ADDPID & CLSID + Rogue Killer Items found

system · November 12, 2013, 12:53am

Hey there!
I haven’t noticed too much odd behavior on my computer, but recently, when I ran a scan with rogue killer, and adw cleaner, two things were found in each program. I have the adw cleaner log, but i cannot for the life of me find the rogue killer log. I have RK logs with some basic info, from earlier, but this time, when RK found something along the lines of search scopes, in system 32, (was hidden, and killed, found on prescan, did not appear after another pre-scan) the log was no where to be found! Sorry about that! Will be posting more logs from other programs soon… I cannot remember going anywhere different recently, besides [ gamerzone.avermedia.cxm ] to download drivers. I also have ad blocker, so that may be what adw cleaner found. (Attached basic RK logs, but I couldnt find the specific logs) There is also this weird MSOcache folder in my c: drive i have never seen before…Thank you!

system · November 12, 2013, 1:09am

More logs…
EDIT: The things adwcleaner found couldnt have been the ad blocker, as it is still in-tact, and nothing was found again, once the things found were removed. And now, whenever I hit the back button, a file named history tries to download?
EDIT 2: I have been trying to delete a non-working shortcut to my desktop in favorites, but it says it is open in avast! could it possibly be part of the file avast put into a chest my last forum post? >>> Also, the Google Toolbar virus I had a while ago appears not fully removed, as in the privacy cleaner in Sys. mechanic pro, it is listed. Perhaps it is part of a key logger? I have been confirming payments with someone, and it seems odd all of these things appear out of no where… Just a random idea.

avastuser3796 · November 12, 2013, 11:18am

I’ve notified someone to come help you… Someone should be here within an hour or two

system · November 12, 2013, 11:33am

Thank you!

system · November 12, 2013, 11:52am

Hi,

Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

.

Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”

system · November 12, 2013, 8:47pm

Hello!
When I booted my computer, on the logon screen, many error messages popped up…
This was the message i got:
C:\windows\fonts\LFAXDI.TTF is corrupt and un-readable. Please run the chksdk utility.
I also got a message, stating C: $MFT appach 64rundell had failed.
When running FRST, i got the message that the file was corrupt and unreable?
I also have gotten spammed with messages from the action center that windows defender needs to be ran. System Mechanic pro found 5 registry errors, in the os, but the errors were not repaired…

I will be attaching the zoek logs soon…
EDIT: My system cannot run zoek > c:\users\otakupe~1\appdata\local\temp\zoe.hta is not a valid win32 application… I downloaded the the 64 bit rar file (yes, my os is 64 bit) I will try another download.
EDIT 2: Re ran the program, it worked but with many errors :
PEVZ.exe is unreadable as c:$Mft is corrupt and unreadable
AND
(c:/username… blah blah blah) \appdata\google\chrome\userdata/pepperflash(version)\manifest.json is corrupt and unreadable.
AND my shortcuts on my windows bar has dissapeared.

system · November 12, 2013, 9:57pm

I do not see malware.

Addition log clearly says what is wrong with your system.

Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Download MHDD utility from here:
MHDD download link

Unpack and burn as ISO …
Add and boot MHDD from disk ( in the same way as Live CD )

[*] When you load the file select option 1
[*] When the menu appears, select the disk that you’ll scan

Type in:

scan

…and hit enter

[*]In the next menu, click F4
[*]It will begin HDD scanning, allow him to finish scan.

If there is more than 3 inputs in the district UNC X then your hard disk is damaged.

system · November 12, 2013, 10:07pm

May I do this with a flash drive, or no?

system · November 12, 2013, 10:09pm

You can.

system · November 12, 2013, 10:23pm

[quote author=argus link=topic=139641.msg1019397#msg1019397 date=1384293421]
I do not see malware.

Addition log clearly says what is wrong with your system.

[url=http://files.hddguru.com/index.php?action=downloadfile&filename=mhdd32ver4.6iso.zip&directory=Software&][b]MHDD download link[/b][/url]
Unpack and burn as ISO …
Add and boot MHDD from disk ( in the same way as Live CD )

There is no option to burn as ISO, whether the file is an archive, or if it has been extracted? Sorry about this, what should I do?