tasks\OUHGDMWHLKIDWEHU
2016-04-26 19:01 - 2016-04-26 19:01 - 00002916 _____ C:\WINDOWS\System32\Tasks\YFWOJEFQ1
2016-04-26 19:01 - 2016-04-26 19:01 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2016-04-26 19:01 - 2016-04-26 19:01 - 00000000 ____D C:\ProgramData\19a87fa1ec024bbcbb41931263354405
2016-04-26 18:59 - 2016-04-26 18:59 - 06494208 _____ C:\Users\Ezekiel\AppData\Roaming\agent.dat
2016-04-26 18:59 - 2016-04-26 18:59 - 01626777 _____ C:\Users\Ezekiel\AppData\Roaming\Dongstrong.tst
2016-04-26 18:59 - 2016-04-26 18:59 - 00018432 _____ C:\Users\Ezekiel\AppData\Roaming\Main.dat
2016-04-26 18:59 - 2016-04-26 18:59 - 00000000 ____D C:\Users\Ezekiel\AppData\Roaming\Mozilla
2016-04-26 18:59 - 2016-04-26 18:59 - 00000000 ____D C:\Program Files (x86)\Comodo Antivirus
2016-04-26 18:59 - 2016-04-26 18:58 - 00939008 _____ C:\Users\Ezekiel\AppData\Roaming\Dongstrong.exe
2016-04-26 18:59 - 2015-10-09 11:04 - 00020872 _____ (Phoenix Technologies) C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS
2016-04-26 18:58 - 2016-04-26 19:31 - 00000000 ____D C:\Program Files (x86)\comoBoss
2016-04-26 18:58 - 2016-04-26 18:59 - 00127488 _____ C:\Users\Ezekiel\AppData\Roaming\Installer.dat
2016-04-26 18:58 - 2016-04-26 18:58 - 00939008 _____ C:\Users\Ezekiel\AppData\Roaming\Finla.exe
2016-04-26 18:58 - 2016-04-26 18:58 - 00072717 _____ C:\Users\Ezekiel\AppData\Roaming\Finla.tst
2016-04-26 18:58 - 2016-04-26 18:58 - 00027456 _____ C:\WINDOWS\system32\Drivers\bsdpf64.sys
2016-04-26 18:58 - 2016-04-26 18:58 - 00026944 _____ C:\WINDOWS\system32\Drivers\bsdpr64.sys
2016-04-26 18:58 - 2016-04-26 18:58 - 00000000 ____D C:\Users\Ezekiel\AppData\Roaming\Naevsivam
2016-04-26 18:58 - 2016-04-26 18:58 - 00000000 ____D C:\Users\Ezekiel\AppData\Local\Tempfolder
2016-04-26 18:58 - 2016-04-26 18:58 - 00000000 ____D C:\uninst
2016-04-26 18:57 - 2016-04-26 19:26 - 00000000 ____D C:\Program Files (x86)\maintenance software
2016-04-24 20:14 - 2016-04-26 21:17 - 00000000 ____D C:\Users\Ezekiel\AppData\Roaming\discord
2016-04-24 20:14 - 2016-04-26 19:30 - 00002275 _____ C:\Users\Ezekiel\Desktop\Discord.lnk
2016-04-24 20:14 - 2016-04-24 20:14 - 00000000 ____D C:\Users\Ezekiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-04-24 20:14 - 2016-04-24 20:14 - 00000000 ____D C:\Users\Ezekiel\AppData\Local\SquirrelTemp
2016-04-24 20:14 - 2016-04-24 20:14 - 00000000 ____D C:\Users\Ezekiel\AppData\Local\Discord
2016-04-21 22:15 - 2016-04-21 22:15 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-04-21 22:08 - 2016-04-21 22:07 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2016-04-21 22:07 - 2016-04-21 22:07 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-04-17 19:19 - 2016-04-17 19:19 - 00003158 _____ C:\WINDOWS\System32\Tasks\{7B8D57F6-B4BD-4831-89A2-63B655B51D8A}
2016-04-14 22:24 - 2016-04-14 22:24 - 00000202 _____ C:\Users\Ezekiel\Desktop\Chivalry Medieval Warfare.url
2016-04-10 23:34 - 2016-04-10 23:34 - 08698821 _____ C:\Users\Ezekiel\Documents\Genie In A Bottle (Dove Cameron) Lyrics.mp4
2016-04-10 23:13 - 2016-04-10 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlaysTV
2016-03-31 21:51 - 2016-03-31 21:51 - 29092945 _____ C:\Users\Ezekiel\Documents\Avalanche City - Sunset (Lyric Video) Official.mp4
2016-03-31 21:50 - 2016-03-31 21:50 - 18833829 _____ C:\Users\Ezekiel\Documents\All Time Low - Missing You.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-27 17:22 - 2015-12-03 23:04 - 00000000 ____D C:\Users\Ezekiel\AppData\Roaming\uTorrent
2016-04-27 15:47 - 2016-03-22 17:26 - 00000000 ____D C:\Users\Ezekiel\AppData\Roaming\PlaysTV
2016-04-27 15:47 - 2015-12-03 16:46 - 00000000 ____D C:\Users\Ezekiel\AppData\Local\MyComGames
2016-04-27 15:47 - 2015-10-09 23:11 - 00000000 ____D C:\Users\Ezekiel\AppData\Roaming\Raptr
2016-04-27 15:46 - 2015-08-06 15:51 - 01018214 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-27 15:46 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2016-04-26 19:51 - 2014-06-19 21:30 - 00000000 ____D C:\Users\Ezekiel\AppData\Roaming\DAEMON Tools Lite
2016-04-26 19:48 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-26 19:48 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-26 19:48 - 2014-01-30 19:32 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-04-26 19:47 - 2016-03-05 17:00 - 00000000 ____D C:\AdwCleaner
2016-04-26 19:42 - 2015-07-04 19:20 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-26 19:30 - 2016-03-27 11:38 - 00002260 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-26 19:30 - 2016-03-27 11:38 - 00002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-26 19:30 - 2016-03-26 20:28 - 00001513 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-26 19:30 - 2016-03-26 19:43 - 00002698 _____ C:\Users\Ezekiel\Desktop\µTorrent.lnk
2016-04-26 19:30 - 2016-03-26 19:43 - 00002678 _____ C:\Users\Ezekiel\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-04-26 19:30 - 2016-03-24 12:58 - 00000715 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2016-04-26 19:30 - 2016-03-22 12:03 - 00000598 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-26 19:30 - 2016-03-21 12:44 - 00000540 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-26 19:30 - 2016-03-20 21:42 - 00001070 _____ C:\Users\Ezekiel\Desktop\Fallout 4.lnk
2016-04-26 19:30 - 2016-03-20 21:29 - 00000715 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-04-26 19:30 - 2016-03-19 20:20 - 00000724 _____ C:\Users\Public\Desktop\Neverwinter.lnk
2016-04-26 19:30 - 2016-03-19 20:20 - 00000359 _____ C:\Users\Public\Desktop\Arc.lnk
2016-04-26 19:30 - 2016-02-17 18:17 - 00001056 _____ C:\Users\Public\Desktop\Dragon Age Origins.lnk
2016-04-26 19:30 - 2016-02-02 20:45 - 00000635 _____ C:\Users\Ezekiel\Desktop\Cheat Engine.lnk
2016-04-26 19:30 - 2016-01-30 15:32 - 00000749 _____ C:\Users\Public\Desktop\Freelancer.lnk
2016-04-26 19:30 - 2015-12-26 17:11 - 00002052 _____ C:\Users\Ezekiel\Desktop\DAIModManager.exe - Shortcut.lnk
2016-04-26 19:30 - 2015-12-26 17:07 - 00000995 _____ C:\Users\Ezekiel\Desktop\DAI SuiteTools - Shortcut.lnk
2016-04-26 19:30 - 2015-12-25 19:19 - 00001032 _____ C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
2016-04-26 19:30 - 2015-12-03 16:46 - 00002127 _____ C:\Users\Ezekiel\Desktop\My.com Game Center.lnk
2016-04-26 19:30 - 2015-10-09 23:18 - 00000597 _____ C:\Users\Public\Desktop\Origin.lnk
2016-04-26 19:30 - 2015-08-06 16:05 - 00002403 _____ C:\Users\Ezekiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-26 19:30 - 2015-08-06 16:04 - 00001027 _____ C:\Users\Ezekiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2016-04-26 19:30 - 2015-08-06 15:54 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-26 19:30 - 2015-08-03 17:07 - 00000687 _____ C:\Users\Ezekiel\Desktop\Play Star Wars Republic Commando.lnk
2016-04-26 19:30 - 2015-07-09 21:23 - 00000756 _____ C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2016-04-26 19:30 - 2015-07-09 19:02 - 00000762 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-04-26 19:30 - 2015-07-04 21:12 - 00001212 _____ C:\Users\Ezekiel\Desktop\SWTFU2.exe - Shortcut.lnk
2016-04-26 19:30 - 2015-07-04 19:20 - 00000661 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-26 19:30 - 2015-06-15 18:46 - 00001173 _____ C:\Users\Ezekiel\Desktop\Windowed Fullscreen Gaming.lnk
2016-04-26 19:30 - 2015-06-13 14:39 - 00001312 _____ C:\Users\Ezekiel\Desktop\sweaw.exe - Shortcut.lnk
2016-04-26 19:30 - 2015-06-11 13:56 - 00000677 _____ C:\Users\Ezekiel\Desktop\Play Star Wars Battlefront II.lnk
2016-04-26 19:30 - 2015-06-09 21:16 - 00000827 _____ C:\Users\Ezekiel\Desktop\LOOT.lnk
2016-04-26 19:30 - 2015-06-05 13:59 - 00000827 _____ C:\Users\Ezekiel\Desktop\BOSS.lnk
2016-04-26 19:30 - 2015-05-27 14:23 - 00002152 _____ C:\Users\Public\Desktop\iohn7kyugbh6yv5tc4r3ec2evce2r4d45vftgb76k890=]-.lnk
2016-04-26 19:30 - 2015-05-27 14:23 - 00001146 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8610.lnk
2016-04-26 19:30 - 2015-05-27 14:23 - 00000954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2016-04-26 19:30 - 2015-05-24 08:01 - 00000567 _____ C:\Users\Ezekiel\Desktop\Bandicam.lnk
2016-04-26 19:30 - 2015-05-15 20:16 - 00001034 _____ C:\Users\Ezekiel\Desktop\Skyrim - Shortcut.lnk
2016-04-26 19:30 - 2015-05-12 10:04 - 00001442 _____ C:\Users\Ezekiel\Desktop\TES5Edit.lnk
2016-04-26 19:30 - 2015-04-16 15:30 - 00000764 _____ C:\Users\Ezekiel\Desktop\The Elder Scrolls Online.lnk
2016-04-26 19:30 - 2015-03-27 18:31 - 00002204 _____ C:\Users\Ezekiel\Desktop\VTP5.lnk
2016-04-26 19:30 - 2015-01-23 21:05 - 00000896 _____ C:\Users\Public\Desktop\Mass Effect 2 Deluxe Edition.lnk
2016-04-26 19:30 - 2014-10-02 16:48 - 00000749 _____ C:\Users\Ezekiel\Desktop\Middle Earth Shadow of Mordor.lnk
2016-04-26 19:30 - 2014-09-20 13:42 - 00000702 _____ C:\Users\Ezekiel\Desktop\Uplay.lnk
2016-04-26 19:30 - 2014-08-08 11:51 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-26 19:30 - 2014-07-09 15:11 - 00001304 _____ C:\Users\Ezekiel\Desktop\Star Wars Knights Of The Old Republic 2.lnk
2016-04-26 19:30 - 2014-07-09 15:11 - 00000727 _____ C:\Users\Ezekiel\Desktop\Music.lnk
2016-04-26 19:30 - 2014-05-07 16:35 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-04-26 19:30 - 2014-05-05 17:16 - 00000956 _____ C:\Users\Ezekiel\Desktop\DSIIFix.lnk
2016-04-26 19:30 - 2014-04-01 16:12 - 00001043 _____ C:\Users\Ezekiel\Desktop\Skyrim (SKSE).lnk
2016-04-26 19:30 - 2014-01-20 17:41 - 00002885 _____ C:\Users\Ezekiel\Desktop\VTP4.lnk
2016-04-26 19:30 - 2014-01-02 23:58 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2016-04-26 19:30 - 2014-01-01 19:13 - 00000625 _____ C:\Users\Public\Desktop\Steam.lnk
2016-04-26 19:30 - 2013-12-26 01:24 - 00001086 _____ C:\Users\Public\Desktop\Mass Effect 3.lnk
2016-04-26 19:30 - 2013-12-25 13:31 - 00000914 _____ C:\Users\Ezekiel\Desktop\Guild Wars 2.lnk
2016-04-26 19:29 - 2015-07-10 12:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-04-26 19:27 - 2015-07-04 10:37 - 00000000 ____D C:\Users\Ezekiel\AppData\LocalLow\Company
2016-04-26 19:10 - 2015-08-06 15:51 - 00000000 ____D C:\Users\Ezekiel
2016-04-24 20:12 - 2013-12-25 19:17 - 00000000 ____D C:\Users\Ezekiel\AppData\Roaming\TS3Client
2016-04-24 14:38 - 2013-12-25 13:26 - 00000000 ____D C:\Guild Wars 2
2016-04-24 14:07 - 2016-03-21 12:44 - 00000000 ____D C:\Users\Ezekiel\AppData\Roaming\vlc
2016-04-24 14:00 - 2015-05-19 18:12 - 00000000 ____D C:\Users\Ezekiel\Documents\The Witcher 3
2016-04-22 08:57 - 2013-12-25 12:57 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-21 22:14 - 2014-11-06 18:28 - 00000000 ____D C:\ProgramData\Oracle
2016-04-21 22:08 - 2015-07-28 18:34 - 00000000 ____D C:\Program Files\Java
2016-04-21 22:08 - 2014-11-06 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-21 22:08 - 2014-11-06 18:28 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-21 22:07 - 2015-08-29 18:19 - 00000000 ____D C:\Users\Ezekiel\.oracle_jre_usage
2016-04-21 22:07 - 2015-07-28 18:34 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-04-19 17:39 - 2015-08-06 16:05 - 00000000 ___RD C:\Users\Ezekiel\OneDrive
2016-04-18 19:43 - 2016-03-27 11:38 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-18 14:50 - 2016-03-27 11:38 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-17 21:38 - 2015-01-30 17:15 - 00000000 ____D C:\Users\Ezekiel\AppData\Roaming\Skype
2016-04-16 18:03 - 2015-01-30 17:15 - 00000000 ____D C:\ProgramData\Skype
2016-04-15 18:39 - 2016-03-24 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-04-15 18:39 - 2016-03-24 12:58 - 00000000 ____D C:\Nexus Mod Manager
2016-04-14 22:24 - 2014-01-02 23:04 - 00000000 ____D C:\Users\Ezekiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-04-01 23:36 - 2015-06-08 09:03 - 00000000 ____D C:\Users\Ezekiel\AppData\Local\LOOT
2016-03-30 14:23 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-29 14:12 - 2014-01-02 13:30 - 00000000 ____D C:\Users\Ezekiel\AppData\Local\Packages
2016-03-29 14:11 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps

==================== Files in the root of some directories =======

2015-08-29 23:26 - 2015-08-29 23:26 - 0000000 _____ () C:\Program Files\Microsoft Security Client
2015-08-29 23:26 - 2015-08-29 23:26 - 0000000 _____ () C:\Program Files (x86)\Common Files\AMD
2016-04-26 18:59 - 2016-04-26 18:59 - 6494208 _____ () C:\Users\Ezekiel\AppData\Roaming\agent.dat
2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\Ezekiel\AppData\Roaming\aVcwyxW1NErfIx7Hk
2016-04-26 18:59 - 2016-04-26 18:58 - 0939008 _____ () C:\Users\Ezekiel\AppData\Roaming\Dongstrong.exe
2016-04-26 18:59 - 2016-04-26 18:59 - 1626777 _____ () C:\Users\Ezekiel\AppData\Roaming\Dongstrong.tst
2016-04-26 18:58 - 2016-04-26 18:58 - 0939008 _____ () C:\Users\Ezekiel\AppData\Roaming\Finla.exe
2016-04-26 18:58 - 2016-04-26 18:58 - 0072717 _____ () C:\Users\Ezekiel\AppData\Roaming\Finla.tst
2016-04-26 18:58 - 2016-04-26 18:59 - 0127488 _____ () C:\Users\Ezekiel\AppData\Roaming\Installer.dat
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Ezekiel\AppData\Roaming\JVUEG
2016-04-26 18:59 - 2016-04-26 18:59 - 0018432 _____ () C:\Users\Ezekiel\AppData\Roaming\Main.dat
2014-04-22 18:07 - 2014-04-22 18:07 - 0007600 _____ () C:\Users\Ezekiel\AppData\Local\Resmon.ResmonCfg
2015-07-03 23:05 - 2015-07-03 23:05 - 0000000 _____ () C:\Users\Ezekiel\AppData\Local\Temp.dat
2015-05-27 14:22 - 2015-05-27 14:22 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-07-04 18:35 - 2015-07-04 18:35 - 0001671 _____ () C:\ProgramData\tempimage.bmp

Some files in TEMP:
====================
C:\Users\Ezekiel\AppData\Local\Temp\32VZGUAKA6.exe
C:\Users\Ezekiel\AppData\Local\Temp\A8GTGN6E6I.exe
C:\Users\Ezekiel\AppData\Local\Temp\aC3mh6mQGs.exe
C:\Users\Ezekiel\AppData\Local\Temp\amisetup6959__19333_il1.exe
C:\Users\Ezekiel\AppData\Local\Temp\K1QQL5B34S.exe
C:\Users\Ezekiel\AppData\Local\Temp\LF37L0ZQE1.exe
C:\Users\Ezekiel\AppData\Local\Temp\libeay32.dll
C:\Users\Ezekiel\AppData\Local\Temp\msvcr120.dll
C:\Users\Ezekiel\AppData\Local\Temp\PY2R5YR4LS.exe
C:\Users\Ezekiel\AppData\Local\Temp\sqlite3.dll
C:\Users\Ezekiel\AppData\Local\Temp\ynXlO2VTRo.exe
C:\Users\Ezekiel\AppData\Local\Temp\yOtGOsWOSm.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-19 16:15

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites

Thanks for those logs, continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Let me see those logs, also give an update on any remaining issues or concerns..

Thank you,

Kevin.....

Fixlist.txt

Link to post
Share on other sites

Alright I've done all you asked, Adwcleaner said that there was no malware or threats on my PC, and here are the logs from Malwarebytes, FRST and Sophos:

______________________________________________________________

Fix result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
Ran by Reece (2016-04-27 21:30:22) Run:1
Running from F:\Downloads
Loaded Profiles: Reece (Available Profiles: Reece & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Winlogon: [Userinit] wscript,
HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\...\Run: [uTorrent] => C:\Users\Ezekiel\AppData\Roaming\uTorrent\uTorrent.exe [1959424 2016-04-10] (BitTorrent Inc.)
HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\...\MountPoints2: {1228e4f4-e96e-11e5-9c02-902b345e79a5} - "J:\setup.exe" 
HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\...\MountPoints2: {68892033-f7cd-11e3-b37e-902b345e79a5} - "H:\LaunchRC.exe" 
HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\...\MountPoints2: {c138dffd-c6ac-11e5-9bf4-902b345e79a5} - "H:\setup.exe" 
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => No File
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION 
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a960cc56-c56d-4131-8ce9-7eae94e8bd3f}: [DhcpNameServer] 192.168.0.1
ManualProxies:  
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325161&octid=EB_ORIGINAL_CTID&ISID=M0CB20FBA-41F8-4578-B315-326BD77876A8&SearchSource=55&CUI=&UM=8&UP=SP486C5427-9CE6-4D02-9624-BEC9CAC9AFC2&D=042616&SSPV="
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath 
2016-04-26 19:02 - 2016-04-26 19:30 - 00000000 ____D C:\Users\Ezekiel\AppData\Local\app
2016-04-26 19:01 - 2016-04-26 19:06 - 00000360 ____H C:\WINDOWS\Tasks\OUHGDMWHLKIDWEHU.job
2016-04-26 19:01 - 2016-04-26 19:02 - 00000348 _____ C:\WINDOWS\Tasks\YFWOJEFQ1.job
2016-04-26 19:01 - 2016-04-26 19:01 - 00003436 _____ C:\WINDOWS\System32\Tasks\OUHGDMWHLKIDWEHU
2016-04-26 19:01 - 2016-04-26 19:01 - 00002916 _____ C:\WINDOWS\System32\Tasks\YFWOJEFQ1
2016-04-26 19:01 - 2016-04-26 19:01 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2016-04-26 19:01 - 2016-04-26 19:01 - 00000000 ____D C:\ProgramData\19a87fa1ec024bbcbb41931263354405
2016-04-26 18:59 - 2016-04-26 18:59 - 06494208 _____ C:\Users\Ezekiel\AppData\Roaming\agent.dat
2016-04-26 18:59 - 2016-04-26 18:59 - 01626777 _____ C:\Users\Ezekiel\AppData\Roaming\Dongstrong.tst
2016-04-26 18:59 - 2016-04-26 18:59 - 00018432 _____ C:\Users\Ezekiel\AppData\Roaming\Main.dat
2016-04-26 18:59 - 2016-04-26 18:58 - 00939008 _____ C:\Users\Ezekiel\AppData\Roaming\Dongstrong.exe
2016-04-26 18:58 - 2016-04-26 19:31 - 00000000 ____D C:\Program Files (x86)\comoBoss
2016-04-26 18:58 - 2016-04-26 18:59 - 00127488 _____ C:\Users\Ezekiel\AppData\Roaming\Installer.dat
2016-04-26 18:58 - 2016-04-26 18:58 - 00939008 _____ C:\Users\Ezekiel\AppData\Roaming\Finla.exe
2016-04-26 18:58 - 2016-04-26 18:58 - 00072717 _____ C:\Users\Ezekiel\AppData\Roaming\Finla.tst
2016-04-26 18:58 - 2016-04-26 18:58 - 00027456 _____ C:\WINDOWS\system32\Drivers\bsdpf64.sys
2016-04-26 18:58 - 2016-04-26 18:58 - 00026944 _____ C:\WINDOWS\system32\Drivers\bsdpr64.sys
2016-04-26 18:58 - 2016-04-26 18:58 - 00000000 ____D C:\Users\Ezekiel\AppData\Roaming\Naevsivam
2016-04-26 18:58 - 2016-04-26 18:58 - 00000000 ____D C:\Users\Ezekiel\AppData\Local\Tempfolder
2016-04-26 18:58 - 2016-04-26 18:58 - 00000000 ____D C:\uninst
2016-04-26 18:59 - 2016-04-26 18:59 - 6494208 _____ () C:\Users\Ezekiel\AppData\Roaming\agent.dat
2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\Ezekiel\AppData\Roaming\aVcwyxW1NErfIx7Hk
2016-04-26 18:58 - 2016-04-26 18:59 - 0127488 _____ () C:\Users\Ezekiel\AppData\Roaming\Installer.dat
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Ezekiel\AppData\Roaming\JVUEG
2016-04-26 18:59 - 2016-04-26 18:59 - 0018432 _____ () C:\Users\Ezekiel\AppData\Roaming\Main.dat
C:\Users\Ezekiel\AppData\Local\Temp\32VZGUAKA6.exe
C:\Users\Ezekiel\AppData\Local\Temp\A8GTGN6E6I.exe
C:\Users\Ezekiel\AppData\Local\Temp\aC3mh6mQGs.exe
C:\Users\Ezekiel\AppData\Local\Temp\amisetup6959__19333_il1.exe
C:\Users\Ezekiel\AppData\Local\Temp\K1QQL5B34S.exe
C:\Users\Ezekiel\AppData\Local\Temp\LF37L0ZQE1.exe
C:\Users\Ezekiel\AppData\Local\Temp\libeay32.dll
C:\Users\Ezekiel\AppData\Local\Temp\msvcr120.dll
C:\Users\Ezekiel\AppData\Local\Temp\PY2R5YR4LS.exe
C:\Users\Ezekiel\AppData\Local\Temp\sqlite3.dll
C:\Users\Ezekiel\AppData\Local\Temp\ynXlO2VTRo.exe
C:\Users\Ezekiel\AppData\Local\Temp\yOtGOsWOSm.exe
Task: {014233FD-0DA6-4062-9EFE-C3BAF8BE10BF} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {049289B0-6EE1-439F-88EA-C10D19510B00} - no filepath
Task: {10F428E3-1759-40FE-A07E-C73A6985CCA2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1B61EDCA-6764-4576-A581-5B9F3F7952F5} - System32\Tasks\YFWOJEFQ1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {1E268BCA-451F-46AF-A86C-A321EB81B262} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3662DAB9-0A05-46BA-86DA-D81791872ACE} - \globalUpdateUpdateTaskMachineCore1d0b5db6bf3e742 -> No File <==== ATTENTION
Task: {5580B6B1-90E3-432F-B02C-7E922B2C3AA7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {581114C8-A82F-453C-A075-625063231F6B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {603E3A1F-EA65-49C0-A327-65315AFBE364} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {66B86FA1-9754-41AA-B760-703E6085809A} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {6C7EFD62-F6F7-4503-B892-47C4F80263ED} - \NNJUS1 -> No File <==== ATTENTION
Task: {6C9B184A-FA23-41C8-B6D1-0CCDB2857649} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6F9550CC-B48A-4BCF-AB41-33DBD53698BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7D330E00-5C55-4AAA-B1E0-042B599B973A} - System32\Tasks\OUHGDMWHLKIDWEHU => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {80A3B1A0-3A8A-4810-9BAE-6CE3731B90A3} - \Bidaily Synchronize Task[8da6] -> No File <==== ATTENTION
Task: {80A732B9-E03E-44F5-BCF3-FF45E06DCE32} - \{080C7F47-0C0D-0D0F-7E11-057F7F7F110B} -> No File <==== ATTENTION
Task: {8E323E05-36F1-4C3A-892A-B8811BD85682} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {ACA2AB9A-CF2E-4011-A91C-535B7CE81275} - System32\Tasks\JVUEG => C:\Users\Ezekiel\AppData\Roaming\JVUEG.exe <==== ATTENTION
Task: {E8FBFD14-4EB1-4D2E-A421-DD199AC90C1D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E9CF10A1-0F6E-48DB-8DE9-2FB88840F6CB} - \DriverRestore_ScheduledScan -> No File <==== ATTENTION
Task: {EF80094C-E151-4A02-8250-949A6BE2A320} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FDFE7AEA-172F-4517-91A5-CCFCF7842ABE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\aVcwyxW1NErfIx7Hk.job => C:\Users\Ezekiel\AppData\Roaming\aVcwyxW1NErfIx7Hk.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\JVUEG.job => C:\Users\Ezekiel\AppData\Roaming\JVUEG.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\OUHGDMWHLKIDWEHU.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\YFWOJEFQ1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
C:\ProgramData\FlashBeat
016-04-26 17:28 - 2016-04-26 17:28 - 00673120 _____ () C:\Users\Ezekiel\AppData\Roaming\Naevsivam\Cajjheowi.dll
2016-04-26 17:28 - 2016-04-26 17:28 - 00116576 _____ () C:\Users\Ezekiel\AppData\Roaming\Naevsivam\Nucavy.exe
2016-04-26 17:28 - 2016-04-26 17:28 - 00148320 _____ () C:\Users\Ezekiel\AppData\Roaming\Naevsivam\Cajjheowi.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"
CMD: ipconfig /flushdns
RemoveProxy:
Hosts:
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value removed successfully
"HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1228e4f4-e96e-11e5-9c02-902b345e79a5}" => key removed successfully
HKCR\CLSID\{1228e4f4-e96e-11e5-9c02-902b345e79a5} => key not found. 
"HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68892033-f7cd-11e3-b37e-902b345e79a5}" => key removed successfully
HKCR\CLSID\{68892033-f7cd-11e3-b37e-902b345e79a5} => key not found. 
"HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c138dffd-c6ac-11e5-9bf4-902b345e79a5}" => key removed successfully
HKCR\CLSID\{c138dffd-c6ac-11e5-9bf4-902b345e79a5} => key not found. 
"C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL" => Value data removed successfully.
"C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL" => Value data removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a960cc56-c56d-4131-8ce9-7eae94e8bd3f}\\DhcpNameServer => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
Chrome StartupUrls => removed successfully
idsvc => service removed successfully
wfpcapture => service removed successfully
wpcsvc => service removed successfully
"C:\Users\Ezekiel\AppData\Local\app" => not found.
C:\WINDOWS\Tasks\OUHGDMWHLKIDWEHU.job => moved successfully
C:\WINDOWS\Tasks\YFWOJEFQ1.job => moved successfully
C:\WINDOWS\System32\Tasks\OUHGDMWHLKIDWEHU => moved successfully
C:\WINDOWS\System32\Tasks\YFWOJEFQ1 => moved successfully
C:\ProgramData\28341ff220e0446c9fff27c4493d622e => moved successfully
C:\ProgramData\19a87fa1ec024bbcbb41931263354405 => moved successfully
"C:\Users\Ezekiel\AppData\Roaming\agent.dat" => not found.
"C:\Users\Ezekiel\AppData\Roaming\Dongstrong.tst" => not found.
"C:\Users\Ezekiel\AppData\Roaming\Main.dat" => not found.
"C:\Users\Ezekiel\AppData\Roaming\Dongstrong.exe" => not found.
C:\Program Files (x86)\comoBoss => moved successfully
"C:\Users\Ezekiel\AppData\Roaming\Installer.dat" => not found.
"C:\Users\Ezekiel\AppData\Roaming\Finla.exe" => not found.
"C:\Users\Ezekiel\AppData\Roaming\Finla.tst" => not found.
C:\WINDOWS\system32\Drivers\bsdpf64.sys => moved successfully
C:\WINDOWS\system32\Drivers\bsdpr64.sys => moved successfully
"C:\Users\Ezekiel\AppData\Roaming\Naevsivam" => not found.
"C:\Users\Ezekiel\AppData\Local\Tempfolder" => not found.
C:\uninst => moved successfully
"C:\Users\Ezekiel\AppData\Roaming\agent.dat" => not found.
"C:\Users\Ezekiel\AppData\Roaming\aVcwyxW1NErfIx7Hk" => not found.
"C:\Users\Ezekiel\AppData\Roaming\Installer.dat" => not found.
"C:\Users\Ezekiel\AppData\Roaming\JVUEG" => not found.
"C:\Users\Ezekiel\AppData\Roaming\Main.dat" => not found.
"C:\Users\Ezekiel\AppData\Local\Temp\32VZGUAKA6.exe" => not found.
"C:\Users\Ezekiel\AppData\Local\Temp\A8GTGN6E6I.exe" => not found.
"C:\Users\Ezekiel\AppData\Local\Temp\aC3mh6mQGs.exe" => not found.
"C:\Users\Ezekiel\AppData\Local\Temp\amisetup6959__19333_il1.exe" => not found.
"C:\Users\Ezekiel\AppData\Local\Temp\K1QQL5B34S.exe" => not found.
"C:\Users\Ezekiel\AppData\Local\Temp\LF37L0ZQE1.exe" => not found.
"C:\Users\Ezekiel\AppData\Local\Temp\libeay32.dll" => not found.
"C:\Users\Ezekiel\AppData\Local\Temp\msvcr120.dll" => not found.
"C:\Users\Ezekiel\AppData\Local\Temp\PY2R5YR4LS.exe" => not found.
"C:\Users\Ezekiel\AppData\Local\Temp\sqlite3.dll" => not found.
"C:\Users\Ezekiel\AppData\Local\Temp\ynXlO2VTRo.exe" => not found.
"C:\Users\Ezekiel\AppData\Local\Temp\yOtGOsWOSm.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{014233FD-0DA6-4062-9EFE-C3BAF8BE10BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{014233FD-0DA6-4062-9EFE-C3BAF8BE10BF}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{049289B0-6EE1-439F-88EA-C10D19510B00}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{049289B0-6EE1-439F-88EA-C10D19510B00}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10F428E3-1759-40FE-A07E-C73A6985CCA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10F428E3-1759-40FE-A07E-C73A6985CCA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1B61EDCA-6764-4576-A581-5B9F3F7952F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B61EDCA-6764-4576-A581-5B9F3F7952F5}" => key removed successfully
C:\WINDOWS\System32\Tasks\YFWOJEFQ1 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YFWOJEFQ1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1E268BCA-451F-46AF-A86C-A321EB81B262}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E268BCA-451F-46AF-A86C-A321EB81B262}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3662DAB9-0A05-46BA-86DA-D81791872ACE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3662DAB9-0A05-46BA-86DA-D81791872ACE}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore1d0b5db6bf3e742 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5580B6B1-90E3-432F-B02C-7E922B2C3AA7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5580B6B1-90E3-432F-B02C-7E922B2C3AA7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{581114C8-A82F-453C-A075-625063231F6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{581114C8-A82F-453C-A075-625063231F6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{603E3A1F-EA65-49C0-A327-65315AFBE364}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{603E3A1F-EA65-49C0-A327-65315AFBE364}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66B86FA1-9754-41AA-B760-703E6085809A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66B86FA1-9754-41AA-B760-703E6085809A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6C7EFD62-F6F7-4503-B892-47C4F80263ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C7EFD62-F6F7-4503-B892-47C4F80263ED}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NNJUS1 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C9B184A-FA23-41C8-B6D1-0CCDB2857649}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C9B184A-FA23-41C8-B6D1-0CCDB2857649}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F9550CC-B48A-4BCF-AB41-33DBD53698BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F9550CC-B48A-4BCF-AB41-33DBD53698BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7D330E00-5C55-4AAA-B1E0-042B599B973A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D330E00-5C55-4AAA-B1E0-042B599B973A}" => key removed successfully
C:\WINDOWS\System32\Tasks\OUHGDMWHLKIDWEHU => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OUHGDMWHLKIDWEHU" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80A3B1A0-3A8A-4810-9BAE-6CE3731B90A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80A3B1A0-3A8A-4810-9BAE-6CE3731B90A3}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[8da6] => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80A732B9-E03E-44F5-BCF3-FF45E06DCE32}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80A732B9-E03E-44F5-BCF3-FF45E06DCE32}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{080C7F47-0C0D-0D0F-7E11-057F7F7F110B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E323E05-36F1-4C3A-892A-B8811BD85682}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E323E05-36F1-4C3A-892A-B8811BD85682}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ACA2AB9A-CF2E-4011-A91C-535B7CE81275}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACA2AB9A-CF2E-4011-A91C-535B7CE81275}" => key removed successfully
C:\WINDOWS\System32\Tasks\JVUEG => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JVUEG" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8FBFD14-4EB1-4D2E-A421-DD199AC90C1D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8FBFD14-4EB1-4D2E-A421-DD199AC90C1D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9CF10A1-0F6E-48DB-8DE9-2FB88840F6CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9CF10A1-0F6E-48DB-8DE9-2FB88840F6CB}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverRestore_ScheduledScan => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF80094C-E151-4A02-8250-949A6BE2A320}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF80094C-E151-4A02-8250-949A6BE2A320}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FDFE7AEA-172F-4517-91A5-CCFCF7842ABE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDFE7AEA-172F-4517-91A5-CCFCF7842ABE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
C:\WINDOWS\Tasks\aVcwyxW1NErfIx7Hk.job => moved successfully
C:\WINDOWS\Tasks\JVUEG.job => moved successfully
C:\WINDOWS\Tasks\OUHGDMWHLKIDWEHU.job => not found.
C:\WINDOWS\Tasks\YFWOJEFQ1.job => not found.
"C:\ProgramData\FlashBeat" => not found.
016-04-26 17:28 - 2016-04-26 17:28 - 00673120 _____ () C:\Users\Ezekiel\AppData\Roaming\Naevsivam\Cajjheowi.dll => Error: No automatic fix found for this entry.
"C:\Users\Ezekiel\AppData\Roaming\Naevsivam\Nucavy.exe" => not found.
"C:\Users\Ezekiel\AppData\Roaming\Naevsivam\Cajjheowi.exe" => not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\zdwfp" => key removed successfully

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2853582556-3048126042-2602251027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 672.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:30:32 ====

______________________________________________________________

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 04/27/16
Scan Time: 9:35 PM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.27.07
Rootkit Database: v2016.04.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Ezekiel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 469685
Time Elapsed: 15 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Adware.PennyBee, C:\Users\Ezekiel\AppData\Roaming\Naevsivam\Naevsivam.exe, 2228, Delete-on-Reboot, [14bfcce7dabf270fa257f83a659d966a]

Modules: 0
(No malicious items detected)

Registry Keys: 1
Adware.PennyBee, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Rubhetbu, Quarantined, [14bfcce7dabf270fa257f83a659d966a], 

Registry Values: 0
(No malicious items detected)

Registry Data: 1
Hijack.UserInit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, wscript,, Good: (userinit.exe), Bad: (wscript,),Replaced,[c90a1a994e4b8fa789c7c6860ef7e21e]

Folders: 0
(No malicious items detected)

Files: 1
Adware.PennyBee, C:\Users\Ezekiel\AppData\Roaming\Naevsivam\Naevsivam.exe, Delete-on-Reboot, [14bfcce7dabf270fa257f83a659d966a], 

Physical Sectors: 0
(No malicious items detected)


(end)

____________________________________________

 

2016-04-27 21:08:31.151    Sophos Virus Removal Tool version 2.5.5
2016-04-27 21:08:31.151    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-04-27 21:08:31.151    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-04-27 21:08:31.151    Windows version 6.2 SP 0.0  build 9200 SM=0x100 PT=0x1 WOW64
2016-04-27 21:08:31.152    Checking for updates...
2016-04-27 21:08:31.157    Update progress: proxy server not available
2016-04-27 21:08:37.121    Downloading updates...
2016-04-27 21:08:37.124    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-04-27 21:08:37.124    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-04-27 21:08:37.124    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-04-27 21:08:37.124    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-04-27 21:08:37.124    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-04-27 21:08:37.124    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-04-27 21:08:37.124    Update progress: [I19463] Syncing product SAVIW32 70
2016-04-27 21:08:37.535    Option all = no
2016-04-27 21:08:37.535    Option recurse = yes
2016-04-27 21:08:37.535    Option archive = no
2016-04-27 21:08:37.535    Option service = yes
2016-04-27 21:08:37.535    Option confirm = yes
2016-04-27 21:08:37.535    Option sxl = yes
2016-04-27 21:08:37.536    Option max-data-age = 35
2016-04-27 21:08:37.536    Option EnableSafeClean = yes
2016-04-27 21:08:38.846    Option vdl-logging = yes
2016-04-27 21:08:38.848    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-04-27 21:08:38.848    Machine ID:    9c447da5d4b546c39753235610ca1ab0
2016-04-27 21:08:38.848    Component SVRTcli.exe version 2.5.5
2016-04-27 21:08:38.848    Component control.dll version 2.5.5
2016-04-27 21:08:38.849    Component SVRTservice.exe version 2.5.5
2016-04-27 21:08:38.849    Component engine\osdp.dll version 1.44.1.2250
2016-04-27 21:08:38.849    Component engine\veex.dll version 3.65.0.2250
2016-04-27 21:08:38.849    Component engine\savi.dll version 9.0.1.2250
2016-04-27 21:08:38.849    Component rkdisk.dll version 1.5.30.0
2016-04-27 21:08:38.849    Version info:    Product version    2.5.5
2016-04-27 21:08:38.849    Version info:    Detection engine    3.65.0
2016-04-27 21:08:38.849    Version info:    Detection data    5.26
2016-04-27 21:08:38.849    Version info:    Build date    05/04/2016
2016-04-27 21:08:38.849    Version info:    Data files added    236
2016-04-27 21:08:38.849    Version info:    Last successful update    (not yet updated)
2016-04-27 21:08:40.193    Update progress: [I19463] Syncing product IDE527 142
2016-04-27 21:08:40.370    Installing updates...
2016-04-27 21:08:40.974    Error level 1
2016-04-27 21:08:40.997    Update progress: [I19463] Syncing product IDE528 97
2016-04-27 21:08:40.997    Update progress: [I19463] Syncing product IDE529 1
2016-04-27 21:08:43.838    Update successful
2016-04-27 21:08:49.456    Option all = no
2016-04-27 21:08:49.456    Option recurse = yes
2016-04-27 21:08:49.456    Option archive = no
2016-04-27 21:08:49.456    Option service = yes
2016-04-27 21:08:49.456    Option confirm = yes
2016-04-27 21:08:49.456    Option sxl = yes
2016-04-27 21:08:49.457    Option max-data-age = 35
2016-04-27 21:08:49.458    Option EnableSafeClean = yes
2016-04-27 21:08:49.713    Option vdl-logging = yes
2016-04-27 21:08:49.715    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-04-27 21:08:49.715    Machine ID:    9c447da5d4b546c39753235610ca1ab0
2016-04-27 21:08:49.715    Component SVRTcli.exe version 2.5.5
2016-04-27 21:08:49.716    Component control.dll version 2.5.5
2016-04-27 21:08:49.716    Component SVRTservice.exe version 2.5.5
2016-04-27 21:08:49.716    Component engine\osdp.dll version 1.44.1.2250
2016-04-27 21:08:49.716    Component engine\veex.dll version 3.65.0.2250
2016-04-27 21:08:49.716    Component engine\savi.dll version 9.0.1.2250
2016-04-27 21:08:49.716    Component rkdisk.dll version 1.5.30.0
2016-04-27 21:08:49.716    Version info:    Product version    2.5.5
2016-04-27 21:08:49.716    Version info:    Detection engine    3.65.0
2016-04-27 21:08:49.716    Version info:    Detection data    5.26
2016-04-27 21:08:49.716    Version info:    Build date    05/04/2016
2016-04-27 21:08:49.716    Version info:    Data files added    236
2016-04-27 21:08:49.716    Version info:    Last successful update    27/04/2016 22:08:43

2016-04-27 21:14:32.547    Could not open C:\hiberfil.sys
2016-04-27 21:17:42.808    Could not open C:\swapfile.sys
2016-04-27 21:17:42.835    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-27 21:17:42.835    Could not open C:\System Volume Information\{7383e577-0bdf-11e6-9c17-902b345e79a5}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-04-27 21:17:48.959    Could not open C:\Users\Ezekiel\AppData\Local\Google\Chrome\User Data\Default\Current Session
2016-04-27 21:17:48.959    Could not open C:\Users\Ezekiel\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2016-04-27 21:19:27.566    >>> Virus 'Mal/Generic-S' found in file C:\Users\Ezekiel\AppData\Roaming\Naevsivam\Nucavy.dll
2016-04-27 21:19:30.253    >>> Virus 'Mal/Generic-S' found in file C:\Users\Ezekiel\AppData\Roaming\Naevsivam\Nucavy.exe
2016-04-27 21:19:57.710    >>> Virus 'Mal/Generic-S' found in file C:\Users\Ezekiel\Documents\Witcher 2\witcher2trainer_310_RETAIL_desktop.exe\FILE:0000
2016-04-27 21:19:57.710    Disinfection not offered
2016-04-27 21:19:57.939    >>> Virus 'Mal/Generic-S' found in file C:\Users\Ezekiel\Documents\Witcher 2\witcher2trainer_310_RETAIL_laptop.exe\FILE:0000
2016-04-27 21:19:57.939    Disinfection not offered
2016-04-27 21:22:01.881    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-04-27 21:22:01.882    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-04-27 21:22:02.911    Could not open C:\Windows\System32\config\BBI
2016-04-27 21:22:02.925    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-04-27 21:22:02.926    Could not open C:\Windows\System32\config\RegBack\SAM
2016-04-27 21:22:02.926    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-04-27 21:22:02.927    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-04-27 21:22:02.927    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-04-27 21:40:59.416    Could not open E:\Boot\BCD
2016-04-27 21:41:28.334    >>> Virus 'Mal/Generic-S' found in file F:\Downloads\adobe_flash_setup-26172412.exe
2016-04-27 21:42:38.474    >>> Virus 'Mal/EncPk-OJ' found in file F:\Guildwars\ksmod.dll
2016-04-27 22:07:03.233    Could not open LOGICAL:0007:00000000
2016-04-27 22:07:03.233    Could not open H:\
2016-04-27 22:08:55.006    Could not open I:\pagefile.sys
2016-04-27 22:10:48.507    Could not open PHYSICAL:0083:0000:0000:0001
2016-04-27 22:10:48.508    The following items will be cleaned up:
2016-04-27 22:10:48.508    Mal/Generic-S
2016-04-27 22:10:48.508    Mal/EncPk-OJ
2016-04-27 22:10:48.508    Mal/Generic-S
2016-04-27 22:10:48.508    Mal/Generic-S
 




 

Link to post
Share on other sites

3 hours ago, kevinf80 said:

Does your system now boot correctly? do you have any remaining issues or concerns?

It seems to be working now, thank you very much for your help! There are no real other issues I've found, so everything seems perfect atm, I appreciate it, as Windows 10 had System Restore off by default, which is usually my recourse when something like this happens - now it appears there's no need for it, which is brilliant.

Link to post
Share on other sites

Thanks for the update, System Restore should enabled at your earliest convenience, is a bad idea to leave or have it disabled...

Type or copy/paste system protection into the search option on system tray, Click on create a restore point, then click on Configure, then select Turn on System Restore. Set usage at about 5%... Click apply then ok....

I prefer to use a third party system restore program by Tweaking.com, instructions follow...

Tweaking.com Registry Backup
 
  • Download Tweaking.com Registry Backup from Here, and save tweaking.com_registry_backup_portable.zip to your desktop.
  • Now we need to create a new folder to extract the zipped contents into. Right click on the zipped folder you just downloaded and select "Extract All".
  • Click the "Browse" button and from the list, expand "Computer", then expand "Windows (C:)", and click the "Make New Folder" button.
  • Call this folder something you will remember...like "RegBackup" then click "Ok", and then click "Extract".
  • From the newly extracted files, right click on hPxdDvj.png and select Run as Administrator (XP users just double click) to start Tweaking.com Registry Backup.(Windows Vista/7/8/10 users: Accept UAC warning if it is enabled.)
  • A screen like this should appear:60piPeq.png
  • Type a custom name in Backup Name if you want, then choose Backup Now.
  • If backup is successful, a message will appear at the lower half of the screen with an option to view logs.
  • The registry backup will be created in %WindowsDrive%\RegBackup by default. You can customize the path in Settings.
  • Close Tweaking.com Registry Backup when done.


==================================================

Restore backup with Tweaking.com Registry Backup
 
  • Save your work and close all open windows before proceeding.
  • Please reopen user posted image from its folder.
  • When the main window appears, choose Restore Registry at the top.
  • Click the white bar next to Select Backup to Restore and select the backup made earlier.mm6dEx7.png
  • Place a checkmark in Restart/Shutdown System When Finished, and choose Restart System.
  • Ensure that all files are checkmarked, then click Restore Now. When prompted to confirm, click Yes.
  • Tweaking.com Registry Backup will reboot the computer when it finished restoring the registry.

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.