Solved Need help removing potential malware

[jeighjeigh]

I'm having trouble getting rid of malware on my computer. I've tried over 5 different malware scanners recommended by this page: http://malwaretips.com/blogs/malware-removal-guide-for-windows/



It finds some and removes them but keeps coming back with some and my computer is still running slow. II've attached some of the logs that could be of some use to you

 

[argus]

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The logs can take some time to research, so please be patient with me.
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
• Instructions that I give are for your system only!
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions.

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.




Download

Malwarebytes Anti-Rootkit to your desktop.

• Double-click the icon to start the tool.
• It will ask you where to extract it, then it will start.
• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Click in the introduction screen "next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

***************************************************************************************************

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyalltemp;
  bitsadmin /reset /allusers;b
  ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[jeighjeigh]

Here are my results from my scans:

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.06.02.01
rootkit: v2015.05.31.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
otherrrrrr :: OWNER-HP [administrator]

6/2/2015 2:32:35 AM
mbar-log-2015-06-02 (02-32-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 401633
Time elapsed: 39 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17801

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 4240293888, free: 1460170752

Downloaded database version: v2015.06.02.01
Downloaded database version: v2015.05.31.01
Downloaded database version: v2015.05.13.01
=======================================
Initializing...
------------ Kernel report ------------
06/02/2015 02:31:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tmcomm.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\epp64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\tmevtmgr.sys
\SystemRoot\system32\DRIVERS\tmactmon.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\WDKMD.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\tmusa.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\tmnciesc.sys
\SystemRoot\system32\DRIVERS\tmeevw.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.06.02.01
rootkit: v2015.05.31.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80069a9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80069a9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80069a9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006839b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004e63050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
The directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.
Drivers scan is aborted.
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E668E4D2

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 1251022
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1253070 Numsec = 1429977780

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1431230850 Numsec = 33704370

Partition 3 type is Other (0xe)
Partition is NOT ACTIVE.
Partition starts at LBA: 1464935220 Numsec = 213948

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished





----------------------------------------------------------------

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by otherrrrrr on Tue 06/02/2015 at 3:15:43.14.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\otherrrrrr\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

6/2/2015 3:18:35 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\DSPRobotics deleted successfully
C:\PROGRA~2\Trend Micro deleted successfully
C:\PROGRA~3\IDM deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully
C:\PROGRA~3\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} deleted successfully
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully
C:\Users\Guest\AppData\Roaming\hpqLog deleted successfully
C:\Users\otherrrrrr\AppData\Roaming\DMCache deleted successfully
C:\Users\otherrrrrr\AppData\Roaming\hpqLog deleted successfully
C:\Users\Guest\AppData\Local\VirtualStore deleted successfully
C:\Users\otherrrrrr\AppData\Local\Downloaded Installations deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1852792263-1943724817-2778886419-1003\Software\Microsoft\Internet Explorer\SearchScopes\{44159DE0-8C9E-4DDB-963F-2BFBA9563559} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{44159DE0-8C9E-4DDB-963F-2BFBA9563559} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44159DE0-8C9E-4DDB-963F-2BFBA9563559} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\DSPRobotics not found
C:\PROGRA~2\Trend Micro not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found
C:\PROGRA~3\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} not found
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found
C:\PROGRA~3\DivX deleted
C:\DPInst.exe deleted
C:\found.000 deleted
C:\Windows\SysNative\config\systemprofile\AppData\Roaming\NitroTmp.tmp deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\SummerSoft deleted
C:\Windows\Wininit.INI deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\OTHERR~1\AppData\Roaming\Mozilla\Firefox\Profiles\gwatwpr8.default\jetpack deleted
"C:\Windows\Installer\9f79.msi" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\OTHERR~1\AppData\Roaming\Mozilla\Firefox\Profiles\gwatwpr8.default
user_pref("browser.startup.homepage", "Google.com");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"tmbepff@trendmicro.com"="C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1081\9.0.1081\firefoxextension" [05/07/2015 09:35 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}"="C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension" [05/07/2015 09:03 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\OTHERR~1\AppData\Roaming\Mozilla\Firefox\Profiles\gwatwpr8.default
- Undetermined - C:\Users\otherrrrrr\AppData\Roaming\IDM\idmmzcc5

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\otherrrrrr\AppData\Roaming\Mozilla\Firefox\Profiles\gwatwpr8.default
F736D27974C8CB984774754D4D41205B - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll - Trend Micro Titanium
855B79451ECF62602F20EB4D5C71F99B - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 43.0.2357.81

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aepeildmfnnehghlknddebgjghlompfe - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[02/11/2011 05:37 AM]
dflinnddekagfkncpgojoppgnppfkbkj - No path found[]
ohhcpmplhhiiaoiddkfboafbhiknefdf - No path found[]

Website Logon - otherrrrrr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe
Bookmark Manager - otherrrrrr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - otherrrrrr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\538C0727BD5163242B53DDB6E2BB4DAB deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1EDE59AC-D97C-4DA0-AF4B-915EC53D7B5A} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E046DA65-7C5C-4F7A-AD91-347E3BA5F893} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7270C835-15DB-4236-B235-DD6B2EBBD4BA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\538C0727BD5163242B53DDB6E2BB4DAB deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\otherrrrrr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\otherrrrrr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Guest\AppData\Local\Mozilla\Firefox\Profiles\6v81qh3m.default\cache2 emptied successfully
C:\Users\otherrrrrr\AppData\Local\Mozilla\Firefox\Profiles\gwatwpr8.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\otherrrrrr\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=26 folders=14 4233093 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\otherrrrrr\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\OTHERR~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Tue 06/02/2015 at 4:53:15.58 ======================





and quick question do i still leave off my antispyware after these scans and reboot??

 

[argus]

and quick question do i still leave off my antispyware after these scans and reboot??

No.

How is the situation now?

 

[jeighjeigh]

It all seems well but how do i know if i got completely rid of it ???

 

[jeighjeigh]

oh and did those scans find anything at all?

 

[argus]

How's your computer behaving now?

 

[jeighjeigh]

Cpu usage and memory has gone down and hasn't even stalled on me these past days. I'm still concerned about entering my personal information just because of what happened. I seems like it's back to normal though. I do have a question because my friend said that i got infected because of the chrome.exe* 32 virus and i'm wondering if i'm suppose to have 12 in my task manager?

 

[argus]

chrome.exe* 32 is not virus, it's 32 bit. applications on x64 system.

i'm wondering if i'm suppose to have 12 in my task manager?

It is normal for Chrome, don't worry.

 

[argus]

The following will implement some post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

[jeighjeigh]

Thank you so much for your help