Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Cannot get rid of Coupon Titan malware ads.Help!!

Options
  • 28-07-2015 8:51pm
    #1
    GottaGetGatt
    Registered Users Posts: 2,133 ✭✭✭


    So as the title says i've had The Coupon Titan malware virus on my laptop for the past three months or more.

    Done everything from removing registry keys to just resetting chrome but nothing has removed it fully.Downloaded Malware Bytes but that still hasn't done the trick.

    Anyone have a solution.Please help.


Comments

  • Options
    #2
    jsa112
    Registered Users Posts: 840 ✭✭✭jsa112


    run adwcleaner and post its log

    http://www.bleepingcomputer.com/download/adwcleaner/


  • Options
    #3
    GottaGetGatt
    Registered Users Posts: 2,133 ✭✭✭GottaGetGatt


    jsa112 wrote: »
    run adwcleaner and post its log

    http://www.bleepingcomputer.com/download/adwcleaner/

    Here's the log file
    AdwCleaner v4.208 - Logfile created 28/07/2015 at 21:29:44
    # Updated 09/07/2015 by Xplode
    # Database : 2015-07-26.2 [Server]
    # Operating system : Windows 7 Professional Service Pack 1 (x64)
    # Username : - -PC
    # Running from : C:\Users\\Downloads\AdwCleaner (2).exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17909


    -\\ Google Chrome v44.0.2403.107


    *************************

    AdwCleaner[R0].txt - [9553 bytes] - [28/06/2015 23:11:05]
    AdwCleaner[R1].txt - [9612 bytes] - [28/06/2015 23:12:55]
    AdwCleaner[R2].txt - [926 bytes] - [28/06/2015 23:15:51]
    AdwCleaner[R3].txt - [1066 bytes] - [28/07/2015 21:25:44]
    AdwCleaner[R4].txt - [930 bytes] - [28/07/2015 21:29:44]
    AdwCleaner[S0].txt - [8540 bytes] - [28/06/2015 23:13:55]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1047 bytes] ##########


  • Options
    #4
    jsa112
    Registered Users Posts: 840 ✭✭✭jsa112


    still having issues ?


  • Options
    #5
    GottaGetGatt
    Registered Users Posts: 2,133 ✭✭✭GottaGetGatt


    Yeah it still pops up "Ads by Coupon Titan" when i open chrome


  • Options
    #6
    jsa112
    Registered Users Posts: 840 ✭✭✭jsa112


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • Advertisement
  • Options
    #7
    GottaGetGatt
    Registered Users Posts: 2,133 ✭✭✭GottaGetGatt


    jsa112 wrote: »
    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here
    this
    OTL logfile created on: 28/07/2015 23:03:14 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rory\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17914)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    3.73 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 53.92% Memory free
    4.22 Gb Paging File | 2.23 Gb Available in Paging File | 52.73% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 119.14 Gb Total Space | 3.98 Gb Free Space | 3.34% Space Free | Partition Type: NTFS

    Computer Name: RORY-PC | User Name: Rory | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2015/07/28 23:02:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rory\Downloads\OTL.exe
    PRC - [2015/07/23 23:39:58 | 000,813,896 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2015/06/18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    PRC - [2015/06/18 08:39:46 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    PRC - [2015/06/18 08:39:34 | 006,554,424 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    PRC - [2015/05/01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    PRC - [2015/05/01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    PRC - [2014/12/09 23:22:33 | 000,186,048 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    PRC - [2014/12/06 17:45:16 | 000,105,448 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
    PRC - [2014/01/16 12:24:20 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Rory\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2013/12/18 11:40:06 | 008,135,744 | ---- | M] (Clarus, Inc.) -- C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe
    PRC - [2013/12/18 11:37:04 | 000,136,192 | ---- | M] (Clarus, Inc.) -- C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
    PRC - [2013/12/18 11:36:04 | 000,018,432 | ---- | M] (Clarus, Inc.) -- C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
    PRC - [2008/09/18 11:25:40 | 000,806,912 | ---- | M] () -- C:\Program Files (x86)\Multimedia Mouse Driver\V5\MouseDrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2015/07/23 23:39:56 | 001,405,768 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libglesv2.dll
    MOD - [2015/07/23 23:39:55 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libegl.dll
    MOD - [2009/07/14 02:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
    MOD - [2008/09/18 11:25:40 | 000,806,912 | ---- | M] () -- C:\Program Files (x86)\Multimedia Mouse Driver\V5\MouseDrv.exe
    MOD - [2006/05/03 05:49:22 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Multimedia Mouse Driver\V5\MouseHook.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2015/06/20 20:34:46 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2015/05/25 19:19:13 | 001,255,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
    SRV:64bit: - [2013/07/24 15:04:24 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/08/21 10:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2015/07/15 21:46:12 | 000,268,976 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2015/06/18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2015/06/18 08:39:46 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2015/06/04 19:56:54 | 000,837,312 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2015/05/01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
    SRV - [2015/05/01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
    SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2014/12/09 23:22:33 | 000,186,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe -- (Razer Game Scanner Service)
    SRV - [2014/12/06 17:45:16 | 000,105,448 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe -- (RzKLService)
    SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2013/12/18 11:36:04 | 000,018,432 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe -- (SZDrvSvc)
    SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2015/07/28 21:51:07 | 000,113,880 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
    DRV:64bit: - [2015/06/18 08:41:56 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
    DRV:64bit: - [2015/06/18 08:41:40 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2014/12/09 23:21:53 | 000,037,184 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpmgrk.sys -- (rzpmgrk)
    DRV:64bit: - [2014/08/15 22:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2014/05/27 01:13:18 | 000,034,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xb1usb.sys -- (xb1usb)
    DRV:64bit: - [2013/07/24 15:06:31 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2013/07/24 15:06:31 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2013/07/24 14:16:36 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2013/07/24 14:08:44 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2013/07/24 14:08:43 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2013/07/24 14:08:43 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2013/07/24 14:08:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2013/02/19 14:44:08 | 012,312,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2013/02/05 23:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/12/21 06:44:10 | 000,786,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
    DRV:64bit: - [2012/12/21 06:44:10 | 000,366,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
    DRV:64bit: - [2012/11/08 12:41:34 | 000,418,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
    DRV:64bit: - [2012/11/08 12:41:34 | 000,139,592 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
    DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/24 20:58:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
    DRV:64bit: - [2012/07/24 20:58:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
    DRV:64bit: - [2012/07/24 20:58:00 | 000,032,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronSTOR.sys -- (EtronSTOR)
    DRV:64bit: - [2012/03/26 05:24:02 | 003,341,904 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2012/03/08 10:09:30 | 000,088,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxdiaga.sys -- (b06diag)
    DRV:64bit: - [2012/02/22 17:33:36 | 000,539,176 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxois.sys -- (bxois)
    DRV:64bit: - [2012/02/22 17:06:00 | 000,178,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxfcoe.sys -- (bxfcoe)
    DRV:64bit: - [2012/02/22 15:27:02 | 000,157,288 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Xeno7x64.sys -- (BFN7x64)
    DRV:64bit: - [2012/02/02 10:43:00 | 000,509,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
    DRV:64bit: - [2012/01/24 16:44:00 | 000,529,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2011/12/01 23:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2011/10/25 18:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2011/10/25 18:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2011/08/23 14:12:57 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/01/20 20:38:14 | 000,347,256 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/09/28 12:15:24 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
    DRV:64bit: - [2010/02/27 00:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/11/16 15:45:24 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
    DRV:64bit: - [2009/11/16 15:45:21 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
    DRV:64bit: - [2009/09/18 03:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/28 19:24:12 | 000,081,408 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
    DRV:64bit: - [2009/07/14 13:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/07/04 20:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
    DRV:64bit: - [2009/07/02 09:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/03/23 18:28:30 | 000,056,320 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
    DRV:64bit: - [2009/03/19 15:07:46 | 000,052,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
    DRV:64bit: - [2009/03/12 12:33:06 | 000,020,992 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
    DRV:64bit: - [2009/03/05 12:03:34 | 000,088,576 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
    DRV:64bit: - [2009/03/03 16:34:54 | 000,045,056 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
    DRV:64bit: - [2009/02/19 17:20:18 | 000,076,160 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV:64bit: - [2008/10/06 18:56:58 | 000,173,696 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
    DRV:64bit: - [2008/03/25 14:54:26 | 000,049,152 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
    DRV:64bit: - [2008/01/12 00:00:14 | 000,033,400 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
    DRV:64bit: - [2007/09/04 07:29:04 | 000,014,872 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
    DRV:64bit: - [2007/06/18 13:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2006/10/23 17:33:08 | 000,018,944 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2012/06/21 14:58:20 | 000,020,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys -- (mdf16)
    DRV - [2012/06/21 14:58:10 | 000,099,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys -- (mvd23)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IE
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
    FF:64bit: - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.7.0: C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll (EA Digital Illusions CE AB)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.1: C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.4.0: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
    FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.7.0: C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll (EA Digital Illusions CE AB)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.45.2: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



    ========== Chrome ==========

    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\apghicjnekejhfancbkahkhdckhdagna\3.0.12_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

    O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Clarus Drive Manager] C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
    O4 - HKLM..\Run: [RazerCortex] C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe (Razer Inc.)
    O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\Toshiba\PasswordUtility\TOSDCR.exe ()
    O4 - HKLM..\Run: [WireLessMouse] C:\Program Files (x86)\Multimedia Mouse Driver\V5\StartAutorun.exe MouseDrv.exe File not found
    O4 - HKCU..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent File not found
    O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Rory\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: google.ie ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: kichenutensils.ie ([]https in Trusted sites)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25C86613-CD2C-4F08-8736-9796AF24B7A7}: DhcpNameServer = 192.168.1.1 0.0.0.0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEBB559F-AF11-42AF-809D-E9EDB53BB559}: DhcpNameServer = 192.168.1.1 0.0.0.0
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{05f7e5a5-6bde-11e4-81b7-002318440886}\Shell - "" = AutoRun
    O33 - MountPoints2\{05f7e5a5-6bde-11e4-81b7-002318440886}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2015/07/26 15:34:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zealous Grand
    [2015/07/23 19:13:08 | 000,000,000 | ---D | C] -- C:\Users\Rory\AppData\Local\Clarus
    [2015/06/30 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
    [2015/06/28 23:22:05 | 000,113,880 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2015/06/28 23:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2015/06/28 23:21:53 | 000,109,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2015/06/28 23:21:53 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
    [2015/06/28 23:21:53 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2015/06/28 23:21:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
    [2015/06/28 23:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2015/06/28 23:11:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner

    ========== Files - Modified Within 30 Days ==========

    [2015/07/28 23:01:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2015/07/28 22:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2015/07/28 22:25:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2015/07/28 21:58:56 | 000,031,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2015/07/28 21:58:56 | 000,031,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2015/07/28 21:55:15 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2015/07/28 21:55:15 | 000,666,772 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2015/07/28 21:55:15 | 000,126,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2015/07/28 21:51:10 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2015/07/28 21:51:07 | 000,113,880 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2015/07/28 21:50:59 | 3007,647,744 | -HS- | M] () -- C:\hiberfil.sys
    [2015/07/28 17:39:44 | 000,000,024 | ---- | M] () -- C:\Users\Rory\AppData\Roaming\appdataFr25.bin
    [2015/07/23 22:48:47 | 000,002,279 | ---- | M] () -- C:\Users\Rory\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2015/07/23 21:16:41 | 000,057,629 | ---- | M] () -- C:\Users\Rory\Desktop\Ryanair Gift Voucher.pdf
    [2015/07/21 18:34:50 | 000,413,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2015/07/01 19:39:49 | 001,623,420 | ---- | M] () -- C:\Users\Rory\Desktop\steamworkshop_webupload_previewfile_329661571_preview.jpg
    [2015/06/30 18:41:51 | 000,001,848 | ---- | M] () -- C:\Users\Rory\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2015/06/30 18:41:50 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
    [2015/06/28 23:13:57 | 000,000,981 | ---- | M] () -- C:\Users\Rory\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

    ========== Files Created - No Company Name ==========

    [2015/07/23 21:16:41 | 000,057,629 | ---- | C] () -- C:\Users\Rory\Desktop\Ryanair Gift Voucher.pdf
    [2015/07/03 19:49:59 | 000,000,024 | ---- | C] () -- C:\Users\Rory\AppData\Roaming\appdataFr25.bin
    [2015/07/01 19:39:49 | 001,623,420 | ---- | C] () -- C:\Users\Rory\Desktop\steamworkshop_webupload_previewfile_329661571_preview.jpg
    [2015/06/30 18:41:51 | 000,001,848 | ---- | C] () -- C:\Users\Rory\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2015/06/30 18:41:51 | 000,001,848 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
    [2015/06/30 18:41:50 | 000,001,848 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
    [2015/05/19 23:23:31 | 000,000,000 | ---- | C] () -- C:\Users\Rory\AppData\Local\Temp.dat
    [2014/04/29 23:44:28 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2014/04/29 23:44:25 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2014/04/29 23:44:24 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2014/04/29 23:44:23 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2013/11/12 12:56:41 | 000,766,100 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2015/02/13 06:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2015/02/13 06:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2015/07/28 21:42:28 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Azureus
    [2014/04/05 21:00:16 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Origin
    [2014/05/05 04:18:17 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Spotify
    [2014/01/25 16:08:41 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\SystemRequirementsLab
    [2014/02/22 20:58:51 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\toshiba
    [2015/05/09 02:11:29 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\TS3Client
    [2013/12/25 17:59:28 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\TuneUp Software
    [2014/01/07 20:27:41 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\WinBatch
    [2014/01/06 18:19:49 | 000,000,000 | ---D | M] -- C:\Users\Rory\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    < End of report >


  • Options
    #8
    jsa112
    Registered Users Posts: 840 ✭✭✭jsa112


    have you gone into chrome://extensions/ or chrome://plugins/ and found it there ?


  • Options
    #9
    GottaGetGatt
    Registered Users Posts: 2,133 ✭✭✭GottaGetGatt


    jsa112 wrote: »
    have you gone into chrome://extensions/ or chrome://plugins/ and found it there ?

    Only extensions i have are Ad block and Destiny Item Manager, and yes ive tried to find the any suspect programs to uninstall.Nothing showing.


  • Options
    #10
    jsa112
    Registered Users Posts: 840 ✭✭✭jsa112


    I can remove the chrome settings that OTL found, however I don't know what exactly they are or whether the coupon thing is there(it should be). It's possible you will lose chrome stuff like bookmarks, passwords etc too. It's up to you if you want to try it.

    can you post the malwarebytes log


  • Options
    #11
    homingbird
    Registered Users Posts: 1,272 ✭✭✭homingbird


    What anti virus software are you using very bad if its paid software . I use comodo for years & never had trouble.


  • Advertisement
  • Options
    #12
    GottaGetGatt
    Registered Users Posts: 2,133 ✭✭✭GottaGetGatt


    jsa112 wrote: »
    I can remove the chrome settings that OTL found, however I don't know what exactly they are or whether the coupon thing is there(it should be). It's possible you will lose chrome stuff like bookmarks, passwords etc too. It's up to you if you want to try it.

    can you post the malwarebytes log

    Where is the malware log for that cant see it?

    it detected nothing.


  • Options
    #13
    jsa112
    Registered Users Posts: 840 ✭✭✭jsa112


    if it found nothing then I don't need to see it.

    do you want me to remove the chrome stuff I mentioned above ?


  • Options
    #14
    flatey
    Registered Users Posts: 13 flatey


    Have you tried Malwarebytes Chameleon?
    It's specifically for malware that hides from new installs of security software.


  • Options
    #15
    GottaGetGatt
    Registered Users Posts: 2,133 ✭✭✭GottaGetGatt


    jsa112 wrote: »
    if it found nothing then I don't need to see it.

    do you want me to remove the chrome stuff I mentioned above ?

    What does this thing with chrome do? What is you do?


  • Options
    #16
    jsa112
    Registered Users Posts: 840 ✭✭✭jsa112


    it will delete these settings


    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\apghicjnekejhfancbkahkhdckhdagna\3.0.12_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\



    I don't know what they are besides being an extension, that's why I'm hesitant to do it


  • Options
    #17
    GottaGetGatt
    Registered Users Posts: 2,133 ✭✭✭GottaGetGatt


    jsa112 wrote: »
    it will delete these settings


    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\apghicjnekejhfancbkahkhdckhdagna\3.0.12_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: No name found = C:\Users\Rory\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\



    I don't know what they are besides being an extension, that's why I'm hesitant to do it
    Tried finding them there but couldn't?


  • Options
    #18
    jsa112
    Registered Users Posts: 840 ✭✭✭jsa112


    do you want me to delete them ?


  • Options
    #19
    GottaGetGatt
    Registered Users Posts: 2,133 ✭✭✭GottaGetGatt


    jsa112 wrote: »
    do you want me to delete them ?

    I managed to find the extensions there and deleted them there.I had some folders hidden for some reason.

    Nothing seems to be popping up atm but will keep you posted if it starts again.

    Nah still there:(


Advertisement