Google Chrome virus

[raggymuffin]

Need help getting rid of this google chrome crap. I'm not very computer savvy so I don't exactly know what I'm doing so bear with me. here is the FRST log.

can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by alien (administrator) on ALIEN-PC on 19-01-2015 20:42:13
Running from C:\Users\alien\Desktop
Loaded Profiles: alien (Available profiles: alien)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\stacsv64.exe
() C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\AESTSr64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell) C:\Users\alien\AppData\Local\Apps\2.0\1L2D35B8.1YC\ZV1D3HEA.PD2\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
() C:\Program Files (x86)\Microsoft Games\Age of Mythology Gold Edition\movieplayer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
() C:\Users\alien\Desktop\zoek.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe
(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1926928 2009-09-21] (Intel(R) Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1881384 2009-10-23] (Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-05] (AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2014-06-27] (Power Software Ltd)
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [DellSystemDetect] => C:\Users\alien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1299776 2014-10-30] (Lavasoft)
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [cbcmwbtsomr] => regsvr32.exe /s "C:\Users\alien\AppData\Local\The Witcher 2\cbcmwbtsomr.dll" <===== ATTENTION
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\MountPoints2: {8ba511fc-8849-11e3-ab62-806e6f6e6963} - E:\autoRcd.exe
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\MountPoints2: {fdc8926b-1e87-11e4-be0d-0026b9ff21e7} - E:\AutoPlay.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-02-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3712284919-4224653161-3860556774-1000] => localhost:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3712284919-4224653161-3860556774-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-01]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-05] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2009-09-21] ()
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-10-30] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\STacSV64.exe [243712 2009-11-27] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [3066368 2009-10-29] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-05] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-07] (Disc Soft Ltd)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-18] () [File not signed]
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 20:42 - 2015-01-19 20:46 - 00014015 _____ () C:\Users\alien\Desktop\FRST.txt
2015-01-19 20:40 - 2015-01-19 20:42 - 00000000 ____D () C:\FRST
2015-01-19 20:39 - 2015-01-19 20:40 - 02126848 _____ (Farbar) C:\Users\alien\Desktop\FRST64.exe
2015-01-19 20:37 - 2015-01-19 20:37 - 00000002 _____ () C:\runcheck.txt
2015-01-19 20:37 - 2015-01-19 20:37 - 00000000 ____D () C:\zoek_backup
2015-01-19 20:36 - 2015-01-19 20:36 - 01295360 _____ () C:\Users\alien\Desktop\zoek.exe
2015-01-13 22:13 - 2015-01-13 22:13 - 04376752 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-09 17:09 - 2015-01-09 17:09 - 01687552 _____ () C:\Users\alien\Documents\charisma_carpenter4.mpeg
2015-01-09 17:09 - 2015-01-09 17:09 - 01638400 _____ () C:\Users\alien\Documents\charisma_carpenter3.mpeg
2015-01-09 17:09 - 2015-01-09 17:09 - 01536000 _____ () C:\Users\alien\Documents\charisma_carpenter1.mpeg
2015-01-07 19:53 - 2015-01-07 19:53 - 00002011 _____ () C:\Users\Public\Desktop\Arcanum Of Steamworks and Magick Obscura.lnk
2014-12-26 19:17 - 2014-12-26 19:17 - 00001984 _____ () C:\Users\Public\Desktop\Dawn of War.lnk
2014-12-26 19:11 - 2014-12-26 19:11 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-12-25 19:20 - 2014-12-25 19:20 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 20:31 - 2009-07-13 23:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 20:31 - 2009-07-13 23:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 20:29 - 2014-01-28 13:30 - 02011431 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 20:28 - 2014-02-01 23:18 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-19 20:24 - 2014-12-09 21:11 - 00002265 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-01-19 20:20 - 2014-02-01 22:59 - 00000000 ____D () C:\Users\alien\AppData\Local\Deployment
2015-01-19 20:19 - 2014-02-01 23:18 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 20:19 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 20:18 - 2009-07-13 23:51 - 00056002 _____ () C:\Windows\setupact.log
2015-01-19 19:47 - 2014-08-13 17:44 - 00000000 ____D () C:\Users\alien\AppData\Local\The Witcher 2
2015-01-19 19:28 - 2014-08-05 17:52 - 00000000 ____D () C:\Users\alien\AppData\Roaming\Azureus
2015-01-19 19:13 - 2014-02-01 23:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 19:09 - 2014-02-01 23:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 18:05 - 2014-02-01 23:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-18 21:55 - 2014-02-11 18:24 - 00000000 ____D () C:\Users\alien\AppData\Roaming\vlc
2015-01-17 23:32 - 2014-12-14 17:47 - 00000000 ____D () C:\Users\alien\Documents\Max Payne Savegames
2015-01-15 20:35 - 2014-08-05 18:20 - 00000000 ____D () C:\Games
2015-01-15 20:34 - 2014-08-16 19:42 - 00000000 ____D () C:\GOG Games
2015-01-13 22:13 - 2014-02-01 23:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 22:13 - 2014-02-01 23:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 22:13 - 2014-02-01 23:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-10 19:52 - 2014-09-23 23:09 - 00000000 ____D () C:\Users\alien\Documents\EA Games
2015-01-10 19:52 - 2014-08-07 20:35 - 00000000 ____D () C:\Users\alien\Documents\My Games
2015-01-10 18:52 - 2014-12-10 17:10 - 00000000 ____D () C:\Users\alien\Documents\Freedom Fighters
2015-01-07 20:15 - 2014-08-05 21:09 - 00000000 ____D () C:\Users\alien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-07 19:53 - 2014-02-04 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-01-07 19:46 - 2014-02-04 20:44 - 00000000 ____D () C:\Program Files (x86)\GOG.com
2015-01-03 20:28 - 2014-09-16 14:11 - 00000000 ____D () C:\Users\alien\Documents\Max Payne 2 Savegames
2014-12-26 19:22 - 2014-08-07 19:08 - 00043520 _____ () C:\Windows\SysWOW64\CmdLineExt03.dll
2014-12-26 19:17 - 2014-01-28 11:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-26 19:11 - 2014-08-07 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ

==================== Files in the root of some directories =======
2014-11-11 19:21 - 2014-11-11 19:21 - 0008534 _____ () C:\Users\alien\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-11-11 19:21 - 2014-11-11 19:21 - 0004210 _____ () C:\Users\alien\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-11-11 19:21 - 2014-11-11 19:21 - 0000272 _____ () C:\Users\alien\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-11-11 19:19 - 2014-11-11 19:19 - 0000448 ____H () C:\Users\alien\AppData\Roaming\麽鎒駓覜
2014-11-11 19:20 - 2014-11-11 19:20 - 0008534 _____ () C:\Users\alien\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-11 19:20 - 2014-11-11 19:20 - 0004210 _____ () C:\Users\alien\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-11 19:20 - 2014-11-11 19:20 - 0000272 _____ () C:\Users\alien\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-02-07 12:16 - 2014-02-07 12:16 - 0007667 _____ () C:\Users\alien\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000336 _____ () C:\Users\alien\AppData\Local\setup.txt
2014-11-11 19:19 - 2014-11-11 22:08 - 0000520 _____ () C:\ProgramData\@system.temp
2014-11-11 19:20 - 2014-11-11 22:08 - 0000256 ____H () C:\ProgramData\@system3.att
2014-11-11 19:19 - 2014-11-11 19:19 - 0008534 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-11-11 19:19 - 2014-11-11 19:19 - 0004210 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-11-11 19:19 - 2014-11-11 19:19 - 0000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL

Some content of TEMP:
====================
C:\Users\alien\AppData\Local\Temp\7za.exe
C:\Users\alien\AppData\Local\Temp\hijackthis.exe
C:\Users\alien\AppData\Local\Temp\i4jdel0.exe
C:\Users\alien\AppData\Local\Temp\lndrikm.dll
C:\Users\alien\AppData\Local\Temp\NirCmd.exe
C:\Users\alien\AppData\Local\Temp\PEVZ.EXE
C:\Users\alien\AppData\Local\Temp\remove.exe
C:\Users\alien\AppData\Local\Temp\sed.exe
C:\Users\alien\AppData\Local\Temp\shortcut.exe
C:\Users\alien\AppData\Local\Temp\SIntf16.dll
C:\Users\alien\AppData\Local\Temp\SIntf32.dll
C:\Users\alien\AppData\Local\Temp\SIntfNT.dll
C:\Users\alien\AppData\Local\Temp\swreg.exe
C:\Users\alien\AppData\Local\Temp\swxcacls.exe
C:\Users\alien\AppData\Local\Temp\wget.exe
C:\Users\alien\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-15 00:19

==================== End Of Log ============================






And here is addition log:


I have no idea what to do. If anyone can help me I would be ecstatic. I'm not great w/ computer stuff so try to make it easy for me to understand.
The processes are labeled hgzvyivjaexj.exe

 

[argus]

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The logs can take some time to research, so please be patient with me.
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
• Instructions that I give are for your system only!
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[raggymuffin]

Okay I followed your instructions. Here is the Fixlog. And thank you for helping me out.

 

[argus]

Tell me is everything okay.

 

[raggymuffin]

Only problem I can find is when I use Internet Explorer about 5 or 6 IE programs show up when I start task manager and go to applications, none of which I can end or go away until I restart my computer. In Processes they are listed as Image Name: Dllhost.exe and their Description is COM Surrogate. And they use A LOT of memory unless I disconnect my Internet.

 

[argus]

Download

Malwarebytes Anti-Rootkit to your desktop.

• Double-click the icon to start the tool.
• It will ask you where to extract it, then it will start.
• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Click in the introduction screen "next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

 

[raggymuffin]

No Malware was detected, but here are the files anyway.

 

[argus]

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Follow the prompts and click Scan.
• When finished, please click Clean.
• Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

 

[raggymuffin]

The good thing is my computer seems to be faster and overall better than it has in months so thank you very much, you're a good guy. Did as you instructed and here is the Report.

 

[argus]

Okay, glad we could help.



Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

[raggymuffin]

Will this tool affect my games? I got Jagged Alliance 2, Fallout 2, Baldurs Gate 2, Deus Ex, Max Payne 1 & 2, Icewind Dale 2, Arcanum, Wizardry 8, etc. And I'm currently playing all these games and I don't want it to affect these games or their saves.

 

[argus]

No.