- Jan 19, 2015
- 6
Need help getting rid of this google chrome crap. I'm not very computer savvy so I don't exactly know what I'm doing so bear with me. here is the FRST log.
can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by alien (administrator) on ALIEN-PC on 19-01-2015 20:42:13
Running from C:\Users\alien\Desktop
Loaded Profiles: alien (Available profiles: alien)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\stacsv64.exe
() C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\AESTSr64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell) C:\Users\alien\AppData\Local\Apps\2.0\1L2D35B8.1YC\ZV1D3HEA.PD2\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
() C:\Program Files (x86)\Microsoft Games\Age of Mythology Gold Edition\movieplayer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
() C:\Users\alien\Desktop\zoek.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1926928 2009-09-21] (Intel(R) Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1881384 2009-10-23] (Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-05] (AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2014-06-27] (Power Software Ltd)
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [DellSystemDetect] => C:\Users\alien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1299776 2014-10-30] (Lavasoft)
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [cbcmwbtsomr] => regsvr32.exe /s "C:\Users\alien\AppData\Local\The Witcher 2\cbcmwbtsomr.dll" <===== ATTENTION
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\MountPoints2: {8ba511fc-8849-11e3-ab62-806e6f6e6963} - E:\autoRcd.exe
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\MountPoints2: {fdc8926b-1e87-11e4-be0d-0026b9ff21e7} - E:\AutoPlay.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-02-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-3712284919-4224653161-3860556774-1000] => localhost:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3712284919-4224653161-3860556774-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-01]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-05]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-05] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2009-09-21] ()
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-10-30] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\STacSV64.exe [243712 2009-11-27] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [3066368 2009-10-29] (Broadcom Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-05] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-07] (Disc Soft Ltd)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-18] () [File not signed]
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-19 20:42 - 2015-01-19 20:46 - 00014015 _____ () C:\Users\alien\Desktop\FRST.txt
2015-01-19 20:40 - 2015-01-19 20:42 - 00000000 ____D () C:\FRST
2015-01-19 20:39 - 2015-01-19 20:40 - 02126848 _____ (Farbar) C:\Users\alien\Desktop\FRST64.exe
2015-01-19 20:37 - 2015-01-19 20:37 - 00000002 _____ () C:\runcheck.txt
2015-01-19 20:37 - 2015-01-19 20:37 - 00000000 ____D () C:\zoek_backup
2015-01-19 20:36 - 2015-01-19 20:36 - 01295360 _____ () C:\Users\alien\Desktop\zoek.exe
2015-01-13 22:13 - 2015-01-13 22:13 - 04376752 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-09 17:09 - 2015-01-09 17:09 - 01687552 _____ () C:\Users\alien\Documents\charisma_carpenter4.mpeg
2015-01-09 17:09 - 2015-01-09 17:09 - 01638400 _____ () C:\Users\alien\Documents\charisma_carpenter3.mpeg
2015-01-09 17:09 - 2015-01-09 17:09 - 01536000 _____ () C:\Users\alien\Documents\charisma_carpenter1.mpeg
2015-01-07 19:53 - 2015-01-07 19:53 - 00002011 _____ () C:\Users\Public\Desktop\Arcanum Of Steamworks and Magick Obscura.lnk
2014-12-26 19:17 - 2014-12-26 19:17 - 00001984 _____ () C:\Users\Public\Desktop\Dawn of War.lnk
2014-12-26 19:11 - 2014-12-26 19:11 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-12-25 19:20 - 2014-12-25 19:20 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-19 20:31 - 2009-07-13 23:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 20:31 - 2009-07-13 23:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 20:29 - 2014-01-28 13:30 - 02011431 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 20:28 - 2014-02-01 23:18 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-19 20:24 - 2014-12-09 21:11 - 00002265 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-01-19 20:20 - 2014-02-01 22:59 - 00000000 ____D () C:\Users\alien\AppData\Local\Deployment
2015-01-19 20:19 - 2014-02-01 23:18 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 20:19 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 20:18 - 2009-07-13 23:51 - 00056002 _____ () C:\Windows\setupact.log
2015-01-19 19:47 - 2014-08-13 17:44 - 00000000 ____D () C:\Users\alien\AppData\Local\The Witcher 2
2015-01-19 19:28 - 2014-08-05 17:52 - 00000000 ____D () C:\Users\alien\AppData\Roaming\Azureus
2015-01-19 19:13 - 2014-02-01 23:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 19:09 - 2014-02-01 23:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 18:05 - 2014-02-01 23:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-18 21:55 - 2014-02-11 18:24 - 00000000 ____D () C:\Users\alien\AppData\Roaming\vlc
2015-01-17 23:32 - 2014-12-14 17:47 - 00000000 ____D () C:\Users\alien\Documents\Max Payne Savegames
2015-01-15 20:35 - 2014-08-05 18:20 - 00000000 ____D () C:\Games
2015-01-15 20:34 - 2014-08-16 19:42 - 00000000 ____D () C:\GOG Games
2015-01-13 22:13 - 2014-02-01 23:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 22:13 - 2014-02-01 23:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 22:13 - 2014-02-01 23:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-10 19:52 - 2014-09-23 23:09 - 00000000 ____D () C:\Users\alien\Documents\EA Games
2015-01-10 19:52 - 2014-08-07 20:35 - 00000000 ____D () C:\Users\alien\Documents\My Games
2015-01-10 18:52 - 2014-12-10 17:10 - 00000000 ____D () C:\Users\alien\Documents\Freedom Fighters
2015-01-07 20:15 - 2014-08-05 21:09 - 00000000 ____D () C:\Users\alien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-07 19:53 - 2014-02-04 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-01-07 19:46 - 2014-02-04 20:44 - 00000000 ____D () C:\Program Files (x86)\GOG.com
2015-01-03 20:28 - 2014-09-16 14:11 - 00000000 ____D () C:\Users\alien\Documents\Max Payne 2 Savegames
2014-12-26 19:22 - 2014-08-07 19:08 - 00043520 _____ () C:\Windows\SysWOW64\CmdLineExt03.dll
2014-12-26 19:17 - 2014-01-28 11:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-26 19:11 - 2014-08-07 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
==================== Files in the root of some directories =======
2014-11-11 19:21 - 2014-11-11 19:21 - 0008534 _____ () C:\Users\alien\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-11-11 19:21 - 2014-11-11 19:21 - 0004210 _____ () C:\Users\alien\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-11-11 19:21 - 2014-11-11 19:21 - 0000272 _____ () C:\Users\alien\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-11-11 19:19 - 2014-11-11 19:19 - 0000448 ____H () C:\Users\alien\AppData\Roaming\麽鎒駓覜
2014-11-11 19:20 - 2014-11-11 19:20 - 0008534 _____ () C:\Users\alien\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-11 19:20 - 2014-11-11 19:20 - 0004210 _____ () C:\Users\alien\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-11 19:20 - 2014-11-11 19:20 - 0000272 _____ () C:\Users\alien\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-02-07 12:16 - 2014-02-07 12:16 - 0007667 _____ () C:\Users\alien\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000336 _____ () C:\Users\alien\AppData\Local\setup.txt
2014-11-11 19:19 - 2014-11-11 22:08 - 0000520 _____ () C:\ProgramData\@system.temp
2014-11-11 19:20 - 2014-11-11 22:08 - 0000256 ____H () C:\ProgramData\@system3.att
2014-11-11 19:19 - 2014-11-11 19:19 - 0008534 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-11-11 19:19 - 2014-11-11 19:19 - 0004210 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-11-11 19:19 - 2014-11-11 19:19 - 0000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
Some content of TEMP:
====================
C:\Users\alien\AppData\Local\Temp\7za.exe
C:\Users\alien\AppData\Local\Temp\hijackthis.exe
C:\Users\alien\AppData\Local\Temp\i4jdel0.exe
C:\Users\alien\AppData\Local\Temp\lndrikm.dll
C:\Users\alien\AppData\Local\Temp\NirCmd.exe
C:\Users\alien\AppData\Local\Temp\PEVZ.EXE
C:\Users\alien\AppData\Local\Temp\remove.exe
C:\Users\alien\AppData\Local\Temp\sed.exe
C:\Users\alien\AppData\Local\Temp\shortcut.exe
C:\Users\alien\AppData\Local\Temp\SIntf16.dll
C:\Users\alien\AppData\Local\Temp\SIntf32.dll
C:\Users\alien\AppData\Local\Temp\SIntfNT.dll
C:\Users\alien\AppData\Local\Temp\swreg.exe
C:\Users\alien\AppData\Local\Temp\swxcacls.exe
C:\Users\alien\AppData\Local\Temp\wget.exe
C:\Users\alien\AppData\Local\Temp\zoek-delete.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-15 00:19
==================== End Of Log ============================
And here is addition log:
I have no idea what to do. If anyone can help me I would be ecstatic. I'm not great w/ computer stuff so try to make it easy for me to understand.
The processes are labeled hgzvyivjaexj.exe
can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by alien (administrator) on ALIEN-PC on 19-01-2015 20:42:13
Running from C:\Users\alien\Desktop
Loaded Profiles: alien (Available profiles: alien)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\stacsv64.exe
() C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\AESTSr64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell) C:\Users\alien\AppData\Local\Apps\2.0\1L2D35B8.1YC\ZV1D3HEA.PD2\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
() C:\Program Files (x86)\Microsoft Games\Age of Mythology Gold Edition\movieplayer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
() C:\Users\alien\Desktop\zoek.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1926928 2009-09-21] (Intel(R) Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1881384 2009-10-23] (Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-05] (AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2014-06-27] (Power Software Ltd)
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [DellSystemDetect] => C:\Users\alien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1299776 2014-10-30] (Lavasoft)
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [cbcmwbtsomr] => regsvr32.exe /s "C:\Users\alien\AppData\Local\The Witcher 2\cbcmwbtsomr.dll" <===== ATTENTION
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\MountPoints2: {8ba511fc-8849-11e3-ab62-806e6f6e6963} - E:\autoRcd.exe
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\MountPoints2: {fdc8926b-1e87-11e4-be0d-0026b9ff21e7} - E:\AutoPlay.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-02-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-3712284919-4224653161-3860556774-1000] => localhost:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3712284919-4224653161-3860556774-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-01]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-05]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-05] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2009-09-21] ()
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-10-30] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\STacSV64.exe [243712 2009-11-27] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [3066368 2009-10-29] (Broadcom Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-05] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-07] (Disc Soft Ltd)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-18] () [File not signed]
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-19 20:42 - 2015-01-19 20:46 - 00014015 _____ () C:\Users\alien\Desktop\FRST.txt
2015-01-19 20:40 - 2015-01-19 20:42 - 00000000 ____D () C:\FRST
2015-01-19 20:39 - 2015-01-19 20:40 - 02126848 _____ (Farbar) C:\Users\alien\Desktop\FRST64.exe
2015-01-19 20:37 - 2015-01-19 20:37 - 00000002 _____ () C:\runcheck.txt
2015-01-19 20:37 - 2015-01-19 20:37 - 00000000 ____D () C:\zoek_backup
2015-01-19 20:36 - 2015-01-19 20:36 - 01295360 _____ () C:\Users\alien\Desktop\zoek.exe
2015-01-13 22:13 - 2015-01-13 22:13 - 04376752 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-09 17:09 - 2015-01-09 17:09 - 01687552 _____ () C:\Users\alien\Documents\charisma_carpenter4.mpeg
2015-01-09 17:09 - 2015-01-09 17:09 - 01638400 _____ () C:\Users\alien\Documents\charisma_carpenter3.mpeg
2015-01-09 17:09 - 2015-01-09 17:09 - 01536000 _____ () C:\Users\alien\Documents\charisma_carpenter1.mpeg
2015-01-07 19:53 - 2015-01-07 19:53 - 00002011 _____ () C:\Users\Public\Desktop\Arcanum Of Steamworks and Magick Obscura.lnk
2014-12-26 19:17 - 2014-12-26 19:17 - 00001984 _____ () C:\Users\Public\Desktop\Dawn of War.lnk
2014-12-26 19:11 - 2014-12-26 19:11 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-12-25 19:20 - 2014-12-25 19:20 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-19 20:31 - 2009-07-13 23:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 20:31 - 2009-07-13 23:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 20:29 - 2014-01-28 13:30 - 02011431 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 20:28 - 2014-02-01 23:18 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-19 20:24 - 2014-12-09 21:11 - 00002265 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-01-19 20:20 - 2014-02-01 22:59 - 00000000 ____D () C:\Users\alien\AppData\Local\Deployment
2015-01-19 20:19 - 2014-02-01 23:18 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 20:19 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 20:18 - 2009-07-13 23:51 - 00056002 _____ () C:\Windows\setupact.log
2015-01-19 19:47 - 2014-08-13 17:44 - 00000000 ____D () C:\Users\alien\AppData\Local\The Witcher 2
2015-01-19 19:28 - 2014-08-05 17:52 - 00000000 ____D () C:\Users\alien\AppData\Roaming\Azureus
2015-01-19 19:13 - 2014-02-01 23:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 19:09 - 2014-02-01 23:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 18:05 - 2014-02-01 23:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-18 21:55 - 2014-02-11 18:24 - 00000000 ____D () C:\Users\alien\AppData\Roaming\vlc
2015-01-17 23:32 - 2014-12-14 17:47 - 00000000 ____D () C:\Users\alien\Documents\Max Payne Savegames
2015-01-15 20:35 - 2014-08-05 18:20 - 00000000 ____D () C:\Games
2015-01-15 20:34 - 2014-08-16 19:42 - 00000000 ____D () C:\GOG Games
2015-01-13 22:13 - 2014-02-01 23:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 22:13 - 2014-02-01 23:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 22:13 - 2014-02-01 23:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-10 19:52 - 2014-09-23 23:09 - 00000000 ____D () C:\Users\alien\Documents\EA Games
2015-01-10 19:52 - 2014-08-07 20:35 - 00000000 ____D () C:\Users\alien\Documents\My Games
2015-01-10 18:52 - 2014-12-10 17:10 - 00000000 ____D () C:\Users\alien\Documents\Freedom Fighters
2015-01-07 20:15 - 2014-08-05 21:09 - 00000000 ____D () C:\Users\alien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-07 19:53 - 2014-02-04 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-01-07 19:46 - 2014-02-04 20:44 - 00000000 ____D () C:\Program Files (x86)\GOG.com
2015-01-03 20:28 - 2014-09-16 14:11 - 00000000 ____D () C:\Users\alien\Documents\Max Payne 2 Savegames
2014-12-26 19:22 - 2014-08-07 19:08 - 00043520 _____ () C:\Windows\SysWOW64\CmdLineExt03.dll
2014-12-26 19:17 - 2014-01-28 11:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-26 19:11 - 2014-08-07 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
==================== Files in the root of some directories =======
2014-11-11 19:21 - 2014-11-11 19:21 - 0008534 _____ () C:\Users\alien\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-11-11 19:21 - 2014-11-11 19:21 - 0004210 _____ () C:\Users\alien\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-11-11 19:21 - 2014-11-11 19:21 - 0000272 _____ () C:\Users\alien\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-11-11 19:19 - 2014-11-11 19:19 - 0000448 ____H () C:\Users\alien\AppData\Roaming\麽鎒駓覜
2014-11-11 19:20 - 2014-11-11 19:20 - 0008534 _____ () C:\Users\alien\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-11 19:20 - 2014-11-11 19:20 - 0004210 _____ () C:\Users\alien\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-11 19:20 - 2014-11-11 19:20 - 0000272 _____ () C:\Users\alien\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-02-07 12:16 - 2014-02-07 12:16 - 0007667 _____ () C:\Users\alien\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000336 _____ () C:\Users\alien\AppData\Local\setup.txt
2014-11-11 19:19 - 2014-11-11 22:08 - 0000520 _____ () C:\ProgramData\@system.temp
2014-11-11 19:20 - 2014-11-11 22:08 - 0000256 ____H () C:\ProgramData\@system3.att
2014-11-11 19:19 - 2014-11-11 19:19 - 0008534 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-11-11 19:19 - 2014-11-11 19:19 - 0004210 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-11-11 19:19 - 2014-11-11 19:19 - 0000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
Some content of TEMP:
====================
C:\Users\alien\AppData\Local\Temp\7za.exe
C:\Users\alien\AppData\Local\Temp\hijackthis.exe
C:\Users\alien\AppData\Local\Temp\i4jdel0.exe
C:\Users\alien\AppData\Local\Temp\lndrikm.dll
C:\Users\alien\AppData\Local\Temp\NirCmd.exe
C:\Users\alien\AppData\Local\Temp\PEVZ.EXE
C:\Users\alien\AppData\Local\Temp\remove.exe
C:\Users\alien\AppData\Local\Temp\sed.exe
C:\Users\alien\AppData\Local\Temp\shortcut.exe
C:\Users\alien\AppData\Local\Temp\SIntf16.dll
C:\Users\alien\AppData\Local\Temp\SIntf32.dll
C:\Users\alien\AppData\Local\Temp\SIntfNT.dll
C:\Users\alien\AppData\Local\Temp\swreg.exe
C:\Users\alien\AppData\Local\Temp\swxcacls.exe
C:\Users\alien\AppData\Local\Temp\wget.exe
C:\Users\alien\AppData\Local\Temp\zoek-delete.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-15 00:19
==================== End Of Log ============================
And here is addition log:
I have no idea what to do. If anyone can help me I would be ecstatic. I'm not great w/ computer stuff so try to make it easy for me to understand.
The processes are labeled hgzvyivjaexj.exe
Attachments
Last edited: