Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Google Chrome virus
Message
<blockquote data-quote="raggymuffin" data-source="post: 336337" data-attributes="member: 33335"><p>Need help getting rid of this google chrome crap. I'm not very computer savvy so I don't exactly know what I'm doing so bear with me. here is the FRST log.</p><p></p><p>can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015</p><p>Ran by alien (administrator) on ALIEN-PC on 19-01-2015 20:42:13</p><p>Running from C:\Users\alien\Desktop</p><p>Loaded Profiles: alien (Available profiles: alien)</p><p>Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 11</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(AMD) C:\Windows\System32\atiesrxx.exe</p><p>(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\stacsv64.exe</p><p>() C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE</p><p>(Microsoft Corporation) C:\Windows\System32\wlanext.exe</p><p>(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe</p><p>(AMD) C:\Windows\System32\atieclxx.exe</p><p>(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\AESTSr64.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe</p><p>() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe</p><p>(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe</p><p>() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe</p><p>(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe</p><p>(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</p><p>(Dell) C:\Users\alien\AppData\Local\Apps\2.0\1L2D35B8.1YC\ZV1D3HEA.PD2\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe</p><p>(Microsoft Corporation) C:\Windows\System32\regsvr32.exe</p><p>(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe</p><p>(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe</p><p>(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE</p><p>(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe</p><p>(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe</p><p>(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe</p><p>() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe</p><p>() C:\Program Files (x86)\Microsoft Games\Age of Mythology Gold Edition\movieplayer.exe</p><p>(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe</p><p>(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe</p><p>(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe</p><p>(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe</p><p>(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe</p><p>(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe</p><p>(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe</p><p>(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe</p><p>(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe</p><p>() C:\Users\alien\Desktop\zoek.exe</p><p>(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe</p><p>(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe</p><p>(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe</p><p>(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe</p><p>(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe</p><p>(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe</p><p>(Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.)</p><p>HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1926928 2009-09-21] (Intel(R) Corporation)</p><p>HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1881384 2009-10-23] (Synaptics Incorporated)</p><p>HKLM\...\Run: [] => [X]</p><p>HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()</p><p>HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-10] (Advanced Micro Devices, Inc.)</p><p>HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-05] (AVAST Software)</p><p>HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2014-06-27] (Power Software Ltd)</p><p>HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [DellSystemDetect] => C:\Users\alien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms</p><p>HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)</p><p>HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1299776 2014-10-30] (Lavasoft)</p><p>HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [cbcmwbtsomr] => regsvr32.exe /s "C:\Users\alien\AppData\Local\The Witcher 2\cbcmwbtsomr.dll" <===== ATTENTION</p><p>HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\MountPoints2: {8ba511fc-8849-11e3-ab62-806e6f6e6963} - E:\autoRcd.exe</p><p>HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\MountPoints2: {fdc8926b-1e87-11e4-be0d-0026b9ff21e7} - E:\AutoPlay.exe</p><p>HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-02-06] (Microsoft Corporation)</p><p>ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)</p><p>BootExecute: autocheck autochk * sdnclean64.exe</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>ProxyServer: [S-1-5-21-3712284919-4224653161-3860556774-1000] => localhost:8080</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =</p><p>HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = <a href="http://www.msn.com/?ocid=iehp" target="_blank">http://www.msn.com/?ocid=iehp</a></p><p>BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)</p><p>BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)</p><p>BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File</p><p>Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>Toolbar: HKU\S-1-5-21-3712284919-4224653161-3860556774-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)</p><p>DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} <a href="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab" target="_blank">http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</a></p><p>Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)</p><p>Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)</p><p>Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)</p><p>Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)</p><p>Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited)</p><p>Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)</p><p>Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)</p><p>Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)</p><p>Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)</p><p>Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)</p><p>Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p></p><p>FireFox:</p><p>========</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll No File</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:wrc@avast.com">wrc@avast.com</a>] - C:\Program Files\AVAST Software\Avast\WebRep\FF</p><p>FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-01]</p><p></p><p>Chrome:</p><p>=======</p><p>CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-05]</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)</p><p>R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-05] (AVAST Software)</p><p>S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]</p><p>R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()</p><p>S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2009-09-21] ()</p><p>R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-10-30] ()</p><p>R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\STacSV64.exe [243712 2009-11-27] (IDT, Inc.)</p><p>R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)</p><p>R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [3066368 2009-10-29] (Broadcom Corporation) [File not signed]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-05] ()</p><p>R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-05] (AVAST Software)</p><p>R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-05] (AVAST Software)</p><p>R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-05] ()</p><p>R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)</p><p>R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-05] (AVAST Software)</p><p>R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-05] (AVAST Software)</p><p>R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-05] ()</p><p>R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-07] (Disc Soft Ltd)</p><p>S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-18] () [File not signed]</p><p>S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)</p><p>S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]</p><p>S3 tsusbhub; system32\drivers\tsusbhub.sys [X]</p><p>S3 VGPU; System32\drivers\rdvgkmd.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-01-19 20:42 - 2015-01-19 20:46 - 00014015 _____ () C:\Users\alien\Desktop\FRST.txt</p><p>2015-01-19 20:40 - 2015-01-19 20:42 - 00000000 ____D () C:\FRST</p><p>2015-01-19 20:39 - 2015-01-19 20:40 - 02126848 _____ (Farbar) C:\Users\alien\Desktop\FRST64.exe</p><p>2015-01-19 20:37 - 2015-01-19 20:37 - 00000002 _____ () C:\runcheck.txt</p><p>2015-01-19 20:37 - 2015-01-19 20:37 - 00000000 ____D () C:\zoek_backup</p><p>2015-01-19 20:36 - 2015-01-19 20:36 - 01295360 _____ () C:\Users\alien\Desktop\zoek.exe</p><p>2015-01-13 22:13 - 2015-01-13 22:13 - 04376752 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe</p><p>2015-01-09 17:09 - 2015-01-09 17:09 - 01687552 _____ () C:\Users\alien\Documents\charisma_carpenter4.mpeg</p><p>2015-01-09 17:09 - 2015-01-09 17:09 - 01638400 _____ () C:\Users\alien\Documents\charisma_carpenter3.mpeg</p><p>2015-01-09 17:09 - 2015-01-09 17:09 - 01536000 _____ () C:\Users\alien\Documents\charisma_carpenter1.mpeg</p><p>2015-01-07 19:53 - 2015-01-07 19:53 - 00002011 _____ () C:\Users\Public\Desktop\Arcanum Of Steamworks and Magick Obscura.lnk</p><p>2014-12-26 19:17 - 2014-12-26 19:17 - 00001984 _____ () C:\Users\Public\Desktop\Dawn of War.lnk</p><p>2014-12-26 19:11 - 2014-12-26 19:11 - 00000000 ____D () C:\Program Files (x86)\THQ</p><p>2014-12-25 19:20 - 2014-12-25 19:20 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-01-19 20:31 - 2009-07-13 23:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2015-01-19 20:31 - 2009-07-13 23:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2015-01-19 20:29 - 2014-01-28 13:30 - 02011431 _____ () C:\Windows\WindowsUpdate.log</p><p>2015-01-19 20:28 - 2014-02-01 23:18 - 00000000 ____D () C:\Program Files (x86)\Google</p><p>2015-01-19 20:24 - 2014-12-09 21:11 - 00002265 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk</p><p>2015-01-19 20:20 - 2014-02-01 22:59 - 00000000 ____D () C:\Users\alien\AppData\Local\Deployment</p><p>2015-01-19 20:19 - 2014-02-01 23:18 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2015-01-19 20:19 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2015-01-19 20:18 - 2009-07-13 23:51 - 00056002 _____ () C:\Windows\setupact.log</p><p>2015-01-19 19:47 - 2014-08-13 17:44 - 00000000 ____D () C:\Users\alien\AppData\Local\The Witcher 2</p><p>2015-01-19 19:28 - 2014-08-05 17:52 - 00000000 ____D () C:\Users\alien\AppData\Roaming\Azureus</p><p>2015-01-19 19:13 - 2014-02-01 23:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2015-01-19 19:09 - 2014-02-01 23:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2015-01-19 18:05 - 2014-02-01 23:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update</p><p>2015-01-18 21:55 - 2014-02-11 18:24 - 00000000 ____D () C:\Users\alien\AppData\Roaming\vlc</p><p>2015-01-17 23:32 - 2014-12-14 17:47 - 00000000 ____D () C:\Users\alien\Documents\Max Payne Savegames</p><p>2015-01-15 20:35 - 2014-08-05 18:20 - 00000000 ____D () C:\Games</p><p>2015-01-15 20:34 - 2014-08-16 19:42 - 00000000 ____D () C:\GOG Games</p><p>2015-01-13 22:13 - 2014-02-01 23:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater</p><p>2015-01-13 22:13 - 2014-02-01 23:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2015-01-13 22:13 - 2014-02-01 23:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2015-01-10 19:52 - 2014-09-23 23:09 - 00000000 ____D () C:\Users\alien\Documents\EA Games</p><p>2015-01-10 19:52 - 2014-08-07 20:35 - 00000000 ____D () C:\Users\alien\Documents\My Games</p><p>2015-01-10 18:52 - 2014-12-10 17:10 - 00000000 ____D () C:\Users\alien\Documents\Freedom Fighters</p><p>2015-01-07 20:15 - 2014-08-05 21:09 - 00000000 ____D () C:\Users\alien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games</p><p>2015-01-07 19:53 - 2014-02-04 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com</p><p>2015-01-07 19:46 - 2014-02-04 20:44 - 00000000 ____D () C:\Program Files (x86)\GOG.com</p><p>2015-01-03 20:28 - 2014-09-16 14:11 - 00000000 ____D () C:\Users\alien\Documents\Max Payne 2 Savegames</p><p>2014-12-26 19:22 - 2014-08-07 19:08 - 00043520 _____ () C:\Windows\SysWOW64\CmdLineExt03.dll</p><p>2014-12-26 19:17 - 2014-01-28 11:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information</p><p>2014-12-26 19:11 - 2014-08-07 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ</p><p></p><p>==================== Files in the root of some directories =======</p><p>2014-11-11 19:21 - 2014-11-11 19:21 - 0008534 _____ () C:\Users\alien\AppData\Roaming\DECRYPT_INSTRUCTION.HTML</p><p>2014-11-11 19:21 - 2014-11-11 19:21 - 0004210 _____ () C:\Users\alien\AppData\Roaming\DECRYPT_INSTRUCTION.TXT</p><p>2014-11-11 19:21 - 2014-11-11 19:21 - 0000272 _____ () C:\Users\alien\AppData\Roaming\DECRYPT_INSTRUCTION.URL</p><p>2014-11-11 19:19 - 2014-11-11 19:19 - 0000448 ____H () C:\Users\alien\AppData\Roaming\麽鎒駓覜</p><p>2014-11-11 19:20 - 2014-11-11 19:20 - 0008534 _____ () C:\Users\alien\AppData\Local\DECRYPT_INSTRUCTION.HTML</p><p>2014-11-11 19:20 - 2014-11-11 19:20 - 0004210 _____ () C:\Users\alien\AppData\Local\DECRYPT_INSTRUCTION.TXT</p><p>2014-11-11 19:20 - 2014-11-11 19:20 - 0000272 _____ () C:\Users\alien\AppData\Local\DECRYPT_INSTRUCTION.URL</p><p>2014-02-07 12:16 - 2014-02-07 12:16 - 0007667 _____ () C:\Users\alien\AppData\Local\Resmon.ResmonCfg</p><p>2008-02-05 13:28 - 2008-02-05 13:28 - 0000336 _____ () C:\Users\alien\AppData\Local\setup.txt</p><p>2014-11-11 19:19 - 2014-11-11 22:08 - 0000520 _____ () C:\ProgramData\@system.temp</p><p>2014-11-11 19:20 - 2014-11-11 22:08 - 0000256 ____H () C:\ProgramData\@system3.att</p><p>2014-11-11 19:19 - 2014-11-11 19:19 - 0008534 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML</p><p>2014-11-11 19:19 - 2014-11-11 19:19 - 0004210 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT</p><p>2014-11-11 19:19 - 2014-11-11 19:19 - 0000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\alien\AppData\Local\Temp\7za.exe</p><p>C:\Users\alien\AppData\Local\Temp\hijackthis.exe</p><p>C:\Users\alien\AppData\Local\Temp\i4jdel0.exe</p><p>C:\Users\alien\AppData\Local\Temp\lndrikm.dll</p><p>C:\Users\alien\AppData\Local\Temp\NirCmd.exe</p><p>C:\Users\alien\AppData\Local\Temp\PEVZ.EXE</p><p>C:\Users\alien\AppData\Local\Temp\remove.exe</p><p>C:\Users\alien\AppData\Local\Temp\sed.exe</p><p>C:\Users\alien\AppData\Local\Temp\shortcut.exe</p><p>C:\Users\alien\AppData\Local\Temp\SIntf16.dll</p><p>C:\Users\alien\AppData\Local\Temp\SIntf32.dll</p><p>C:\Users\alien\AppData\Local\Temp\SIntfNT.dll</p><p>C:\Users\alien\AppData\Local\Temp\swreg.exe</p><p>C:\Users\alien\AppData\Local\Temp\swxcacls.exe</p><p>C:\Users\alien\AppData\Local\Temp\wget.exe</p><p>C:\Users\alien\AppData\Local\Temp\zoek-delete.exe</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2015-01-15 00:19</p><p></p><p>==================== End Of Log ============================</p><p></p><p></p><p></p><p></p><p></p><p></p><p>And here is addition log:</p><p></p><p></p><p>I have no idea what to do. If anyone can help me I would be ecstatic. I'm not great w/ computer stuff so try to make it easy for me to understand.</p><p>The processes are labeled hgzvyivjaexj.exe</p></blockquote><p></p>
[QUOTE="raggymuffin, post: 336337, member: 33335"] Need help getting rid of this google chrome crap. I'm not very computer savvy so I don't exactly know what I'm doing so bear with me. here is the FRST log. can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by alien (administrator) on ALIEN-PC on 19-01-2015 20:42:13 Running from C:\Users\alien\Desktop Loaded Profiles: alien (Available profiles: alien) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\stacsv64.exe () C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\AESTSr64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Dell) C:\Users\alien\AppData\Local\Apps\2.0\1L2D35B8.1YC\ZV1D3HEA.PD2\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe (Microsoft Corporation) C:\Windows\System32\regsvr32.exe (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe () C:\Program Files (x86)\Microsoft Games\Age of Mythology Gold Edition\movieplayer.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe (Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe (Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe (Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe (Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe (Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe (Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe (Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe () C:\Users\alien\Desktop\zoek.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe (Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe (Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe (Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe (Google Inc.) C:\Users\alien\AppData\LocalLow\Adobe\dnsrclklrz\Sptnspk\hgzvyivjaexj.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1926928 2009-09-21] (Intel(R) Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1881384 2009-10-23] (Synaptics Incorporated) HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-10] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-05] (AVAST Software) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2014-06-27] (Power Software Ltd) HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [DellSystemDetect] => C:\Users\alien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1299776 2014-10-30] (Lavasoft) HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\Run: [cbcmwbtsomr] => regsvr32.exe /s "C:\Users\alien\AppData\Local\The Witcher 2\cbcmwbtsomr.dll" <===== ATTENTION HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\MountPoints2: {8ba511fc-8849-11e3-ab62-806e6f6e6963} - E:\autoRcd.exe HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\...\MountPoints2: {fdc8926b-1e87-11e4-be0d-0026b9ff21e7} - E:\AutoPlay.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-02-06] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-3712284919-4224653161-3860556774-1000] => localhost:8080 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3712284919-4224653161-3860556774-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [URL]http://www.msn.com/?ocid=iehp[/URL] BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-3712284919-4224653161-3860556774-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} [URL]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/URL] Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited) Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited) Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited) Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited) Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [312424] (Lavasoft Limited) Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited) Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited) Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited) Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited) Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [[EMAIL]wrc@avast.com[/EMAIL]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-01] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-05] (AVAST Software) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] () S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2009-09-21] () R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-10-30] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7984240545aadb84\STacSV64.exe [243712 2009-11-27] (IDT, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [3066368 2009-10-29] (Broadcom Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-05] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-05] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-05] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-05] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-05] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-05] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-05] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-07] (Disc Soft Ltd) S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-18] () [File not signed] S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-19 20:42 - 2015-01-19 20:46 - 00014015 _____ () C:\Users\alien\Desktop\FRST.txt 2015-01-19 20:40 - 2015-01-19 20:42 - 00000000 ____D () C:\FRST 2015-01-19 20:39 - 2015-01-19 20:40 - 02126848 _____ (Farbar) C:\Users\alien\Desktop\FRST64.exe 2015-01-19 20:37 - 2015-01-19 20:37 - 00000002 _____ () C:\runcheck.txt 2015-01-19 20:37 - 2015-01-19 20:37 - 00000000 ____D () C:\zoek_backup 2015-01-19 20:36 - 2015-01-19 20:36 - 01295360 _____ () C:\Users\alien\Desktop\zoek.exe 2015-01-13 22:13 - 2015-01-13 22:13 - 04376752 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-01-09 17:09 - 2015-01-09 17:09 - 01687552 _____ () C:\Users\alien\Documents\charisma_carpenter4.mpeg 2015-01-09 17:09 - 2015-01-09 17:09 - 01638400 _____ () C:\Users\alien\Documents\charisma_carpenter3.mpeg 2015-01-09 17:09 - 2015-01-09 17:09 - 01536000 _____ () C:\Users\alien\Documents\charisma_carpenter1.mpeg 2015-01-07 19:53 - 2015-01-07 19:53 - 00002011 _____ () C:\Users\Public\Desktop\Arcanum Of Steamworks and Magick Obscura.lnk 2014-12-26 19:17 - 2014-12-26 19:17 - 00001984 _____ () C:\Users\Public\Desktop\Dawn of War.lnk 2014-12-26 19:11 - 2014-12-26 19:11 - 00000000 ____D () C:\Program Files (x86)\THQ 2014-12-25 19:20 - 2014-12-25 19:20 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-19 20:31 - 2009-07-13 23:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-19 20:31 - 2009-07-13 23:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-19 20:29 - 2014-01-28 13:30 - 02011431 _____ () C:\Windows\WindowsUpdate.log 2015-01-19 20:28 - 2014-02-01 23:18 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-19 20:24 - 2014-12-09 21:11 - 00002265 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2015-01-19 20:20 - 2014-02-01 22:59 - 00000000 ____D () C:\Users\alien\AppData\Local\Deployment 2015-01-19 20:19 - 2014-02-01 23:18 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-19 20:19 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-19 20:18 - 2009-07-13 23:51 - 00056002 _____ () C:\Windows\setupact.log 2015-01-19 19:47 - 2014-08-13 17:44 - 00000000 ____D () C:\Users\alien\AppData\Local\The Witcher 2 2015-01-19 19:28 - 2014-08-05 17:52 - 00000000 ____D () C:\Users\alien\AppData\Roaming\Azureus 2015-01-19 19:13 - 2014-02-01 23:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-19 19:09 - 2014-02-01 23:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-19 18:05 - 2014-02-01 23:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-01-18 21:55 - 2014-02-11 18:24 - 00000000 ____D () C:\Users\alien\AppData\Roaming\vlc 2015-01-17 23:32 - 2014-12-14 17:47 - 00000000 ____D () C:\Users\alien\Documents\Max Payne Savegames 2015-01-15 20:35 - 2014-08-05 18:20 - 00000000 ____D () C:\Games 2015-01-15 20:34 - 2014-08-16 19:42 - 00000000 ____D () C:\GOG Games 2015-01-13 22:13 - 2014-02-01 23:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-13 22:13 - 2014-02-01 23:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-13 22:13 - 2014-02-01 23:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-10 19:52 - 2014-09-23 23:09 - 00000000 ____D () C:\Users\alien\Documents\EA Games 2015-01-10 19:52 - 2014-08-07 20:35 - 00000000 ____D () C:\Users\alien\Documents\My Games 2015-01-10 18:52 - 2014-12-10 17:10 - 00000000 ____D () C:\Users\alien\Documents\Freedom Fighters 2015-01-07 20:15 - 2014-08-05 21:09 - 00000000 ____D () C:\Users\alien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-01-07 19:53 - 2014-02-04 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2015-01-07 19:46 - 2014-02-04 20:44 - 00000000 ____D () C:\Program Files (x86)\GOG.com 2015-01-03 20:28 - 2014-09-16 14:11 - 00000000 ____D () C:\Users\alien\Documents\Max Payne 2 Savegames 2014-12-26 19:22 - 2014-08-07 19:08 - 00043520 _____ () C:\Windows\SysWOW64\CmdLineExt03.dll 2014-12-26 19:17 - 2014-01-28 11:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-26 19:11 - 2014-08-07 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ ==================== Files in the root of some directories ======= 2014-11-11 19:21 - 2014-11-11 19:21 - 0008534 _____ () C:\Users\alien\AppData\Roaming\DECRYPT_INSTRUCTION.HTML 2014-11-11 19:21 - 2014-11-11 19:21 - 0004210 _____ () C:\Users\alien\AppData\Roaming\DECRYPT_INSTRUCTION.TXT 2014-11-11 19:21 - 2014-11-11 19:21 - 0000272 _____ () C:\Users\alien\AppData\Roaming\DECRYPT_INSTRUCTION.URL 2014-11-11 19:19 - 2014-11-11 19:19 - 0000448 ____H () C:\Users\alien\AppData\Roaming\麽鎒駓覜 2014-11-11 19:20 - 2014-11-11 19:20 - 0008534 _____ () C:\Users\alien\AppData\Local\DECRYPT_INSTRUCTION.HTML 2014-11-11 19:20 - 2014-11-11 19:20 - 0004210 _____ () C:\Users\alien\AppData\Local\DECRYPT_INSTRUCTION.TXT 2014-11-11 19:20 - 2014-11-11 19:20 - 0000272 _____ () C:\Users\alien\AppData\Local\DECRYPT_INSTRUCTION.URL 2014-02-07 12:16 - 2014-02-07 12:16 - 0007667 _____ () C:\Users\alien\AppData\Local\Resmon.ResmonCfg 2008-02-05 13:28 - 2008-02-05 13:28 - 0000336 _____ () C:\Users\alien\AppData\Local\setup.txt 2014-11-11 19:19 - 2014-11-11 22:08 - 0000520 _____ () C:\ProgramData\@system.temp 2014-11-11 19:20 - 2014-11-11 22:08 - 0000256 ____H () C:\ProgramData\@system3.att 2014-11-11 19:19 - 2014-11-11 19:19 - 0008534 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML 2014-11-11 19:19 - 2014-11-11 19:19 - 0004210 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT 2014-11-11 19:19 - 2014-11-11 19:19 - 0000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL Some content of TEMP: ==================== C:\Users\alien\AppData\Local\Temp\7za.exe C:\Users\alien\AppData\Local\Temp\hijackthis.exe C:\Users\alien\AppData\Local\Temp\i4jdel0.exe C:\Users\alien\AppData\Local\Temp\lndrikm.dll C:\Users\alien\AppData\Local\Temp\NirCmd.exe C:\Users\alien\AppData\Local\Temp\PEVZ.EXE C:\Users\alien\AppData\Local\Temp\remove.exe C:\Users\alien\AppData\Local\Temp\sed.exe C:\Users\alien\AppData\Local\Temp\shortcut.exe C:\Users\alien\AppData\Local\Temp\SIntf16.dll C:\Users\alien\AppData\Local\Temp\SIntf32.dll C:\Users\alien\AppData\Local\Temp\SIntfNT.dll C:\Users\alien\AppData\Local\Temp\swreg.exe C:\Users\alien\AppData\Local\Temp\swxcacls.exe C:\Users\alien\AppData\Local\Temp\wget.exe C:\Users\alien\AppData\Local\Temp\zoek-delete.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-15 00:19 ==================== End Of Log ============================ And here is addition log: I have no idea what to do. If anyone can help me I would be ecstatic. I'm not great w/ computer stuff so try to make it easy for me to understand. The processes are labeled hgzvyivjaexj.exe [/QUOTE]
Insert quotes…
Verification
Post reply
Top