Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected with Some form of Nasty ??

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Infected with Some form of Nasty ??

Unread postby Mustang066347 » August 1st, 2015, 11:49 pm

Hire Firefly

I did download that slimware program to update some drivers a year or so ago - cant say I use it that much anymore. If it needs to go, it can go.

I could not complete the Malwarebytes' Anti-Malware step - there is nothing in the quarantine file ?

I can find those 3 files in the scan tab - but the only option it gives me is to remove them - I wasnt sure that is what you wanted so I did not do it.

I have tried to attach a screen dump of the screen I am looking at.

Here are the 2 virus scans as requsted. - the 2nd file you asked me to scan ending in divx.exe I cannot find to load into the webnsite - i ssupect i has somthing to do with whatever i should be doing with Malwarebytes'.

https://www.virustotal.com/en/file/eb0a ... 438486927/

https://www.virustotal.com/en/file/376f ... 438486830/
You do not have the required permissions to view the files attached to this post.
Mustang066347
Regular Member
 
Posts: 24
Joined: December 26th, 2014, 2:05 am
Advertisement
Register to Remove

Re: Infected with Some form of Nasty ??

Unread postby Firefly » August 2nd, 2015, 12:16 am

Thank you for letting me know about slimware. It is up to you whether to keep it. We tend to find they create more problems than they resolve.

Regarding MBAM (and anything else) it is critical that you follow my instructions very closely. I don't know if you ran another scan or not, but that was not what was needed. Were you able to look in the quarantine tab under history? To restore those files:

1. Go to the history tab at the top of the screen (far right). You will see the words "Dashboard" "Scan" "Settings" and "History". Please just click on history
2. You will THEN see a quarantine tab on the left side of the screen.

From there, please follow my previous post. If you still are having trouble, let me know.

I know its easy to see a familiar program or tool and just run through it as you typically do. We often use some more advanced capabilities of these tools, so please double check to be sure of what we are trying to get done. No harm done in this case, but please be as precise as possible and if you have any questions or don't see or understand something - just ask. I am always happy to walk you through something.

If you did go to the history tab and there was nothing under quarantine, please let me know.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Infected with Some form of Nasty ??

Unread postby Mustang066347 » August 3rd, 2015, 5:24 am

Hi Firefly

Sorry for the mess up - I have never used this program before just couldn’t find anything there when I checked last night - I did not run another scan.

I checked tonight where you indicated and only 2 of the files exist. (Photo attached) I did check them both and hit restore - I worked and one did not - another photo attached.

The one that did work was the one missing file from last night so I have run the virus check on it. The URL that it returned with is not like the others - so I screen dumped it as well.

I am happy to delete slimware if you let me know how. Is it just in programs again like the others?

Hope this puts us back on track.

Paul
You do not have the required permissions to view the files attached to this post.
Mustang066347
Regular Member
 
Posts: 24
Joined: December 26th, 2014, 2:05 am

Re: Infected with Some form of Nasty ??

Unread postby Firefly » August 3rd, 2015, 11:55 am

Paul –

I am able to see what I need from your pictures. Good job. I need to confirm some of the specifics of the virus you have, so please do the following:

FRST Scan

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Infected with Some form of Nasty ??

Unread postby Mustang066347 » August 4th, 2015, 5:10 am

Hi Firef;y

2 logs as requested - FRST first

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by Kerlin (administrator) on KERLIN-LAPTOP (04-08-2015 19:05:38)
Running from C:\Users\Kerlin\Desktop
Loaded Profiles: Kerlin (Available Profiles: Kerlin & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hefei Hejunzhengce Info Tech Co., Ltd.) C:\Program Files (x86)\Windows Audio\R1\AudioSrv.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\SABnzbd\SABnzbd.exe
() C:\Program Files\Serviio\bin\ServiioConsole.exe
(http://www.ruby-lang.org/) C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\bin\rubyw.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(http://www.ruby-lang.org/) C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\bin\rubyw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\pia_manager\openvpn.exe
(Microsoftware) C:\Program Files (x86)\Internet Explorer 11\iexplorer.exe
(Microsoftware) C:\Program Files (x86)\Internet Explorer 11\iexplorer.exe
(Microsoftware) C:\Program Files (x86)\Internet Explorer 11\iexplorer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-11-01] (Intel(R) Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-20] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-06] (Avast Software s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2429091067-2142817945-3690742074-1000\...\Run: [bitsager] => C:\Users\Kerlin\AppData\Roaming\adtshlEx.exe [275696 2015-07-09] (Filtro In Rame)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2014-01-11]
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2012-10-08]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\Users\Kerlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-04-21]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kerlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk [2015-06-07]
ShortcutTarget: SABnzbd.lnk -> C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
Startup: C:\Users\Kerlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk [2012-07-23]
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-24] (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2429091067-2142817945-3690742074-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2429091067-2142817945-3690742074-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.firstshowing.net/
http://www.firstshowing.net/category/starwars/
http://www.v8supercar.com.au/
https://kat.ph/
http://www.autogate.com.au/
HKU\S-1-5-21-2429091067-2142817945-3690742074-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2429091067-2142817945-3690742074-1000 -> {135D64EC-4B5A-47F4-85ED-7EDA758026BB} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=lbar
SearchScopes: HKU\S-1-5-21-2429091067-2142817945-3690742074-1000 -> {2E737BA2-0293-4C3E-A074-83D4151AA669} URL = http://search.us.com/serp?guid={07443993-C6FB-4891-8752-942F6182D233}&k={searchTerms}
SearchScopes: HKU\S-1-5-21-2429091067-2142817945-3690742074-1000 -> {4790D5F0-656C-41E9-9681-BA49B6DA6506} URL = https://au.search.yahoo.com/search?fr=c ... =994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2429091067-2142817945-3690742074-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-24] (Avast Software s.r.o.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-20] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: news.net -> {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} -> C:\Program Files\BreakingNews\x64\ScriptHost.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-24] (Avast Software s.r.o.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-20] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2429091067-2142817945-3690742074-1000 -> No Name - {B0413D78-327A-4F9F-86AC-E872D7FE86F9} - No File
DPF: HKLM-x32 {1EAF0371-58DE-479D-95F0-8888F82FBDB7} http://auweb.liveblockauctions.com/v5/i ... uncher.cab
DPF: HKLM-x32 {298BFFEE-662D-11D5-ADAF-00E0810232D7} http://videocast.manheim.com.au/lib/LiveSound.dll
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://www.kaboodleplanner.com.au/Core/ ... _Win32.cab
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{110F5F90-DFD5-4971-8001-2E1C295F5F96}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{ADF488E0-B83E-44A6-A3D3-CE1B38D31698}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{FD0E44EB-0910-47F0-9A2C-CF61164C4E90}: [DhcpNameServer] 209.222.18.222 209.222.18.218
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer 11\iexplorer.exe

FireFox:
========
FF ProfilePath: C:\Users\Kerlin\AppData\Roaming\Mozilla\Firefox\Profiles\y5yjqdqe.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://au.search.yahoo.com/search?fr=g ... =994519&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF SearchPlugin: C:\Users\Kerlin\AppData\Roaming\Mozilla\Firefox\Profiles\y5yjqdqe.default\searchplugins\yahoo_ff.xml [2015-06-22]
FF Extension: LAILoader - C:\Users\Kerlin\AppData\Roaming\Mozilla\Firefox\Profiles\y5yjqdqe.default\Extensions\lailo@liveblockauctions.com [2015-04-15]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-23]

Chrome:
=======
CHR Profile: C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-09]
CHR Extension: (Docs) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-30]
CHR Extension: (Google Drive) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-30]
CHR Extension: (YouTube) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-30]
CHR Extension: (Google Search) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-30]
CHR Extension: (Box Rock) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbpjlglfgfbjmoimmpkjjbkodjcddek [2014-12-25]
CHR Extension: (Google Sheets) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-09]
CHR Extension: (Google Wallet) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
CHR Extension: (Gmail) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-30]
CHR Profile: C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Video Downloader professional) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-03-22]
CHR Extension: (Avast SafePrice) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-01-29]
CHR Extension: (CouchPotato) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jochingjncojldfclaicaomboafaiong [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-24] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-04-24] (Avast Software)
R2 HPSLPSVC; C:\Users\Kerlin\AppData\Local\Temp\7zS0B29\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2000-01-01] (Realtek Semiconductor)
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2015-03-21] () [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [130048 2010-01-21] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 WinAudioSrv_R1; C:\Program Files (x86)\Windows Audio\R1\AudioSrv.exe [4024920 2015-04-07] (Hefei Hejunzhengce Info Tech Co., Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 ackaxfnrcw32; C:\Program Files\010\ackaxfnrcw32.exe run options=00100010100000000000000000000000 source=D2D41557-698B-4E0B-8AD2-7EC2A2E45321 [X]
S2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [X]
S3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [X]
S4 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [X]
S4 xTjKDRcFDB; "C:\ProgramData\uXxpPZKaGR\xTjKDRcFDB.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-24] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-24] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-24] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-24] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2000-01-01] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-24] (Avast Software)
S3 cpuz134; \??\C:\Users\Kerlin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]
S1 wpnfd_1_10_0_1; system32\drivers\wpnfd_1_10_0_1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-04 19:05 - 2015-08-04 19:06 - 00023282 _____ C:\Users\Kerlin\Desktop\FRST.txt
2015-08-04 19:05 - 2015-08-04 19:05 - 00000000 ____D C:\FRST
2015-08-04 19:04 - 2015-08-04 19:04 - 02169856 _____ (Farbar) C:\Users\Kerlin\Desktop\FRST64.exe
2015-08-02 13:24 - 2015-08-02 13:24 - 01782870 _____ C:\Users\Kerlin\Desktop\desktop.bmp
2015-08-01 15:01 - 2015-08-01 15:01 - 00453447 _____ C:\Users\Kerlin\Desktop\mbam.txt
2015-08-01 14:03 - 2015-08-03 19:18 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-01 14:03 - 2015-08-01 14:06 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-01 14:03 - 2015-08-01 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-01 14:02 - 2015-08-01 14:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-01 14:02 - 2015-08-01 14:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-01 14:02 - 2015-06-18 08:52 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-01 14:02 - 2015-06-18 08:52 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-01 14:02 - 2015-06-18 08:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-01 14:01 - 2015-08-01 14:01 - 00006738 _____ C:\Users\Kerlin\Desktop\AdwCleaner[R1].txt
2015-08-01 13:31 - 2015-08-01 13:32 - 21547816 _____ (Malwarebytes Corporation ) C:\Users\Kerlin\Desktop\mbam-setup.exe
2015-08-01 13:28 - 2015-08-01 13:29 - 02248704 _____ C:\Users\Kerlin\Desktop\adwcleaner_4.208.exe
2015-07-31 18:00 - 2015-07-31 18:00 - 00001638 _____ C:\Users\Kerlin\Desktop\ckfiles.txt
2015-07-31 17:29 - 2015-07-31 17:29 - 00000000 ____D C:\MGADiagToolOutput
2015-07-31 17:28 - 2015-07-31 17:28 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2015-07-31 17:27 - 2015-07-31 17:27 - 02031992 _____ (Microsoft Corporation) C:\Users\Kerlin\Desktop\MGADiag.exe
2015-07-31 17:27 - 2015-07-31 17:27 - 00468480 _____ () C:\Users\Kerlin\Desktop\CKScanner.exe
2015-07-28 20:27 - 2015-07-28 20:27 - 00024506 _____ C:\Users\Kerlin\Desktop\dds.txt
2015-07-28 20:27 - 2015-07-28 20:27 - 00009524 _____ C:\Users\Kerlin\Desktop\attach.txt
2015-07-28 20:17 - 2015-07-28 20:17 - 00000207 _____ C:\Windows\tweaking.com-regbackup-KERLIN-LAPTOP-Windows-7-Professional-(64-bit).dat
2015-07-28 20:14 - 2015-07-28 20:14 - 00000000 ____D C:\RegBackup
2015-07-28 20:13 - 2015-07-28 20:13 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-07-28 20:13 - 2015-07-28 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-07-28 20:13 - 2015-07-28 20:13 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-07-28 20:11 - 2015-07-28 20:12 - 04720448 _____ C:\Users\Kerlin\Downloads\tweaking.com_registry_backup_setup.exe
2015-07-27 21:54 - 2015-08-01 13:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-26 15:52 - 2015-07-26 15:52 - 00688992 _____ (Swearware) C:\Users\Kerlin\Downloads\dds (4).scr
2015-07-26 15:51 - 2015-07-26 15:51 - 00688992 ____R (Swearware) C:\Users\Kerlin\Downloads\dds (3).scr
2015-07-26 12:46 - 2015-07-26 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-26 12:45 - 2015-07-26 12:46 - 00000000 ____D C:\Program Files\iTunes
2015-07-26 12:45 - 2015-07-26 12:45 - 00000000 ____D C:\Program Files\iPod
2015-07-16 20:57 - 2015-07-16 20:57 - 00000000 ____D C:\Users\Kerlin\.MakeMKV
2015-07-13 18:14 - 2015-07-13 18:14 - 00000000 ____D C:\Users\Kerlin\AppData\Roaming\17396
2015-07-12 19:55 - 2015-07-12 19:55 - 00000000 ____D C:\Users\Kerlin\Documents\DVDFab9
2015-07-12 19:55 - 2015-07-12 19:55 - 00000000 ____D C:\Users\Kerlin\AppData\Roaming\DVDFab9
2015-07-12 19:55 - 2015-07-12 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
2015-07-12 19:55 - 2015-07-12 19:55 - 00000000 ____D C:\Program Files (x86)\DVDFab 9
2015-07-12 15:53 - 2015-07-12 16:00 - 62602552 _____ (Fengtao Software Inc. ) C:\Users\Kerlin\Downloads\DVDFab9202.exe
2015-07-12 15:53 - 2015-07-12 15:53 - 00000000 ____D C:\Users\Kerlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2015-07-12 15:53 - 2015-07-12 15:53 - 00000000 ____D C:\Program Files (x86)\MakeMKV
2015-07-12 15:51 - 2015-07-12 15:52 - 08120500 _____ (GuinpinSoft inc) C:\Users\Kerlin\Downloads\Setup_MakeMKV_v1.9.4.exe
2015-07-12 11:45 - 2015-07-12 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-09 07:38 - 2015-07-09 07:38 - 00275696 _____ (Filtro In Rame) C:\Users\Kerlin\AppData\Roaming\adtshlEx.exe
2015-07-08 17:14 - 2015-07-08 17:14 - 00030860 _____ C:\Users\Kerlin\Downloads\NCM TENDER JUL_06_20152 (1).xlsx
2015-07-08 17:11 - 2015-07-08 17:11 - 00035256 _____ C:\Users\Kerlin\Downloads\Tender Master.xlsx
2015-07-08 17:00 - 2015-07-08 19:15 - 00288768 _____ C:\Users\Kerlin\Downloads\Online Activity Reort.xls
2015-07-08 16:57 - 2015-07-08 16:57 - 00030860 _____ C:\Users\Kerlin\Downloads\NCM TENDER JUL_06_20152.xlsx
2015-07-06 20:10 - 2015-07-06 20:10 - 00790826 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-06 19:30 - 2015-07-06 19:50 - 23735712 _____ (Softland) C:\Users\Kerlin\Downloads\dopdf-full.exe
2015-07-05 12:42 - 2015-07-05 12:42 - 00000000 ____D C:\Users\Kerlin\.dvdcss

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-04 18:49 - 2014-03-30 12:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4bc39ce5ad88.job
2015-08-04 18:37 - 2012-07-23 20:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-04 12:59 - 2013-05-30 18:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-04 12:30 - 2012-07-17 18:03 - 01511881 _____ C:\Windows\WindowsUpdate.log
2015-08-02 13:31 - 2009-07-14 14:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-02 13:31 - 2009-07-14 14:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-01 13:58 - 2015-01-04 13:28 - 00000000 ____D C:\AdwCleaner
2015-08-01 13:44 - 2009-07-14 15:13 - 00805282 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-01 13:37 - 2015-06-15 01:00 - 00002704 _____ C:\Windows\setupact.log
2015-08-01 13:37 - 2012-07-22 18:04 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-01 13:37 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-01 13:35 - 2012-07-24 20:59 - 00183974 _____ C:\Windows\PFRO.log
2015-08-01 13:35 - 2012-07-23 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-01 13:28 - 2012-07-23 07:38 - 00000000 ____D C:\Users\Kerlin\Documents\Outlook Files
2015-08-01 13:21 - 2012-07-23 19:39 - 00000000 ____D C:\Users\Kerlin\AppData\Roaming\Azureus
2015-08-01 13:20 - 2013-08-25 09:23 - 00000000 ____D C:\Users\Kerlin\AppData\Roaming\TuneUpMedia
2015-08-01 13:18 - 2013-03-03 06:58 - 00000000 ____D C:\Users\hedev
2015-08-01 13:18 - 2012-07-23 19:29 - 00000000 ____D C:\Users\Kerlin\AppData\Roaming\Mozilla
2015-08-01 13:17 - 2012-07-26 17:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-01 13:17 - 2012-07-26 17:52 - 00000000 ____D C:\ProgramData\Adobe
2015-07-26 12:45 - 2012-09-16 08:38 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-26 12:45 - 2012-09-16 08:37 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-19 15:29 - 2012-09-09 11:59 - 00000000 ____D C:\Users\Kerlin\AppData\Roaming\vlc
2015-07-16 20:57 - 2012-07-17 18:08 - 00000000 ____D C:\Users\Kerlin
2015-07-16 12:41 - 2014-03-30 12:56 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4bc39ce5ad88
2015-07-16 12:41 - 2013-05-30 18:09 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 05:37 - 2012-07-23 20:44 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 05:37 - 2012-07-23 20:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 05:37 - 2012-07-23 20:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-12 15:49 - 2013-02-15 06:18 - 00000000 ____D C:\Users\Kerlin\AppData\Roaming\DVD Flick
2015-07-12 12:02 - 2015-02-22 12:12 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-12 11:45 - 2013-06-02 10:00 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-06 21:30 - 2015-01-23 19:57 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-05 12:41 - 2013-06-13 07:29 - 00000000 ____D C:\Users\Kerlin\AppData\Roaming\dvdcss

==================== Files in the root of some directories =======

2009-02-13 10:02 - 2009-02-13 10:02 - 0080896 _____ (Microsoft Corporation) C:\Program Files\devcon_amd64.exe
2012-09-14 06:32 - 2012-09-14 06:32 - 0000272 _____ () C:\Users\Kerlin\AppData\Roaming\.backup.dm
2015-07-09 07:38 - 2015-07-09 07:38 - 0275696 _____ (Filtro In Rame) C:\Users\Kerlin\AppData\Roaming\adtshlEx.exe
2013-06-29 17:41 - 2013-06-29 17:41 - 0000037 ___SH () C:\Users\Kerlin\AppData\Local\70149b02515b3bb20dd492.47983420
2013-06-02 09:24 - 2013-06-02 09:24 - 0000292 _____ () C:\Users\Kerlin\AppData\Local\HamsterBookConverter.cfg
2014-12-26 09:34 - 2014-12-26 09:34 - 0628496 _____ (CMI Limited) C:\Users\Kerlin\AppData\Local\nsp36DA.tmp
2012-07-24 18:58 - 2013-12-15 09:19 - 0007663 _____ () C:\Users\Kerlin\AppData\Local\resmon.resmoncfg
2010-11-21 13:24 - 2010-11-21 13:24 - 0050176 _____ () C:\ProgramData\mstbsvroj.exe

Files to move or delete:
====================
C:\ProgramData\mstbsvroj.exe


Some files in TEMP:
====================
C:\Users\Kerlin\AppData\Local\Temp\i4jdel1.exe
C:\Users\Kerlin\AppData\Local\Temp\i4jdel2.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-02 00:19

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Kerlin (2015-08-04 19:06:31)
Running from C:\Users\Kerlin\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2429091067-2142817945-3690742074-500 - Administrator - Disabled)
Guest (S-1-5-21-2429091067-2142817945-3690742074-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2429091067-2142817945-3690742074-1002 - Limited - Enabled)
Kerlin (S-1-5-21-2429091067-2142817945-3690742074-1000 - Administrator - Enabled) => C:\Users\Kerlin
UpdatusUser (S-1-5-21-2429091067-2142817945-3690742074-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Any Video Converter Ultimate 4.5.3 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Pro Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CleanMyPhone (build 1.3.3) (HKLM-x32\...\CleanMyPhone_is1) (Version: - )
DriverUpdate (HKLM-x32\...\{850A14FC-F410-47F7-94E4-38F4D3F270D4}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVDFab 9.2.0.2 (10/06/2015) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 5.00 - Philipp Winterberg)
Free Video Joiner (HKLM-x32\...\{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1) (Version: - FreeVideoJoiner.com)
FreeFileSync 5.10 (HKLM-x32\...\FreeFileSync) (Version: 5.10 - Zenju)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoPro Studio 2.0.0 (HKLM-x32\...\GoPro Studio) (Version: 2.0.0 - WoodmanLabs Inc. d.b.a. GoPro)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.10.1300 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3062 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Explorer 11 (HKLM-x32\...\{66732EEE-ECBC-4CA6-A474-1122}_is1) (Version: - Microsoft Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.52.4 - JMicron Technology Corp.)
JPEG Lossless Rotator 9.2 (HKLM\...\JPEG Lossless Rotator_is1) (Version: - Anny)
K-Lite Codec Pack 9.2.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
MakeMKV v1.9.4 (HKLM-x32\...\MakeMKV) (Version: v1.9.4 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyHarmony (HKU\S-1-5-21-2429091067-2142817945-3690742074-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
NAPS2 2.6.3 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan)
NVIDIA 3D Vision Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
SABnzbd 0.7.20 (HKLM-x32\...\SABnzbd) (Version: 0.7.20 - The SABnzbd Team)
Serviio (HKLM\...\Serviio) (Version: - )
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SlimComputer (HKLM-x32\...\{9F12F452-E819-401B-B1F0-8B73CAC049D1}) (Version: 1.3.23129 - SlimWare Utilities, Inc.)
SlimDrivers (HKLM-x32\...\{EFC3724F-73A8-4BF6-B69F-313EC03A42B3}) (Version: 2.2.22316 - SlimWare Utilities, Inc.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.20 - Western Digital)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) (HKLM\...\422991454CB076E9B856C21BBF99AF2B82317EDA) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies)
WinZip 18.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

06-07-2015 20:20:23 doPDF 8
06-07-2015 21:25:24 doPDF 8
14-07-2015 00:00:04 Scheduled Checkpoint
22-07-2015 07:29:35 Scheduled Checkpoint
28-07-2015 20:19:33 before malware fix
01-08-2015 13:15:37 Removed Adobe Reader X (10.1.15).
01-08-2015 13:22:37 Removed Private Internet Access Support Files
01-08-2015 13:23:39 Removed Java 7 Update 51
01-08-2015 13:25:33 Removed Java(TM) 6 Update 22 (64-bit)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EE22C34-DA46-4A4F-9695-252E5F998960} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {2EF1F1DF-81DE-4E8A-AA57-57ED57E444D0} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2012-07-18] (SlimWare Utilities, Inc.)
Task: {42AA4FA1-9854-4ED4-9B83-E72348AD4177} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {65766224-9442-401B-8095-6C62A86118B5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {657CBE3B-019B-42A6-90DC-0F1E3B324BB1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {73670356-C527-4AC3-9611-19026747A0DC} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4bc39ce5ad88 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-30] (Google Inc.)
Task: {9B341374-BDF4-499F-AE41-A42D651846BD} - \FellowSky\FellowSky No Task File <==== ATTENTION
Task: {9FE94936-08C3-4F68-B23D-C956893B9EFA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {A7C6DBE9-D716-405D-9C70-4FD44311A118} - System32\Tasks\{4943610C-187A-452D-ADC6-D5BBACCBAC3B} => pcalua.exe -a C:\Users\Kerlin\Downloads\SABnzbd-0.7.20-win32-setup.exe -d C:\Users\Kerlin\Downloads
Task: {AE83EB35-A10E-4628-B261-CD77356AC243} - System32\Tasks\{E21F4D4C-CDB6-49EE-89CD-A2301F1D2180} => pcalua.exe -a E:\autoRcd.exe -d E:\
Task: {C1EE5FE7-3347-429D-AEBA-431129D9971C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C6BFAA54-267E-4C75-B7E3-2DAEC76A044E} - System32\Tasks\{C3515804-0D0E-449E-8FDC-93082371D942} => pcalua.exe -a "C:\Users\Kerlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQS5YAGD\Video_Nvidia_W74_A10_Setup_RXD7P_ZPE[1].exe" -d C:\Users\Kerlin\Desktop
Task: {CE5C25B9-99D9-4DFE-947A-7C0079475A8F} - System32\Tasks\{57BA10DB-D001-40E3-A0DE-7F45C8582813} => pcalua.exe -a C:\Users\Kerlin\Downloads\USB3_Renesas_W7_A03_Setup-61X2W_ZPE.exe -d C:\Users\Kerlin\Downloads
Task: {D0E2EFB2-6989-4A58-B0A0-61AC667E9DF8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {DC50442F-238D-491C-8B01-781F85484C6E} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-06-30] ()
Task: {E833AD34-56A5-490C-952A-7597E617595A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {F054899B-6BEC-4203-B3E9-ECE075667B2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4bc39ce5ad88.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (Whitelisted) ==============

2012-07-22 18:03 - 2013-03-15 14:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-11-01 12:58 - 2011-11-01 12:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-01-20 21:35 - 2015-01-20 21:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
2015-03-21 18:54 - 2015-03-21 18:54 - 00327680 _____ () C:\Program Files\Serviio\bin\ServiioService.exe
2011-11-01 12:58 - 2011-11-01 12:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-07-22 17:59 - 2011-07-19 14:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-06-07 15:30 - 2015-06-07 15:30 - 00104960 _____ () C:\Program Files (x86)\SABnzbd\SABnzbd.exe
2015-03-21 18:54 - 2015-03-21 18:54 - 00368640 _____ () C:\Program Files\Serviio\bin\ServiioConsole.exe
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2015-06-30 17:35 - 2015-06-30 17:39 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2015-06-30 17:35 - 2015-06-30 17:39 - 00690176 _____ () C:\Program Files\pia_manager\openvpn.exe
2015-06-30 17:35 - 2015-06-30 17:39 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2015-04-24 07:09 - 2015-04-24 07:09 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-24 07:09 - 2015-04-24 07:09 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-01 13:34 - 2015-08-01 13:34 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15073103\algo.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2015-03-14 11:38 - 2015-03-14 11:38 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-07 15:30 - 2015-06-07 15:30 - 00053248 _____ () C:\Program Files (x86)\SABnzbd\lib\_socket.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00671744 _____ () C:\Program Files (x86)\SABnzbd\lib\_ssl.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00294912 _____ () C:\Program Files (x86)\SABnzbd\lib\_hashlib.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00102400 _____ () C:\Program Files (x86)\SABnzbd\lib\win32api.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00118784 _____ () C:\Program Files (x86)\SABnzbd\lib\pywintypes25.dll
2015-06-07 15:30 - 2015-06-07 15:30 - 00013824 _____ () C:\Program Files (x86)\SABnzbd\lib\win32event.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00036864 _____ () C:\Program Files (x86)\SABnzbd\lib\win32service.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00057344 _____ () C:\Program Files (x86)\SABnzbd\lib\OpenSSL.crypto.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00007168 _____ () C:\Program Files (x86)\SABnzbd\lib\OpenSSL.rand.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00037888 _____ () C:\Program Files (x86)\SABnzbd\lib\OpenSSL.SSL.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00086016 _____ () C:\Program Files (x86)\SABnzbd\lib\_ctypes.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00049152 _____ () C:\Program Files (x86)\SABnzbd\lib\_sqlite3.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00546205 _____ () C:\Program Files (x86)\SABnzbd\lib\sqlite3.dll
2015-06-07 15:30 - 2015-06-07 15:30 - 00008192 _____ () C:\Program Files (x86)\SABnzbd\lib\select.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00009728 _____ () C:\Program Files (x86)\SABnzbd\lib\_yenc.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00012288 _____ () C:\Program Files (x86)\SABnzbd\lib\Cheetah._namemapper.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00135168 _____ () C:\Program Files (x86)\SABnzbd\lib\pyexpat.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00040960 _____ () C:\Program Files (x86)\SABnzbd\lib\win32process.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00110592 _____ () C:\Program Files (x86)\SABnzbd\lib\win32file.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00014848 _____ () C:\Program Files (x86)\SABnzbd\lib\win32evtlog.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00024576 _____ () C:\Program Files (x86)\SABnzbd\lib\servicemanager.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00019968 _____ () C:\Program Files (x86)\SABnzbd\lib\win32pipe.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00155648 _____ () C:\Program Files (x86)\SABnzbd\lib\win32gui.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00176128 _____ () C:\Program Files (x86)\SABnzbd\lib\winxpgui.pyd
2015-08-01 13:38 - 2015-08-01 13:38 - 00012800 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-08-01 13:38 - 2015-08-01 13:38 - 00009728 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-08-01 13:38 - 2015-08-01 13:38 - 00014848 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-08-01 13:37 - 2015-08-01 13:37 - 00094208 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\src\rgloader\rgloader193.mswin.so
2015-08-01 13:39 - 2015-08-01 13:39 - 00009216 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-08-01 13:39 - 2015-08-01 13:39 - 00094208 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-08-01 13:39 - 2015-08-01 13:39 - 00126976 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-08-01 13:39 - 2015-08-01 13:39 - 00087552 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-08-01 13:39 - 2015-08-01 13:39 - 00016384 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-08-01 13:38 - 2015-08-01 13:38 - 00127316 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\bin\libffi-6.dll
2015-08-01 13:39 - 2015-08-01 13:39 - 00008704 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-08-01 13:39 - 2015-08-01 13:39 - 00013312 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-08-01 13:39 - 2015-08-01 13:39 - 00095744 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-08-01 13:39 - 2015-08-01 13:39 - 00026624 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2015-07-06 20:18 - 2015-07-06 20:18 - 00171008 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\6cf2c1c750318204fc1dddd118eca040\IsdiInterop.ni.dll
2012-07-24 20:32 - 2011-02-18 08:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-08-01 13:41 - 2015-08-01 13:41 - 00012800 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00009728 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00014848 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00094208 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\src\rgloader\rgloader193.mswin.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00094208 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00118784 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00069120 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00083968 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\bin\zlib1.dll
2015-08-01 13:41 - 2015-08-01 13:41 - 00026624 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00275968 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00015360 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00008192 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00009216 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00023552 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00008704 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00008704 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00008704 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00008704 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00036352 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-08-01 13:42 - 2015-08-01 13:42 - 00126976 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-08-01 13:42 - 2015-08-01 13:42 - 00087552 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-08-01 13:42 - 2015-08-01 13:42 - 00016384 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00127316 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\bin\libffi-6.dll
2015-08-01 13:41 - 2015-08-01 13:41 - 00013312 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00095744 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-08-01 13:42 - 2015-08-01 13:43 - 00026624 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2012-12-17 06:44 - 2000-01-01 10:00 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2015-03-30 00:52 - 2015-02-26 23:18 - 39149568 _____ () C:\Program Files (x86)\Internet Explorer 11\libcef.dll
2015-03-30 00:52 - 2015-02-26 23:18 - 01379328 _____ () C:\Program Files (x86)\Internet Explorer 11\libglesv2.dll
2015-03-30 00:52 - 2015-02-26 23:18 - 00176128 _____ () C:\Program Files (x86)\Internet Explorer 11\libegl.dll
2015-03-30 00:52 - 2015-02-26 23:18 - 08929280 _____ () C:\Program Files (x86)\Internet Explorer 11\pdf.dll
2015-03-30 00:52 - 2015-02-26 23:18 - 00968704 _____ () C:\Program Files (x86)\Internet Explorer 11\ffmpegsumo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:054203E4
AlternateDataStreams: C:\Users\Kerlin\Documents\Calvery Refund.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Kerlin\Documents\Calvery Refund.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2429091067-2142817945-3690742074-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kerlin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{EF4E2CA9-189E-43A4-BFC6-52333ECDD34B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{6427E243-72F6-4DDD-BB2B-13B13C6E44C0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{C1BEF1A8-CCFF-48BE-AA9C-9D569631F217}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{55C4CA76-B1FE-41EE-953E-D382C1C32229}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{2D2BFC86-9026-4551-8FE9-80033667CBF6}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{3AE1D3C1-9258-4AB1-B716-B0CE458861C6}] => (Allow) C:\Program Files\Serviio\bin\ServiioConsole.exe
FirewallRules: [{0ECDC335-8D6B-4FEA-A1D6-1922CDDC8380}] => (Allow) C:\Users\Kerlin\AppData\Local\Temp\7zS0B29\hppiw.exe
FirewallRules: [{F57D8C76-BB1F-42C1-807A-A245E6BBBDB0}] => (Allow) C:\Users\Kerlin\AppData\Local\Temp\7zS0B29\hppiw.exe
FirewallRules: [TCP Query User{E988F878-9B81-4FDD-81AC-5D11E6BFDBF2}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{488014D2-06EA-4A29-B55D-BDBB61625461}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [TCP Query User{C24B8680-C129-4724-B265-E9B407A5AB8A}C:\users\kerlin\appdata\local\vghd\bin\virtuagirl_downloader.exe] => (Allow) C:\users\kerlin\appdata\local\vghd\bin\virtuagirl_downloader.exe
FirewallRules: [UDP Query User{6D4E3548-0062-4AC3-8F91-B75DCE0A13CF}C:\users\kerlin\appdata\local\vghd\bin\virtuagirl_downloader.exe] => (Allow) C:\users\kerlin\appdata\local\vghd\bin\virtuagirl_downloader.exe
FirewallRules: [TCP Query User{4E16F515-9165-48BF-AF3E-8E2C1A44EB88}C:\users\kerlin\appdata\local\vghd\bin\virtuagirl_downloader.exe] => (Allow) C:\users\kerlin\appdata\local\vghd\bin\virtuagirl_downloader.exe
FirewallRules: [UDP Query User{8B83D6A9-D28C-458E-95E4-EC3FABCE9198}C:\users\kerlin\appdata\local\vghd\bin\virtuagirl_downloader.exe] => (Allow) C:\users\kerlin\appdata\local\vghd\bin\virtuagirl_downloader.exe
FirewallRules: [{04F6B718-D1AD-4857-AC6A-3C552650FFD4}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{7D7816C1-0FD1-4640-9142-9A89E13ADF02}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{78A5C9B6-9497-4EC3-BA52-E5D4825ECA9B}] => (Allow) C:\Program Files\Serviio\bin\ServiioConsole.exe
FirewallRules: [{B45B95AB-9BB6-4098-AF6F-D4E1730C0898}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{543B5F1F-576F-4DC6-9E0C-42C8571E7F58}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{57278E6B-57BB-42D6-9EA6-91B6FAFD934E}] => (Allow) C:\Program Files\Serviio\bin\ServiioConsole.exe
FirewallRules: [{B04865D3-ADAE-4AD7-873F-1DD9E72C4FE9}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{18BDB6A9-DB74-4E51-9562-23AD42F5AF70}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{2167BF9E-441F-4E3A-9640-70B1980676E9}] => (Allow) C:\Program Files\Serviio\bin\ServiioConsole.exe
FirewallRules: [{F750A9F2-FB98-4E3D-B9F0-438585620DF2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{25927F27-E11A-43B0-880A-122458DCC575}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CF205C26-57F0-4612-8E38-ACA19DAEBCC0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{64BF6834-BD4F-4F8A-9DA2-C36EC4D5D407}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1AEA7E6-F3A2-481B-8EDB-D24BF63FAFC1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{2FFDAEDC-5A71-4C65-9FF6-5AAAEC85D724}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B3C47AF7-121E-4647-929B-6144EDFEA59D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{55BE75F3-A17D-475A-96BE-328443D3C18C}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{AE804EF9-E5B9-4369-827C-BEB3AD17AA97}C:\users\kerlin\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\kerlin\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{BF6C4B3B-6388-4B5D-B627-6E61C4B197D2}C:\users\kerlin\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\kerlin\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{021A62E9-861B-4A14-8F78-8034548294C5}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe
FirewallRules: [{0DE92E4A-1943-46DA-8BE9-F55BD6D72127}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe
FirewallRules: [{733E1E58-1C34-4325-AB00-153CF7C64685}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe
FirewallRules: [{D5BD4634-D5AA-4871-A715-4929905D5E94}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe
FirewallRules: [{A3B469CD-977C-4457-BEE8-B30F5155DE2B}] => (Allow) C:\Users\Kerlin\AppData\Local\TNT2\2.0.0.1918\TNT2User.exe
FirewallRules: [{4281C4FD-0726-4BA7-9FF8-170FA4660370}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3AAC456F-CB34-41DF-B8C0-583DC0953A77}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{818E5CDA-72E9-49C1-B43A-4637C41138CB}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{5DDEF11F-4099-45C7-B3C7-37282C2E60C3}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [{67F89B70-8707-4F77-A12F-028D2847E400}] => (Allow) C:\Program Files (x86)\Windows Audio\R1\AudioSrv.exe
FirewallRules: [{AA07B68B-BA6C-4A83-A1C2-7DE386838FF3}] => (Allow) C:\Program Files (x86)\Windows Audio\R1\WmiPrvSD.exe
FirewallRules: [TCP Query User{D9668256-F24A-418B-B3EC-C6BFA77A05C5}C:\program files\serviio\jre\bin\javaw.exe] => (Block) C:\program files\serviio\jre\bin\javaw.exe
FirewallRules: [UDP Query User{EF60E6F6-9D3D-4DE1-A9EE-BB4D8F049D90}C:\program files\serviio\jre\bin\javaw.exe] => (Block) C:\program files\serviio\jre\bin\javaw.exe
FirewallRules: [{13AFCEF5-D1F2-453F-BE27-E0DEFF8860B2}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{E35AE08C-03FD-4D3E-9180-0EA0503E9BAA}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{3337009D-06A0-4463-BAAD-CA5A5C93C2BC}] => (Allow) C:\Program Files\Serviio\bin\ServiioConsole.exe
FirewallRules: [TCP Query User{5BE4189D-06CF-402B-BA01-14B2241F8D62}C:\users\kerlin\downloads\sickbeard-win32-alpha-build503\sickbeard-win32-alpha-build503\sickbeard.exe] => (Allow) C:\users\kerlin\downloads\sickbeard-win32-alpha-build503\sickbeard-win32-alpha-build503\sickbeard.exe
FirewallRules: [UDP Query User{17930995-BACF-4723-9733-99B47E86B3B3}C:\users\kerlin\downloads\sickbeard-win32-alpha-build503\sickbeard-win32-alpha-build503\sickbeard.exe] => (Allow) C:\users\kerlin\downloads\sickbeard-win32-alpha-build503\sickbeard-win32-alpha-build503\sickbeard.exe
FirewallRules: [{F438967D-300F-40B7-B9D0-9FF9DAC13C41}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{018301A5-B359-4915-B4CA-9A2688839289}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{671E89D8-3EF0-429D-A9F8-E9B4A60FA342}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E4169D3D-26A4-4124-A835-0E34AA7C817C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7

==================== Faulty Device Manager Devices =============

Name: ssnfd
Description: ssnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ssnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: wpnfd_1_10_0_1
Description: wpnfd_1_10_0_1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: wpnfd_1_10_0_1
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2015 07:00:08 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031).

Error: (08/01/2015 01:38:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2015 08:08:40 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031).

Error: (07/28/2015 08:08:28 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031).

Error: (07/28/2015 08:08:22 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031).

Error: (07/28/2015 08:07:25 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031).

Error: (07/26/2015 12:50:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (07/26/2015 12:50:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (07/26/2015 12:50:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (07/26/2015 12:50:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20


System errors:
=============
Error: (08/01/2015 01:43:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (08/01/2015 01:43:05 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/01/2015 01:38:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ssnfd
wpnfd_1_10_0_1

Error: (08/01/2015 01:37:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bluetooth Device Monitor service failed to start due to the following error:
%%2

Error: (08/01/2015 01:37:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ackaxfnrcw32 service failed to start due to the following error:
%%2

Error: (07/20/2015 07:16:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/20/2015 07:14:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (07/17/2015 03:29:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (07/13/2015 06:13:57 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (07/12/2015 08:04:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069


Microsoft Office:
=========================
Error: (08/02/2015 07:00:08 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031)

Error: (08/01/2015 01:38:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2015 08:08:40 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031)

Error: (07/28/2015 08:08:28 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031)

Error: (07/28/2015 08:08:22 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031)

Error: (07/28/2015 08:07:25 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031)

Error: (07/26/2015 12:50:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (07/26/2015 12:50:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (07/26/2015 12:50:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (07/26/2015 12:50:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20


CodeIntegrity:
===================================
Date: 2012-09-02 12:05:31.270
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvoptimusmft.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-09-02 12:05:15.558
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvoptimusmft.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-09-02 11:19:07.966
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvoptimusmft.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-08-27 18:43:09.289
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvoptimusmft.dll because the set of per-page image hashes could not be found on the system.

Date: 2012-08-27 18:42:57.429
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvoptimusmft.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2860QM CPU @ 2.50GHz
Percentage of memory in use: 43%
Total physical RAM: 8086.17 MB
Available physical RAM: 4543.89 MB
Total Virtual: 16170.52 MB
Available Virtual: 10872.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.63 GB) (Free:11.32 GB) NTFS
Drive d: (Vuze) (Fixed) (Total:698.54 GB) (Free:617.22 GB) NTFS
Drive r: (2tb3) (Fixed) (Total:1862.98 GB) (Free:6.87 GB) NTFS
Drive y: (Movies) (Fixed) (Total:1863.01 GB) (Free:770.18 GB) NTFS
Drive z: (Movie Book) (Fixed) (Total:3725.99 GB) (Free:376.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: CA60F336)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7387B785)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 6181F547)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 1863 GB) (Disk ID: 1C58AE47)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of log ============================
Mustang066347
Regular Member
 
Posts: 24
Joined: December 26th, 2014, 2:05 am

Re: Infected with Some form of Nasty ??

Unread postby Firefly » August 4th, 2015, 7:14 pm

Paul -

Backdoor Warning
Your computer has multiple infections, and there are strong indications that one of them may include a backdoor.
A backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge.
A backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.
Typically it's installed without user interaction through security exploits, and can severely compromise system security.

We can never know exactly what the backdoor is set to do, but here is what it CAN do:

Such infections may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware.
These backdoor infections may also collect and transmit personally identifiable information, without your consent and severely degrade the performance and stability of your computer.
A backdoor infection can give intruders complete control of your computer, logs your keystrokes, obtain passwords, steal personal information, etc.

You are strongly advised to do the following:
  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft
    and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords
    (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, any online activity you perform, requiring a username and password).
    Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again.
Many experts in the security community believe that once infected with this type of trojan, the best course of action would be to do a reformat and re-installation of the operating system (OS).
This decision will have to be made by you...

To help you understand more, please take some time to read the following articles:
When should I re-format and reinstall my OS
What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
How and Where to backup your files
Restoring your Vista-W7 backups

Please let me know how you would like to proceed. I am happy to help you clean the computer, but you need to decide this based on your factors and how you use the computer.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Infected with Some form of Nasty ??

Unread postby Mustang066347 » August 5th, 2015, 12:15 am

Hi Firefly

Thanks for the awesome news (not). I need to fix it mate and if that means reformat / reload then that's what i need to do i guess. I have sort of done this many years ago on another computer but i would need your help to do it again.

I can access the internet through my work computer to avoid connecting to the internet at home. My Iphones and Ipads connect to that home network via wifi - is that a potential problem?

I will happily accept your help to fix this problem
Mustang066347
Regular Member
 
Posts: 24
Joined: December 26th, 2014, 2:05 am

Re: Infected with Some form of Nasty ??

Unread postby Firefly » August 5th, 2015, 8:28 am

Sorry to be the bearer of bad news. To clarify, you would like to reformat and reinstall your operating system, correct?

Your ability to do that will depend on what tools you have at hand. I don't see a recovery partition on your computer. Do you have to original system and driver disks that came with your computer?
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Infected with Some form of Nasty ??

Unread postby Mustang066347 » August 6th, 2015, 10:14 pm

these things happen

YES I WOULD LIKE TO RE FORMAT REINSTALL MY LAPTOP.

In the photo is all the discs i have for the laptop. I actually think the windows disc and the outlook disc is from a previous pc but they should still work. all the dell discs are there.

Can i also ask is my home WIFI safe to use with ipads / phones etc or is that also compromised ?

Will I be able to save all my data etc ?
You do not have the required permissions to view the files attached to this post.
Mustang066347
Regular Member
 
Posts: 24
Joined: December 26th, 2014, 2:05 am

Re: Infected with Some form of Nasty ??

Unread postby Firefly » August 8th, 2015, 9:19 am

Paul –

Sorry for the delayed response.

Unfortunately, reformatting specifics are not my specialty. It does look like you have everything you need there (the windows ultimate upgrade is not in use on this computer per your logs.) Here is what I can offer from a security standpoint:

1. It looks like your system does not have a factory restore partition. Therefore, you will need to reformat from disks. I am assuming you already backed up your data as we discussed in the beginning.
2. Here is a link on Dell’s website for how to reformat: http://www.dell.com/support/article/us/en/19/SLN130608
3. I see you have a disk drive labeled D: (Vuze). As I mentioned before, Vuze, or any other torrent will almost, with 100% certainty, cause you to get reinfected. I would reformat this disk, and I would do it BEFORE your restore your computer so that any virus on that D drive does not infect the newly formatted computer.
4. Depending on how technically comfortable you are, you may want to physically disconnect your other drives before you commence the reformat. I suggest this solely to prevent any erroneous deletions, but it is not critical.
5. As soon as you have reinstalled your system (but before you go through the trouble of putting your data back on the c drive), I would immediately install the anti-virus of your choice. You had been using Avast, which is a very good choice. I would reconnect the drives 1 by 1 (if you disconnected them), and I would then to a full deep scan of the other drives (r, y, and z). Any data that was downloaded from a torrent site should be viewed with deep suspicion.


Going forward, I would offer the following suggestions:


Backup, Backup, and more Backup

Now that your computer is clean, probably the most important thing you can do is to create a backup plan for your data. All of the Windows systems we support have backup capabilities. These existing programs will allow you to back up your files to an external hard drive, USB drive or CD drive.

Here are links to using the backup programs in the various versions of Windows:


An alternative to backing your files up locally is to back your files up to the cloud, and there are a number of free and paid for services of this type available. These are highly automated and (typically) very user friendly.

Below are links to a couple of articles with details for both free and paid for backup services ...

http://www.techsupportalert.com/content ... -sites.htm
http://www.pcmag.com/article2/0,2817,22 ... 745,00.asp


Please follow these simple guidelines in order to help keep your computer more secure:

Update your Antivirus programs and other programs regularly. These two links will take you to sites that will tell you if you have outdated programs:

Secunia Personal Software Inspector - Copyright © Secunia.
FileHippo.com Update Checker - © Copyright FileHippo.com


Visit Microsoft often.
Keep on top of critical updates , as well as other updates for your computer.
Using Windows Update in Windows 7
What is Windows Update?
Microsoft Update Home

Install additional (free) programs, that can help improve security.
Many feel that having a "layered" protection scheme is beneficial, you'll have to decide what works best for your situation.
Here are a few you can look into, if you want. :)

Malwarebytes' Anti-Malware
You have this installed already, run scans weekly (at least)... make sure you check for updates before running scans.
Download it from Malewarebytes © Malwarebytes Corporation.
Tutorial available on how to install and use, can be found here.
Powerful, easy to use and free. For real-time protection you will have to purchase the product.

WinPatrol
Download it from Winpatrol © Ruiware, LLC.
Information about how WinPatrol works, is available Here
(The free version of WinPatrol... provides limited real-time protection)


Please read the article below which will give you a few suggestions for how to minimize your chances of getting another infection. Most importantly, DO NOT USE TORRENT SITES!!!

If your computer is running slowly after your clean up, please read.

I would be grateful if you could reply to this post so that I know you have read it and the thread can be closed. If you need more specific help with the reformat, I will need to refer you to a board where people are more these processes.

Safe surfing!
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Infected with Some form of Nasty ??

Unread postby Mustang066347 » August 11th, 2015, 3:52 am

Thank you for all your help Firefly.

I am going to reformat this weekend.

Is it alright to post a new log after the reformat to make sure everything looks clean.

Thanks Again

Paul
Mustang066347
Regular Member
 
Posts: 24
Joined: December 26th, 2014, 2:05 am

Re: Infected with Some form of Nasty ??

Unread postby Firefly » August 11th, 2015, 11:17 am

Happy to have been of help and wish I could have been the bearer of better news.

Provided you reformat the drive and reinstall the system back to original factory condition, no virus can exist. It is important that you allow the reinstallation to reformat the C: drive (it should do this automatically - just dont stop it or unselect it.) Once this is done, follow the step I outlined, and you will be in good shape. Absent symptoms, it is impossible for me to diagnose a machine. We nee some sort of direction of what we are looking for.

If you do have any problems, feel free to post a new topic, and I or one of the other helpers will gladly assist. You can even reference this topic in your initial post.

Best of luck with the reformat. I do think you made the smart choice based on your circumstances. Please let me know once you have read this so I can close the topic.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Infected with Some form of Nasty ??

Unread postby Mustang066347 » August 13th, 2015, 1:51 am

Thank you firefly
Mustang066347
Regular Member
 
Posts: 24
Joined: December 26th, 2014, 2:05 am

Re: Infected with Some form of Nasty ??

Unread postby Cypher » August 13th, 2015, 10:07 am

As your problems appear to require a reformat, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 122 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware