vladniko

So December of 2015 I installed some virus on my laptop. I only found out now when I got an adware popup. I ran malwarebytes and had like 250 entries for malicious items. A lot of them were named Yontoo. Also, I looked at the Addition.txt, under programs installed there are some weird ones with chinese and arabian letters. What are those? FRST.txt Addition.txt

I did that, and its still there

The device as in what was in device manager? It was realtek audio drivers. It doesnt control anything but its bothering me that its there

System Restore is working that is I reinstalled the Realtek drivers and the Name is Unavailable is still there under Volume Mixer

Yup Its up and working now

Done now what?

It tells me I need to close internet explorer to be able to do it. Also, I dont have firefox installed. Lastly, I cant seem to find the folder ProgramFiles(x86)/Mozilla Firefox JavaRa.log Fixlog.txt

JavaRa.log Fixlog.txt

C:\Users\Vladyslav\AppData\Local\Temp\HYD403.tmp.1465335693\HTA\install.1465335693.zip a variant of Win32/OpenCandy.A potentially unsafe application C:\Users\Vladyslav\AppData\Local\Temp\HYD403.tmp.1465335693\HTA\3rdparty\OCSetupHlp.dll a variant of Win32/OpenCandy.A potentially unsafe application C:\Users\Vladyslav\AppData\Local\Temp\HYDFAAD.tmp.1465335691\HTA\install.1465335691.zip a variant of Win32/OpenCandy.A potentially unsafe application C:\Users\Vladyslav\AppData\Local\Temp\HYDFAAD.tmp.1465335691\HTA\3rdparty\OCSetupHlp.dll a variant of Win32/OpenCandy.A potentially unsafe application Addition.txt FRST.txt

# AdwCleaner v5.119 - Logfile created 09/06/2016 at 15:00:58 # Updated 30/05/2016 by Xplode # Database : 2016-06-07.1 [Server] # Operating system : Windows 10 Pro N (X64) # Username : Vladyslav - RNG-MACHINE # Running from : C:\Users\Vladyslav\Desktop\AdwCleaner.exe # Option : Clean # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Users\Vladyslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj ***** [ Files ] ***** [-] File Deleted : C:\Users\Vladyslav\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [AndroidServer.exe] [-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK [-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} ***** [ Web browsers ] ***** [-] [C:\Users\Vladyslav\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bmnlcjabgnpnenekpadlanbbkooimhnj ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [1823 bytes] - [09/06/2016 15:00:58] C:\AdwCleaner\AdwCleaner[S1].txt - [1820 bytes] - [09/06/2016 14:59:33] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1969 bytes] ########## JRT.txt

Rkill.txt

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/8/2016 Scan Time: 5:59 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.06.08.06 Rootkit Database: v2016.05.27.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: Vladyslav Scan Type: Threat Scan Result: Completed Objects Scanned: 319514 Time Elapsed: 5 min, 8 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

I get the Name Not Available in Volume Mixer. FRST.txt Addition.txt

I recently installed a tool which I have now figured out is stealing my data. Do I need to change all my passwords? FRST.txt Addition.txt