Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winpatrol detect SPVC64Loader.dll


  • This topic is locked This topic is locked
30 replies to this topic

#1 nabu

nabu

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 04 November 2013 - 06:48 AM

Hi!

 

I have a hp i5 4gb ram notebook with win7 home prem 64-bit preinstalled.

I had an avira toolbar on google chrome that i couldn't disinstall...then i installed a new chrome and i tryied some malware programs like malwarebyte, spybot search and destroy, hitman-pro and adwcleaner...

These programs found some trojans, malwares and tracking cookies so there's no bar anymore in chrome..

But i still have popping up winpatrol warning me that a new auto startup program has been detected..

I keep blocking this off course but i would like to find the reason...

From winpatrol warning the the path is this: 

 

C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

 

Thank you so much i will patiently wait for some help!! ;)))

 

Thank!!


Edited by nabu, 04 November 2013 - 06:49 AM.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleeping Freestyler


  • Malware Response Team
  • 6,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:53 AM

Posted 04 November 2013 - 08:16 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • I'll catch you tomorror sinice I need my sleep. :)

 

 

Regards,
Georgi


qnfKk.jpg
My help is always free of charge. If you appreciate my work, you can buy me a beer or two by clicking here - paypal.gif

#3 nabu

nabu
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 04 November 2013 - 09:54 AM

Hi!!

 

Thank you so much for helping!

I will follow everything as my best!

 

Also take your time!!

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by IreAle (administrator) on NOWEHERELAND on 04-11-2013 14:51:13
Running from C:\Users\IreAle\Desktop\Virus
Windows 7 Home Premium (X64) OS Language: Italian Standard
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Vodafone Group) C:\Program Files (x86)\Vodafone\Via The Phone\VodafoneConnectorService.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Smartplug\VodafoneWatcher.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Filipe Lourenço) C:\Program Files (x86)\BatteryCare\BatteryCare.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790176 2011-03-31] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657056 2011-03-31] (Atheros Commnucations)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-06-26] (Alcor Micro Corp.)
HKLM\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [363752 2012-09-20] (BillP Studios)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [BatteryCare] - C:\Program Files (x86)\BatteryCare\BatteryCare.exe [739328 2013-05-25] (Filipe Lourenço)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKCU\...\Policies\Explorer: [HideSCAPower] 0
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [363752 2012-09-20] (BillP Studios)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-10] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] - C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [97280 2009-07-14] ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {6B356B85-73AB-4B38-AB5F-78B33C1C2CF0} URL = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {F75BACBD-21D4-4348-B629-ACF4D8EF88D0} URL = http://it.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {6B356B85-73AB-4B38-AB5F-78B33C1C2CF0} URL = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {F75BACBD-21D4-4348-B629-ACF4D8EF88D0} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Guida per l'accesso all'account Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{85C55002-E99D-4C77-A47C-596AAE5F3329}: [NameServer]192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\IreAle\AppData\Roaming\Mozilla\Firefox\Profiles\zaeroxpe.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\IreAle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-it.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\hoepli.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\IreAle\AppData\Roaming\Mozilla\Firefox\Profiles\zaeroxpe.default\Extensions\[email protected]
FF Extension: DownloadHelper - C:\Users\IreAle\AppData\Roaming\Mozilla\Firefox\Profiles\zaeroxpe.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 
==================== Services (Whitelisted) =================
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-10] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [74752 2011-12-02] (Freemake)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-29] ()
R2 VodafoneConnectorService; C:\Program Files (x86)\Vodafone\Via The Phone\VodafoneConnectorService.exe [233472 2011-02-09] (Vodafone Group)
R2 VodafoneWatcherService; C:\Program Files (x86)\Vodafone\Smartplug\VodafoneWatcher.exe [307200 2011-02-09] (Vodafone)
 
==================== Drivers (Whitelisted) ====================
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-15] (Avira Operations GmbH & Co. KG)
R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-12-16] (DT Soft Ltd)
R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2009-11-11] (DeviceVM, Inc.)
S3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [62088 2009-10-03] ()
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
S3 WinRing0_1_2_0; C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-04 14:50 - 2013-11-04 14:50 - 00000000 ____D C:\Users\IreAle\Desktop\Virus
2013-11-04 14:48 - 2013-11-04 14:48 - 00000000 ____D C:\FRST
2013-11-04 14:39 - 2013-11-04 14:39 - 02459496 _____ C:\Users\IreAle\Downloads\easytag-2.1.8.tar.xz
2013-11-04 13:23 - 2013-11-04 13:23 - 00000000 ____D C:\Users\IreAle\Downloads\Foto con Tania
2013-11-04 13:20 - 2013-11-04 13:20 - 00305949 _____ C:\Users\IreAle\Downloads\[kickass.to]l.uomo.d.acciaio.man.of.steel.3d.2013.dts.ita.eng.half.sbs.1080p.bluray.x264.bluworld.torrent
2013-11-04 13:20 - 2013-11-04 13:20 - 00257041 _____ C:\Users\IreAle\Downloads\[kickass.to]l.uomo.d.acciaio.man.of.steel.2013.dts.ita.eng.1080p.bluray.x264.bluworld.torrent
2013-11-04 13:20 - 2013-11-04 13:20 - 00257041 _____ C:\Users\IreAle\Downloads\[kickass.to]l.uomo.d.acciaio.man.of.steel.2013.dts.ita.eng.1080p.bluray.x264.bluworld (1).torrent
2013-11-04 12:36 - 2013-11-04 12:36 - 00001402 _____ C:\Users\IreAle\Desktop\uTorrent.lnk
2013-11-03 22:38 - 2013-11-03 22:38 - 00003975 _____ C:\Users\IreAle\Desktop\JRT.txt
2013-11-03 22:32 - 2013-11-03 22:32 - 00000000 ____D C:\Windows\ERUNT
2013-11-03 22:23 - 2013-11-03 22:29 - 00000000 ____D C:\AdwCleaner
2013-11-03 21:39 - 2013-11-03 21:39 - 00153362 _____ C:\Users\IreAle\Desktop\bookmarks_03_11_13.html
2013-11-03 21:24 - 2013-11-03 21:24 - 00004928 _____ C:\Windows\system32\.crusader
2013-11-02 20:33 - 2013-11-02 20:33 - 00000932 _____ C:\Users\IreAle\Desktop\mp3Tag Pro.lnk
2013-11-02 20:33 - 2013-11-02 20:33 - 00000000 ____D C:\Program Files (x86)\mp3Tag Pro 7
2013-11-01 23:35 - 2013-11-01 23:35 - 00000987 _____ C:\Users\IreAle\Desktop\Magic MP3 Tagger.lnk
2013-11-01 23:35 - 2013-11-01 23:35 - 00000000 ____D C:\Program Files (x86)\Magic MP3 Tagger
2013-11-01 22:14 - 2011-02-07 00:10 - 05321752 _____ (ManiacTools.com                                             ) C:\Users\IreAle\Desktop\mp3tagpro.exe
2013-11-01 22:13 - 2013-11-01 22:13 - 05404526 _____ C:\Users\IreAle\Downloads\mp3Tag_Pro_7.0_Serial_NJOY.rar
2013-10-30 18:31 - 2013-10-30 18:31 - 00000000 ____D C:\Users\IreAle\AppData\Roaming\langmaster.com
2013-10-30 18:31 - 2013-10-30 18:31 - 00000000 ____D C:\Users\IreAle\AppData\Roaming\EuroTalk
2013-10-30 18:30 - 2013-10-30 18:30 - 00000000 ____D C:\Program Files (x86)\LANGMaster
2013-10-30 18:21 - 2013-10-30 18:21 - 159806610 _____ (                                                            ) C:\Users\IreAle\Downloads\Setup_TN_Icelandic.exe
2013-10-28 19:00 - 2013-10-28 19:00 - 00018638 _____ C:\Users\Public\Documents\Gullfoss Meðmælabréf Alessandro Barbisan 2012.odt
2013-10-28 18:52 - 2013-10-28 19:00 - 00018638 _____ C:\Users\Public\Documents\Gullfoss Meðmælabréf Alessandro Barbisan 2012 (1).odt
2013-10-25 18:22 - 2013-10-25 18:22 - 00004022 _____ C:\Users\IreAle\Downloads\p.txt
2013-10-25 18:22 - 2013-10-25 18:22 - 00004022 _____ C:\Users\IreAle\Downloads\p (1).txt
2013-10-21 23:05 - 2013-10-21 23:17 - 00014384 _____ C:\Users\Public\Documents\Floox.odt
2013-10-19 22:13 - 2013-10-19 22:13 - 00001460 _____ C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2013-10-19 22:13 - 2013-10-19 22:13 - 00001100 _____ C:\Users\Public\Desktop\DVDVideoSoft.lnk
2013-10-19 22:13 - 2013-10-19 22:13 - 00000000 ____D C:\Users\IreAle\Documents\DVDVideoSoft
2013-10-19 22:13 - 2013-10-19 22:13 - 00000000 ____D C:\Users\IreAle\AppData\Roaming\DVDVideoSoft
2013-10-19 22:13 - 2013-10-19 22:13 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-10-18 17:20 - 2013-10-18 17:20 - 00022524 _____ C:\Users\Public\Documents\Mail a Tartaglia.odt
2013-10-17 18:04 - 2013-10-17 18:04 - 00032246 _____ C:\Users\Public\Documents\Chattata con Nicola.odt
2013-10-17 17:58 - 2013-10-17 18:16 - 00026988 _____ C:\Users\Public\Documents\Mail a Nick 2013.odt
2013-10-12 23:45 - 2013-10-12 23:45 - 02159091 _____ C:\Users\IreAle\Downloads\paper_2_5_1.zip
2013-10-12 23:39 - 2013-10-12 23:41 - 02276165 _____ C:\Users\IreAle\Downloads\paper_2_6.zip
2013-10-11 12:03 - 2013-10-11 12:04 - 00625327 _____ C:\Users\IreAle\Downloads\skydrive-2013-10-11.zip
2013-10-11 11:58 - 2013-10-11 11:58 - 00000283 _____ C:\Users\IreAle\Downloads\music.swf
2013-10-11 09:28 - 2013-10-11 09:28 - 00000000 ____D C:\Users\IreAle\AppData\Local\AskPartnerNetwork
2013-10-10 20:01 - 2013-11-03 21:18 - 00000000 ____D C:\Users\IreAle\AppData\Local\CrystalDiskMark
2013-10-10 20:01 - 2013-10-10 20:01 - 00001794 _____ C:\Users\IreAle\Desktop\CrystalDiskMark.lnk
2013-10-10 20:01 - 2013-10-10 20:01 - 00000000 ____D C:\Program Files\CrystalDiskMark
2013-10-10 19:59 - 2013-10-10 20:00 - 01657424 _____ (Crystal Dew World                                           ) C:\Users\IreAle\Downloads\CrystalDiskMark3_0_2f-en.exe
2013-10-08 19:55 - 2013-10-14 23:36 - 00035097 _____ C:\Users\Public\Documents\Letter Ivano 2013.odt
2013-10-06 22:28 - 2013-11-03 20:54 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForIreAle.job
2013-10-06 22:28 - 2013-11-03 16:53 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForIreAle
2013-10-05 11:07 - 2013-10-05 11:07 - 00001785 _____ C:\Users\Public\Desktop\jetVideo.lnk
2013-10-05 11:06 - 2013-10-05 11:07 - 00000000 ____D C:\Program Files (x86)\JetVideo
2013-10-05 11:03 - 2013-10-05 11:03 - 00894600 _____ (CNET Download.com) C:\Users\IreAle\Downloads\cbsidlm-cbsi134-JetVideo_Basic_VX-BP-75448539.exe
2013-10-05 11:02 - 2013-10-05 11:04 - 40451192 _____ (Acresso Software Inc.                                        ) C:\Users\IreAle\Downloads\JAD8100_BASIC.exe
2013-10-05 11:01 - 2013-10-05 11:01 - 00894600 _____ (CNET Download.com) C:\Users\IreAle\Downloads\cbsidlm-cbsi134-JetAudio_Basic-BP-10013740 (1).exe
 
==================== One Month Modified Files and Folders =======
 
2013-11-04 14:50 - 2013-11-04 14:50 - 00000000 ____D C:\Users\IreAle\Desktop\Virus
2013-11-04 14:49 - 2013-05-27 16:26 - 00000000 ____D C:\Users\IreAle\AppData\Roaming\uTorrent
2013-11-04 14:48 - 2013-11-04 14:48 - 00000000 ____D C:\FRST
2013-11-04 14:46 - 2012-03-01 13:17 - 00000000 ____D C:\Users\IreAle\Documents\My Digital Editions
2013-11-04 14:39 - 2013-11-04 14:39 - 02459496 _____ C:\Users\IreAle\Downloads\easytag-2.1.8.tar.xz
2013-11-04 14:33 - 2013-09-21 22:40 - 00000000 ____D C:\Users\IreAle\AppData\Roaming\MediaMonkey
2013-11-04 14:07 - 2009-07-14 04:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-04 14:07 - 2009-07-14 04:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-04 14:00 - 2012-03-16 21:15 - 00000440 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-11-04 14:00 - 2011-12-17 17:26 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-04 13:59 - 2013-08-03 23:57 - 00018256 _____ C:\Windows\setupact.log
2013-11-04 13:59 - 2012-03-15 21:44 - 00001039 _____ C:\ProgramData\VodafoneConnectorService.log
2013-11-04 13:59 - 2011-12-17 17:26 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-04 13:59 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-04 13:23 - 2013-11-04 13:23 - 00000000 ____D C:\Users\IreAle\Downloads\Foto con Tania
2013-11-04 13:20 - 2013-11-04 13:20 - 00305949 _____ C:\Users\IreAle\Downloads\[kickass.to]l.uomo.d.acciaio.man.of.steel.3d.2013.dts.ita.eng.half.sbs.1080p.bluray.x264.bluworld.torrent
2013-11-04 13:20 - 2013-11-04 13:20 - 00257041 _____ C:\Users\IreAle\Downloads\[kickass.to]l.uomo.d.acciaio.man.of.steel.2013.dts.ita.eng.1080p.bluray.x264.bluworld.torrent
2013-11-04 13:20 - 2013-11-04 13:20 - 00257041 _____ C:\Users\IreAle\Downloads\[kickass.to]l.uomo.d.acciaio.man.of.steel.2013.dts.ita.eng.1080p.bluray.x264.bluworld (1).torrent
2013-11-04 12:36 - 2013-11-04 12:36 - 00001402 _____ C:\Users\IreAle\Desktop\uTorrent.lnk
2013-11-03 23:06 - 2013-08-15 09:35 - 00050230 _____ C:\Windows\PFRO.log
2013-11-03 23:05 - 2012-08-23 23:43 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-11-03 23:05 - 2012-08-23 23:43 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-11-03 22:53 - 2011-12-07 12:14 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-03 22:39 - 2012-01-25 09:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-03 22:38 - 2013-11-03 22:38 - 00003975 _____ C:\Users\IreAle\Desktop\JRT.txt
2013-11-03 22:32 - 2013-11-03 22:32 - 00000000 ____D C:\Windows\ERUNT
2013-11-03 22:29 - 2013-11-03 22:23 - 00000000 ____D C:\AdwCleaner
2013-11-03 22:10 - 2013-07-13 12:14 - 00000000 ____D C:\ProgramData\VirtualWifiRouter
2013-11-03 21:54 - 2012-10-27 11:29 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-03 21:54 - 2012-10-27 11:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-03 21:39 - 2013-11-03 21:39 - 00153362 _____ C:\Users\IreAle\Desktop\bookmarks_03_11_13.html
2013-11-03 21:25 - 2012-10-24 21:59 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-03 21:24 - 2013-11-03 21:24 - 00004928 _____ C:\Windows\system32\.crusader
2013-11-03 21:20 - 2012-08-07 11:25 - 00000000 ____D C:\Users\IreAle\AppData\Roaming\Opera
2013-11-03 21:20 - 2012-08-07 11:25 - 00000000 ____D C:\Users\IreAle\AppData\Local\Opera
2013-11-03 21:18 - 2013-10-10 20:01 - 00000000 ____D C:\Users\IreAle\AppData\Local\CrystalDiskMark
2013-11-03 21:18 - 2011-12-06 17:09 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{483A59B8-CC5E-43F8-BEF2-0F54431D52D4}
2013-11-03 21:14 - 2012-09-20 00:44 - 00000000 ____D C:\ProgramData\GetRight
2013-11-03 21:14 - 2012-09-20 00:42 - 00000000 ____D C:\Users\IreAle\AppData\Roaming\GetRight
2013-11-03 21:12 - 2013-05-22 09:18 - 00000000 ____D C:\Program Files (x86)\DC-Unlocker
2013-11-03 21:04 - 2012-09-18 09:39 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-11-03 20:54 - 2013-10-06 22:28 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForIreAle.job
2013-11-03 16:53 - 2013-10-06 22:28 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForIreAle
2013-11-03 10:30 - 2011-12-06 17:10 - 00000000 ____D C:\Users\IreAle\AppData\Roaming\Skype
2013-11-02 20:33 - 2013-11-02 20:33 - 00000932 _____ C:\Users\IreAle\Desktop\mp3Tag Pro.lnk
2013-11-02 20:33 - 2013-11-02 20:33 - 00000000 ____D C:\Program Files (x86)\mp3Tag Pro 7
2013-11-02 20:32 - 2011-12-06 16:36 - 00000000 ____D C:\Users\IreAle
2013-11-01 23:35 - 2013-11-01 23:35 - 00000987 _____ C:\Users\IreAle\Desktop\Magic MP3 Tagger.lnk
2013-11-01 23:35 - 2013-11-01 23:35 - 00000000 ____D C:\Program Files (x86)\Magic MP3 Tagger
2013-11-01 22:59 - 2010-07-29 00:55 - 00739254 _____ C:\Windows\system32\perfh010.dat
2013-11-01 22:59 - 2010-07-29 00:55 - 00146294 _____ C:\Windows\system32\perfc010.dat
2013-11-01 22:59 - 2009-07-14 05:13 - 01653568 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-01 22:16 - 2013-09-28 15:42 - 00000000 ____D C:\Users\IreAle\AppData\Roaming\mp3tagpro
2013-11-01 22:13 - 2013-11-01 22:13 - 05404526 _____ C:\Users\IreAle\Downloads\mp3Tag_Pro_7.0_Serial_NJOY.rar
2013-10-31 19:07 - 2013-06-21 18:44 - 00000000 ____D C:\Users\IreAle\Documents\My Kindle Content
2013-10-30 21:02 - 2013-09-16 22:21 - 00000000 ____D C:\Users\IreAle\Downloads\7bfcf78b216820fbf637705e82f79fdb
2013-10-30 18:31 - 2013-10-30 18:31 - 00000000 ____D C:\Users\IreAle\AppData\Roaming\langmaster.com
2013-10-30 18:31 - 2013-10-30 18:31 - 00000000 ____D C:\Users\IreAle\AppData\Roaming\EuroTalk
2013-10-30 18:30 - 2013-10-30 18:30 - 00000000 ____D C:\Program Files (x86)\LANGMaster
2013-10-30 18:21 - 2013-10-30 18:21 - 159806610 _____ (                                                            ) C:\Users\IreAle\Downloads\Setup_TN_Icelandic.exe
2013-10-28 19:00 - 2013-10-28 19:00 - 00018638 _____ C:\Users\Public\Documents\Gullfoss Meðmælabréf Alessandro Barbisan 2012.odt
2013-10-28 19:00 - 2013-10-28 18:52 - 00018638 _____ C:\Users\Public\Documents\Gullfoss Meðmælabréf Alessandro Barbisan 2012 (1).odt
2013-10-26 19:38 - 2011-12-08 16:18 - 00000000 ____D C:\Users\IreAle\AppData\Roaming\BatteryCare
2013-10-26 18:29 - 2011-12-28 11:19 - 00000000 ____D C:\Users\IreAle\AppData\Roaming\foobar2000
2013-10-25 18:22 - 2013-10-25 18:22 - 00004022 _____ C:\Users\IreAle\Downloads\p.txt
2013-10-25 18:22 - 2013-10-25 18:22 - 00004022 _____ C:\Users\IreAle\Downloads\p (1).txt
2013-10-21 23:17 - 2013-10-21 23:05 - 00014384 _____ C:\Users\Public\Documents\Floox.odt
2013-10-19 22:13 - 2013-10-19 22:13 - 00001460 _____ C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
2013-10-19 22:13 - 2013-10-19 22:13 - 00001100 _____ C:\Users\Public\Desktop\DVDVideoSoft.lnk
2013-10-19 22:13 - 2013-10-19 22:13 - 00000000 ____D C:\Users\IreAle\Documents\DVDVideoSoft
2013-10-19 22:13 - 2013-10-19 22:13 - 00000000 ____D C:\Users\IreAle\AppData\Roaming\DVDVideoSoft
2013-10-19 22:13 - 2013-10-19 22:13 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-10-18 17:20 - 2013-10-18 17:20 - 00022524 _____ C:\Users\Public\Documents\Mail a Tartaglia.odt
2013-10-17 21:55 - 2011-12-17 17:26 - 00004146 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-17 21:55 - 2011-12-17 17:26 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-17 18:16 - 2013-10-17 17:58 - 00026988 _____ C:\Users\Public\Documents\Mail a Nick 2013.odt
2013-10-17 18:04 - 2013-10-17 18:04 - 00032246 _____ C:\Users\Public\Documents\Chattata con Nicola.odt
2013-10-17 17:58 - 2013-08-28 20:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-17 17:58 - 2011-12-05 21:27 - 00000000 ____D C:\ProgramData\Skype
2013-10-15 22:09 - 2012-03-15 22:07 - 00000000 ____D C:\Users\IreAle\AppData\Local\CrashDumps
2013-10-14 23:36 - 2013-10-08 19:55 - 00035097 _____ C:\Users\Public\Documents\Letter Ivano 2013.odt
2013-10-12 23:45 - 2013-10-12 23:45 - 02159091 _____ C:\Users\IreAle\Downloads\paper_2_5_1.zip
2013-10-12 23:41 - 2013-10-12 23:39 - 02276165 _____ C:\Users\IreAle\Downloads\paper_2_6.zip
2013-10-11 12:04 - 2013-10-11 12:03 - 00625327 _____ C:\Users\IreAle\Downloads\skydrive-2013-10-11.zip
2013-10-11 11:58 - 2013-10-11 11:58 - 00000283 _____ C:\Users\IreAle\Downloads\music.swf
2013-10-11 09:28 - 2013-10-11 09:28 - 00000000 ____D C:\Users\IreAle\AppData\Local\AskPartnerNetwork
2013-10-10 20:01 - 2013-10-10 20:01 - 00001794 _____ C:\Users\IreAle\Desktop\CrystalDiskMark.lnk
2013-10-10 20:01 - 2013-10-10 20:01 - 00000000 ____D C:\Program Files\CrystalDiskMark
2013-10-10 20:00 - 2013-10-10 19:59 - 01657424 _____ (Crystal Dew World                                           ) C:\Users\IreAle\Downloads\CrystalDiskMark3_0_2f-en.exe
2013-10-06 22:51 - 2013-10-04 23:17 - 00030671 _____ C:\Users\Public\Documents\per ivano ottobre 13.odt
2013-10-05 17:05 - 2013-09-25 19:26 - 00028751 _____ C:\Users\Public\Documents\Lettera Ivano Ale Islanda 2013.odt
2013-10-05 11:58 - 2013-05-22 09:44 - 00000000 ____D C:\Windows\SysWOW64\SupportAppCB
2013-10-05 11:58 - 2010-07-28 15:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-05 11:44 - 2011-12-16 19:16 - 00014848 _____ C:\Users\IreAle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-05 11:07 - 2013-10-05 11:07 - 00001785 _____ C:\Users\Public\Desktop\jetVideo.lnk
2013-10-05 11:07 - 2013-10-05 11:06 - 00000000 ____D C:\Program Files (x86)\JetVideo
2013-10-05 11:07 - 2012-08-20 16:14 - 00000000 ____D C:\Users\IreAle\AppData\Roaming\COWON
2013-10-05 11:04 - 2013-10-05 11:02 - 40451192 _____ (Acresso Software Inc.                                        ) C:\Users\IreAle\Downloads\JAD8100_BASIC.exe
2013-10-05 11:03 - 2013-10-05 11:03 - 00894600 _____ (CNET Download.com) C:\Users\IreAle\Downloads\cbsidlm-cbsi134-JetVideo_Basic_VX-BP-75448539.exe
2013-10-05 11:01 - 2013-10-05 11:01 - 00894600 _____ (CNET Download.com) C:\Users\IreAle\Downloads\cbsidlm-cbsi134-JetAudio_Basic-BP-10013740 (1).exe
 
Files to move or delete:
====================
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-31 17:12
 
==================== End Of Log ============================
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by IreAle at 2013-11-04 14:51:51
Running from C:\Users\IreAle\Desktop\Virus
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (x32 Version: 3.3.0.29625)
3D Muscle Premium 2 (x32 Version: 1.0.0)
ACDSee Free (x32 Version: 1.1.21)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Digital Editions (x32)
Adobe Flash Player 10 ActiveX (x32 Version: 10.1.53.64)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.235)
Adobe PDF DRM Removal (x32 Version: 5.0.1)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.7.609)
Advanced Archive Password Recovery (HKCU Version: 4.53)
Aimersoft Video Converter Ultimate(Build 5.5.1.0) (x32 Version: 5.5.1.0)
Alcor Micro USB Card Reader (x32 Version: 1.2.517.35221)
Amazon Kindle (HKCU)
Apple Application Support (x32 Version: 1.4.1)
Apple Software Update (x32 Version: 2.1.3.127)
ArcSoft Panorama Maker 5 (x32 Version: 5.0.1.25)
Atheros Driver Installation Program (x32 Version: 9.0)
ATI Catalyst Install Manager (Version: 3.0.778.0)
Audacity 1.3.14 (Unicode) (x32)
Avidemux 2.5 (x32 Version: 2.5.6.7716)
Avira Free Antivirus (x32 Version: 13.0.0.4042)
BatteryCare 0.9.14.0 (x32 Version: 0.9.14.0)
Bit Che (x32 Version: 1.0)
Blueberry Garden (x32)
Bluetooth Win7 Suite (64) (Version: 7.3.0.95)
Botanicula (x32 Version: 1.0)
calibre (x32 Version: 0.9.36)
CardRecovery 5.30 (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0621.2137.36973)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0621.2137.36973)
Catalyst Control Center InstallProxy (x32 Version: 2010.0621.2137.36973)
Catalyst Control Center Localization All (x32 Version: 2010.0621.2137.36973)
CCC Help Chinese Standard (x32 Version: 2010.0621.2136.36973)
CCC Help Chinese Traditional (x32 Version: 2010.0621.2136.36973)
CCC Help Czech (x32 Version: 2010.0621.2136.36973)
CCC Help Danish (x32 Version: 2010.0621.2136.36973)
CCC Help Dutch (x32 Version: 2010.0621.2136.36973)
CCC Help English (x32 Version: 2010.0621.2136.36973)
CCC Help Finnish (x32 Version: 2010.0621.2136.36973)
CCC Help French (x32 Version: 2010.0621.2136.36973)
CCC Help German (x32 Version: 2010.0621.2136.36973)
CCC Help Greek (x32 Version: 2010.0621.2136.36973)
CCC Help Hungarian (x32 Version: 2010.0621.2136.36973)
CCC Help Italian (x32 Version: 2010.0621.2136.36973)
CCC Help Japanese (x32 Version: 2010.0621.2136.36973)
CCC Help Korean (x32 Version: 2010.0621.2136.36973)
CCC Help Norwegian (x32 Version: 2010.0621.2136.36973)
CCC Help Polish (x32 Version: 2010.0621.2136.36973)
CCC Help Portuguese (x32 Version: 2010.0621.2136.36973)
CCC Help Russian (x32 Version: 2010.0621.2136.36973)
CCC Help Spanish (x32 Version: 2010.0621.2136.36973)
CCC Help Swedish (x32 Version: 2010.0621.2136.36973)
CCC Help Thai (x32 Version: 2010.0621.2136.36973)
CCC Help Turkish (x32 Version: 2010.0621.2136.36973)
ccc-core-static (x32 Version: 2010.0621.2137.36973)
ccc-utility64 (Version: 2010.0621.2137.36973)
CCleaner (Version: 3.24)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
CPUID HWMonitor 1.18
CrystalDiskMark 3.0.2f (Version: 3.0.2f)
CyberLink DVD Suite (x32 Version: 7.0.3003)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.41.3.0173)
DiskExplorer for NTFS (x32 Version: 4.32.000)
DivX Setup (x32 Version: 2.6.1.44)
Dreamside Maroon 1.0282.333 (x32)
DVD Audio Extractor 6.3.0 (x32)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4121)
EasyBCD 2.2 (x32 Version: 2.2)
Energy Star Digital Logo (x32 Version: 1.0.1)
Epubor PDF DRM Removal (x32 Version: 1.8.5)
ESET Online Scanner v3 (x32)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Exact Audio Copy 1.0beta3 (x32 Version: 1.0beta3)
File Extension Changer 3.3.1 (x32)
foobar2000 v1.1.10 (x32 Version: 1.1.10)
Foxit Reader (x32 Version: 5.4.3.920)
Free CD to MP3 Converter (x32)
Free Video Flip and Rotate version 2.1.9.827 (x32 Version: 2.1.9.827)
FreeRIP MP3 Converter 4.4 (x32 Version: 4.4)
FreeRIP v3.00 (x32 Version: 3.00)
GetDataBack for FAT (x32 Version: 4.30.000)
GIMP 2.6.11 (x32 Version: 2.6.11)
Google Chrome (x32 Version: 30.0.1599.101)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000)
HitmanPro 3.7 (Version: 3.7.8.208)
HP 3D DriveGuard (Version: 4.0.5.1)
HP Advisor (x32 Version: 3.4.10262.3295)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.1.0.0)
HP MediaSmart DVD (x32 Version: 4.1.4229)
HP MediaSmart Movies and TV (Version: 1.0.0.10)
HP MediaSmart Music (x32 Version: 4.1.4215)
HP MediaSmart Photo (x32 Version: 4.1.4211)
HP MediaSmart SmartMenu (Version: 3.1.1.12)
HP MediaSmart Video (x32 Version: 4.1.4214)
HP MediaSmart Webcam (x32 Version: 4.1.3024)
HP Power Manager (x32 Version: 1.0.3)
HP Quick Launch (x32 Version: 2.1.5)
HP QuickWeb Installer (x32 Version: 1.3.11.0)
HP Setup (x32 Version: 8.1.4186.3400)
HP Software Framework (x32 Version: 4.1.6.1)
HP Support Assistant (x32 Version: 6.1.12.1)
HP Wireless Assistant (Version: 4.0.9.0)
IDT Audio (x32 Version: 1.0.6289.0)
IMG to ISO (x32)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® Rapid Storage Technology (x32 Version: 9.6.0.1014)
Intel® Turbo Boost Technology Driver (x32 Version: 01.02.00.1002)
IsoBuster 2.8.5 (x32 Version: 2.8.5)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
jetVideo Basic VX (x32 Version: 8.0.3)
Joulemeter (x32 Version: 1.2.0)
K-Lite Codec Pack 9.9.5 (Full) (x32 Version: 9.9.5)
L&H TTS3000 Italiano (x32)
LabelPrint (x32 Version: 2.5.2907)
LAME v3.99.3 (for Windows) (x32)
LANGMaster.com: Icelandic for Beginners (x32)
LightScribe System Software (x32 Version: 1.18.15.1)
LIMBO (HKCU)
Lume (x32)
Magic MP3 Tagger 2.2.6 (x32)
Malwarebytes Anti-Malware versione 1.75.0.1300 (x32 Version: 1.75.0.1300)
MediaInfo 0.7.63 (Version: 0.7.63)
MediaMonkey 4.0 (x32 Version: 4.0)
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile ITA Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended - Language Pack (ITA) (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended ITA Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.0 (x32 Version: 3.0.11010.0)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1)
Movie Maker (x32 Version: 16.4.3508.0205)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030)
Mozilla Firefox 9.0.1 (x86 it) (x32 Version: 9.0.1)
mp3Tag Pro 7.3 (x32)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MusicBrainz Picard (x32 Version: 1.2)
Neat Image v7.1.0 Demo Standalone
Nikon Message Center 2 (x32 Version: 2.1.0)
Nikon Movie Editor (x32 Version: 2.6.0)
Nokia Connectivity Cable Driver (x32 Version: 7.1.48.0)
Nokia Map Loader (x32 Version: 3.0.28)
Nokia Maps Updater 1.0.12 (x32 Version: 1.0.12)
Nokia Suite (x32 Version: 3.2.100.0)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Pacchetto driver Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Pazera Free MOV to AVI Converter 1.6 (x32 Version: 1.6)
PC Connectivity Solution (x32 Version: 11.5.13.0)
PCIABlocker64 (Version: 1.00.0000)
PDF ePub DRM Removal (x32 Version: 1.4.1)
Photo Gallery (x32 Version: 16.4.3508.0205)
PhotoNow! (x32 Version: 1.1.6904)
PhotoPerfect Express 1.00 (x32)
Picasa 3 (x32 Version: 3.9)
Picture Control Utility (x32 Version: 1.4.7)
Power2Go (x32 Version: 6.1.4204)
PowerDirector (x32 Version: 8.0.3003)
PX Profile Update (x32 Version: 1.00.1.)
Python 3.3 pycrypto-2.6 (HKCU)
Python 3.3.2 (64-bit) (Version: 3.3.2150)
Raccolta foto (x32 Version: 16.4.3508.0205)
RAMDisk (x32 Version: 3.5.130)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.17.304.2010)
Recovery Manager (x32 Version: 5.5.3023)
Revo Uninstaller 1.95 (x32 Version: 1.95)
Shape Collage (x32)
Skype™ 6.9 (x32 Version: 6.9.106)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Steam (x32 Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
T3Desk 2010 Build Version 10.09 (x32)
Technitium MAC Address Changer v6.0.3 (x32 Version: 6.0.3)
The Bridge  (x32)
The Tiny Bang Story (x32)
TigoTago (x32)
UltraISO Premium V9.53 (x32)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
ViewNX 2 (x32 Version: 2.6.0)
VLC media player 1.1.11 (x32 Version: 1.1.11)
Vodafone Mobile Broadband via the phone (x32 Version: 2.7.25)
Vodafone Mobile Connect Smartplug (x32 Version: 2.7.25)
Winamp (x32 Version: 5.623 )
Winamp Detector Plug-in (HKCU Version: 1.0.0.1)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
WinHTTrack Website Copier 3.45-4 (x64) (Version: 3.45.4)
WinPatrol (Version: 25.6.2012.1)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (x32)
 
==================== Restore Points  =========================
 
03-11-2013 21:03:33 Revo Uninstaller's restore point - StarCraft II
03-11-2013 21:10:55 Revo Uninstaller's restore point - TiviPhone softphone
03-11-2013 21:13:21 Revo Uninstaller's restore point - GetRight
03-11-2013 21:14:36 Revo Uninstaller's restore point - Name It Your Way (NIYoW) v1.7.6
03-11-2013 21:15:23 Revo Uninstaller's restore point - Safari
03-11-2013 21:19:59 Revo Uninstaller's restore point - Opera 12.01
03-11-2013 21:39:45 Revo Uninstaller's restore point - Google Chrome
03-11-2013 21:40:11 Revo Uninstaller's restore point - Google Chrome
 
==================== Hosts content: ==========================
 
2009-07-14 02:34 - 2012-10-26 07:51 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {16E967EC-52EB-4E21-97EF-4B7333979A7F} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-23] ()
Task: {194235A2-CB3E-4C79-B95D-3D21550EAF25} - System32\Tasks\{E0BD19AD-D4E5-4C2C-A220-D7B9B5869F4B} => C:\Program Files (x86)\The Bridge\The Bridge.exe
Task: {1DF62665-FB77-4F50-A0B6-120B694C3753} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {3DD1FAD4-F73E-46A7-9D20-E8892A41791C} - System32\Tasks\{3F6A58E5-A949-4273-B34E-18024BF782B6} => Chrome.exe http://ui.skype.com/ui/0/4.2.0.166.321/it/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {477B12C2-624C-44C0-B3F8-5FD4D4712BDC} - System32\Tasks\{ADF799B7-5CF2-4BBD-B2AD-72F9C955C4BB} => Iexplore.exe http://ui.skype.com/ui/0/4.2.0.166.321/it/privacy
Task: {4A9DA3E3-CF82-4AFD-82D0-0A10B63A932D} - System32\Tasks\{93CABCEA-12FC-452C-A1E7-9233F94F60AE} => Iexplore.exe http://ui.skype.com/ui/0/4.2.0.166.321/it/eula
Task: {4EC4D0F4-7769-4685-AD60-0E587CED8BD4} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-06-24] (CyberLink)
Task: {59941E6B-50A6-497D-AAD9-D3FFB9100329} - System32\Tasks\{F9873B49-9BDD-4545-8A98-CDCD1D95723B} => Iexplore.exe http://ui.skype.com/ui/0/4.2.0.166.321/it/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {62E46304-8AD8-4AF0-AD4B-65D98D5AD662} - System32\Tasks\{2A99C228-ED8A-4A01-AC95-E032A4BDB6CE} => Chrome.exe http://ui.skype.com/ui/0/4.2.0.166.321/it/abandoninstall?page=tsOptions&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {6F303525-3E84-42F6-A78E-67368EC1E367} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)
Task: {7FFF6924-A0E7-4D10-8A08-B4F595950BD0} - System32\Tasks\{747174CC-BB50-4277-9482-365FD07DCDE5} => C:\Program Files (x86)\Alliance\Alliance.exe [2008-04-16] ()
Task: {832C5768-A878-4CCA-84EA-4C7B5046FB35} - System32\Tasks\{6D7FE0B2-6BF8-49FB-93F1-80DC4836F61A} => F:\Ale\Nabu\3D_Muscular_Premium_Anatomy_Installer.exe
Task: {89485A74-CC51-4B3B-933C-1C1D549A4573} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {A9DA5029-FE81-479C-BE00-F573EDF7544C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {AE823DC9-D84A-4100-B0B6-C89B71DE8FA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17] (Google Inc.)
Task: {BD12BF01-F445-4073-8536-E0248B177917} - \YourFile Update No Task File
Task: {BD8CE84D-6B4E-406F-9AD7-5E9788C8C660} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2012-06-04] (Microsoft)
Task: {D0E7DD6A-4785-47C7-A1CE-D91F91808763} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17] (Google Inc.)
Task: {D28584CE-9BEF-4362-90FB-806B2E8ECE5D} - System32\Tasks\{E2568D97-6979-429C-9A2E-8FC45454690E} => C:\Program Files (x86)\The Bridge\The Bridge.exe
Task: {DFDC4183-3927-4BC2-BF06-DE2A58C43AA4} - System32\Tasks\{72757968-A187-4DAC-9659-FDAB363CF3C9} => C:\Windows\System32\msiexec.exe [2009-07-14] (Microsoft Corporation)
Task: {E170D747-79DC-4AC4-8FF6-0A76E40BFFDF} - System32\Tasks\HPCeeScheduleForIreAle => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {EF14EAD0-948D-432F-A330-4B9874FFAF37} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {EFF9D1C6-24BF-442B-B392-2AA2B30F3CBB} - System32\Tasks\{89C1864B-DE41-4727-A5B2-3BD44DD1401B} => C:\Windows\System32\msiexec.exe [2009-07-14] (Microsoft Corporation)
Task: {F21BF967-BEBF-490A-8795-253FDC0DB97B} - System32\Tasks\{A1CF0154-CDE8-4BC0-9C64-87A65C2199C8} => F:\Ale\Nabu\3D_Muscular_Premium_Anatomy_Installer.exe
Task: {FDA78A64-A12A-41C2-AE3B-77AC3FB87565} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-23] ()
Task: {FEC1D3E4-7552-46ED-A6F0-09077680C0C4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForIreAle.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-07 18:31 - 2013-03-25 10:57 - 00721917 _____ () C:\Windows\SysWOW64\AiCM64.dll
2012-09-28 09:44 - 2012-07-26 07:27 - 00252928 _____ () C:\Program Files (x86)\BatteryCare\OpenHardwareMonitorLib.dll
2010-06-10 16:12 - 2010-06-10 16:12 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-21 20:36 - 2010-06-21 20:36 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-18 14:26 - 2010-06-18 14:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 14:26 - 2010-06-18 14:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-06-18 14:26 - 2010-06-18 14:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2013-08-15 09:39 - 2013-08-15 09:18 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-10-29 23:41 - 2012-06-20 21:23 - 00599419 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2013-05-20 10:32 - 2013-05-20 10:32 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d89f0252d910d617de1de783a812f840\IsdiInterop.ni.dll
2011-12-02 15:28 - 2010-03-03 19:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-11-03 22:53 - 2013-10-09 00:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-11-03 22:53 - 2013-10-09 00:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-11-03 22:53 - 2013-10-09 00:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-11-03 22:53 - 2013-10-09 00:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-11-03 22:53 - 2013-10-09 00:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:6B9ADB51
AlternateDataStreams: C:\ProgramData\Temp:9FB286BF
AlternateDataStreams: C:\ProgramData\Temp:BFC0B58B
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Alcor Micro USB 2.0 Card Reader
Description: Alcor Micro USB 2.0 Card Reader
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Alcor Micro, Corp.
Service: AmUStor
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/04/2013 01:24:37 PM) (Source: SideBySide) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
 
System errors:
=============
Error: (11/04/2013 02:41:17 PM) (Source: Service Control Manager) (User: )
Description: Il servizio Avira Web Protection è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 0 millisecondi: Riavvia il servizio.
 
Error: (11/04/2013 02:05:41 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (11/04/2013 02:05:37 PM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (11/04/2013 11:37:30 AM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (11/04/2013 11:30:20 AM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (11/04/2013 11:30:20 AM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (11/04/2013 10:00:59 AM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (11/04/2013 10:00:55 AM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (11/04/2013 10:00:08 AM) (Source: EventLog) (User: )
Description: Precedente arresto del sistema inatteso a 09:58:53 su ‎04/‎11/‎2013.
 
Error: (11/03/2013 11:07:57 PM) (Source: ipnathlp) (User: )
Description: 0
 
 
Microsoft Office Sessions:
=========================
Error: (11/04/2013 01:24:37 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\IreAle\Downloads\esetsmartinstaller_enu.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-10-28 18:34:38.902
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2012-10-28 18:34:38.839
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2012-10-28 18:34:38.777
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2012-10-28 18:34:38.714
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2012-10-26 07:51:26.268
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
  Date: 2012-10-26 07:51:26.221
  Description: Impossibile verificare l'integrità dell'immagine del file \Device\HarddiskVolume2\ComboFix\catchme.sys. Impossibile trovare l'hash del file nel sistema. Causa possibile: installazione di un file danneggiato o con firma non corretta in seguito a una modifica hardware o software o malware di origine sconosciuta.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 46%
Total physical RAM: 3893.86 MB
Available physical RAM: 2084.94 MB
Total Pagefile: 7785.86 MB
Available Pagefile: 5362.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:63.97 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.62 GB) (Free:3.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:347.08 GB) (Free:10.82 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CEACC9B0)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=64 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=377 GB) - (Type=05)
Partition 4: (Not Active) - (Size=25 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleeping Freestyler


  • Malware Response Team
  • 6,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:53 AM

Posted 04 November 2013 - 06:06 PM

Hi,

 

 

Please download the following file => Attached File  fixlist.txt   1.13KB   6 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


qnfKk.jpg
My help is always free of charge. If you appreciate my work, you can buy me a beer or two by clicking here - paypal.gif

#5 nabu

nabu
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 05 November 2013 - 01:55 PM

Just before keep going i wanted to tell you that yesterday night i had to delete and install a couple of programs... i didn't use any tool or other recovery as for this i'm totally following your directions...but if your "don't make any changes" regard also installing or deleting a program then i did it...

I hope it didn't screw up your work!! I'm sorry and it will not happen again!!

 

Anyway i run the FRST and i post you the results:

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by IreAle at 2013-11-05 18:51:14 Run:1
Running from C:\Users\IreAle\Desktop\Virus
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] - [x]
Unlock: C:\PROGRA~2\SearchProtect
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [97280 2009-07-14] ()
C:\PROGRA~2\SearchProtect
SearchScopes: HKLM - DefaultScope value is missing.
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
cmd: netsh winsock reset
cmd: type C:\Users\IreAle\Desktop\JRT.txt
Task: {BD12BF01-F445-4073-8536-E0248B177917} - \YourFile Update No Task File
AlternateDataStreams: C:\ProgramData\Temp:6B9ADB51
AlternateDataStreams: C:\ProgramData\Temp:9FB286BF
AlternateDataStreams: C:\ProgramData\Temp:BFC0B58B
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
end
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
"C:\PROGRA~2\SearchProtect" => Not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
"C:\PROGRA~2\SearchProtect" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{41564952-412D-5637-00A7-7A786E7484D7} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{41564952-412D-5637-00A7-7A786E7484D7} => Value deleted successfully.
HKCR\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
 
=========  netsh winsock reset =========
 
 
Reimpostazione catalogo Winsock completata.
� necessario riavviare il computer per completare l'operazione.
 
 
========= End of CMD: =========
 
 
=========  type C:\Users\IreAle\Desktop\JRT.txt =========
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by IreAle on 03/11/2013 at 22:32:39,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2553821885-3755592227-3871308271-1004\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{F75BACBD-21D4-4348-B629-ACF4D8EF88D0}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\IreAle\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{057C69F5-DF67-484F-AD75-981CB2210854}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{1164D4F5-1BEF-4161-8840-2A86AD22A094}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{2F00B51C-94DC-4A58-AD10-1D2FC85E7829}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{31F4CAC7-19B0-4EDF-B01C-1DEC54C85AD7}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{33133CAB-6BCA-4157-A055-CAA983FF4E4F}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{3D36CC84-F1DB-4DB1-B80D-C3FDB694A334}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{539E4041-369F-4780-8CED-6664B72A0A05}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{72DC820D-D6F2-4CB5-8BE0-9B5885D8A890}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{80DB0520-77FC-47DB-947C-495DC62C2350}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{87B397B1-9524-4810-9C40-14B7904A3A03}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{9C501A4E-4210-44F2-94BD-F64215C7501C}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{B2E074BC-0AA1-435B-A04C-75B27BB14629}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{B5D56744-3A77-4182-85FF-CB60FBB52F86}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{BE1A40BC-3F7B-403D-8833-5530C53F119B}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{BE48B394-04BE-4B64-B90B-D74953C42809}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{BF2B476F-19AA-435B-9801-F7DF4C421ACC}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{C770C23A-CA69-49A0-95EB-37308FFA3A0E}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{D0371A10-3015-45C6-9CCD-EF39BC9AE42B}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{E1D5421D-3827-4257-BC9F-B178B72FBE20}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{EA87521A-10C7-4DD9-A15B-B872C9136BC2}
Successfully deleted: [Empty Folder] C:\Users\IreAle\appdata\local\{F3E9B527-DE19-4154-8C61-57525743F2F5}
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\IreAle\AppData\Roaming\mozilla\firefox\profiles\zaeroxpe.default\extensions\[email protected]
Successfully deleted the following from C:\Users\IreAle\AppData\Roaming\mozilla\firefox\profiles\zaeroxpe.default\prefs.js
 
user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":39,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Anal
user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\"");
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/11/2013 at 22:38:28,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
========= End of CMD: =========
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BD12BF01-F445-4073-8536-E0248B177917} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD12BF01-F445-4073-8536-E0248B177917} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile Update => Key deleted successfully.
C:\ProgramData\Temp => ":6B9ADB51" ADS removed successfully.
C:\ProgramData\Temp => ":9FB286BF" ADS removed successfully.
C:\ProgramData\Temp => ":BFC0B58B" ADS removed successfully.
C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.
 
==== End of Fixlog ====


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleeping Freestyler


  • Malware Response Team
  • 6,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:53 AM

Posted 06 November 2013 - 06:49 PM

Hello,

 

No worries! :)

Let's check for leftovers.

The most of them should take no more than 5 minutes each.

 

 

 

STEP 1

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
     
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 2




  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3



Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 4




  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and copy and past the results at pastebin.com and post the link to the log in your next reply.




STEP 5



Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 6



Please download the latest version of AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

STEP 7

 

 

thisisujrt.gif  Please download the latest version of Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

Regards,

Georgi


qnfKk.jpg
My help is always free of charge. If you appreciate my work, you can buy me a beer or two by clicking here - paypal.gif

#7 B-boy/StyLe/

B-boy/StyLe/

    Bleeping Freestyler


  • Malware Response Team
  • 6,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:53 AM

Posted 09 November 2013 - 11:27 AM

Hi,

 

Are you still with me?

 

 

Regards,

Georgi


qnfKk.jpg
My help is always free of charge. If you appreciate my work, you can buy me a beer or two by clicking here - paypal.gif

#8 nabu

nabu
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 09 November 2013 - 05:17 PM

Yeeesss!!

 

Sorry, yesterday i tryied to finish but i was done from the working day!!

 

Ok i'm ready now!!

 

 

 

 

Rkill 2.6.2 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/08/2013 09:55:55 PM in x64 mode.
Windows Version: Windows 7 Home Premium 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\SysWOW64\ezSharedSvcHost.exe (PID: 1908) [WD-HEUR]
 * C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (PID: 1964) [AU-HEUR]
 
2 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Disabled
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Disabled
 
 * Driver di autorizzazione di Windows Firewall (mpsdrv) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 11/08/2013 09:57:17 PM
Execution time: 0 hours(s), 1 minute(s), and 21 seconds(s)
 
 
 
 
RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : IreAle [Admin rights]
Mode : Scan -- Date : 11/08/2013 22:06:45
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> Trovato
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> Trovato
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> Trovato
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> Trovato
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato
 
¤¤¤ Le attività pianificate : 0 ¤¤¤
 
¤¤¤ voci di avvio : 0 ¤¤¤
 
¤¤¤ I browser Web : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ Extern Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS725050A9A364 +++++
--- User ---
[MBR] 84a27a419da03db16c159b897c198530
[BSP] c0501d9a1699f1edc8690e86f86a9595 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 65503 Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 134560564 | Size: 385920 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 924930048 | Size: 25210 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_11082013_220645.txt >>
 
 
 
 
 
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Versione database: v2013.11.09.08
 
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
IreAle :: NOWEHERELAND [amministratore]
 
09/11/2013 21:36:09
mbam-log-2013-11-09 (21-36-09).txt
 
Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 250385
Tempo impiegato: 5 minuti, 53 secondi
 
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
 
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
 
Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)
 
Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)
 
Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)
 
Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)
 
File rilevati: 0
(non sono stati rilevati elementi nocivi)
 
(fine)
 
 
 
Farbar Service Scanner Version: 09-01-2013
Ran by IreAle (administrator) on 09-11-2013 at 21:45:08
Running from "C:\Users\IreAle\Downloads"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
 
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-05-19 19:29] - [2013-01-04 05:41] - 1893224 ____A (Microsoft Corporation) 5CFB7AB8F9524D1A1E14369DE63B83CC
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
 
 
 
 
 
# AdwCleaner v3.011 - Report created 09/11/2013 at 21:47:00
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : IreAle - NOWEHERELAND
# Running from : C:\Users\IreAle\Downloads\AdwCleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\IreAle\AppData\Roaming\Mozilla\Firefox\Profiles\zaeroxpe.default\foxydeal.sqlite
File Found : C:\Users\IreAle\AppData\Roaming\Mozilla\Firefox\Profiles\zaeroxpe.default\foxydeal.sqlite
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.17267
 
 
-\\ Mozilla Firefox v9.0.1 (it)
 
[ File : C:\Users\IreAle\AppData\Roaming\Mozilla\Firefox\Profiles\zaeroxpe.default\prefs.js ]
 
 
[ File : C:\Users\IreAle\AppData\Roaming\Mozilla\Firefox\Profiles\zaeroxpe.default\prefs.js ]
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6586 octets] - [03/11/2013 22:24:07]
AdwCleaner[R1].txt - [1185 octets] - [03/11/2013 22:28:47]
AdwCleaner[R2].txt - [1474 octets] - [09/11/2013 21:47:00]
AdwCleaner[S0].txt - [5917 octets] - [03/11/2013 22:25:49]
AdwCleaner[S1].txt - [1145 octets] - [03/11/2013 22:29:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1654 octets] ##########
 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by IreAle on 09/11/2013 at 21:59:25,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\IreAle\AppData\Roaming\mozilla\firefox\profiles\zaeroxpe.default\prefs.js
 
user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":39,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Anal
user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\"");
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/11/2013 at 22:04:49,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9 B-boy/StyLe/

B-boy/StyLe/

    Bleeping Freestyler


  • Malware Response Team
  • 6,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:53 AM

Posted 10 November 2013 - 03:33 AM

Hi,

 

Thanks for the logs. :)

 

Next let's try to fix the broken services.

Backup Your Registry
 

 

Now download the following files and save them to your desktop:

mpsdrv.reg

 

MpsSvc.reg

 

WinDefend.reg

 

wuauserv.reg

 

fix.reg

Now double click on each of them one by one. An information box will pop up asking if you want to merge the information in the file into the registry, click YES.

 

  • Next please download the ESET ServicesRepair utility and save it to your Desktop.
  • Double-click ServicesRepair.exe to run the ESET ServicesRepair utility.
  • If you are using User Access Control, click Run when prompted and then click Yes when asked to allow changes.
  • Reboot the computer and then please attach fresh logs from Farbar Service Scanner.

 

Also please double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished this time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

 

Also you forgot to post the link to the TDSSKiller's log. :)

 

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 10 November 2013 - 03:34 AM.

qnfKk.jpg
My help is always free of charge. If you appreciate my work, you can buy me a beer or two by clicking here - paypal.gif

#10 nabu

nabu
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 10 November 2013 - 05:17 PM

Ok!
 
Sorry for the tdsskiller!!
I'm having some trouble pasting it in the answer window...and in pastbin it says that i excedeed the amount for not pro...i hope is working in a new post window...
 
 
 
Farbar Service Scanner Version: 09-01-2013
Ran by IreAle (administrator) on 10-11-2013 at 21:55:50
Running from "C:\Users\IreAle\Downloads"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-05-19 19:29] - [2013-01-04 05:41] - 1893224 ____A (Microsoft Corporation) 5CFB7AB8F9524D1A1E14369DE63B83CC
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
 
 
 
 
 
# AdwCleaner v3.011 - Report created 10/11/2013 at 22:01:09
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : IreAle - NOWEHERELAND
# Running from : C:\Users\IreAle\Downloads\AdwCleaner (2).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\IreAle\AppData\Roaming\Mozilla\Firefox\Profiles\zaeroxpe.default\foxydeal.sqlite
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.17267
 
 
-\\ Mozilla Firefox v9.0.1 (it)
 
[ File : C:\Users\IreAle\AppData\Roaming\Mozilla\Firefox\Profiles\zaeroxpe.default\prefs.js ]
 
 
[ File : C:\Users\IreAle\AppData\Roaming\Mozilla\Firefox\Profiles\zaeroxpe.default\prefs.js ]
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [6586 octets] - [03/11/2013 22:24:07]
AdwCleaner[R1].txt - [1185 octets] - [03/11/2013 22:28:47]
AdwCleaner[R2].txt - [1738 octets] - [09/11/2013 21:47:00]
AdwCleaner[R3].txt - [1778 octets] - [10/11/2013 21:59:59]
AdwCleaner[S0].txt - [5917 octets] - [03/11/2013 22:25:49]
AdwCleaner[S1].txt - [1145 octets] - [03/11/2013 22:29:47]
AdwCleaner[S2].txt - [1012 octets] - [09/11/2013 21:53:54]
AdwCleaner[S3].txt - [1601 octets] - [10/11/2013 22:01:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1661 octets] ##########
 
 


#11 nabu

nabu
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 10 November 2013 - 05:47 PM

Sorry i had to divide in three portions the log file 'cause it was bigger than 500kb...

 

 

http://pastebin.com/9FCBbScY

 

 

http://pastebin.com/YzXqqs9U

 

 

http://pastebin.com/5nVRWmRS



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleeping Freestyler


  • Malware Response Team
  • 6,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:53 AM

Posted 11 November 2013 - 02:22 PM

Hi,

 

We are almost done here. These are the latest steps just to make sure everything is gone. :)

 

 

STEP 1

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

 

8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.

 

Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

STEP 2

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

Regards,

Georgi


qnfKk.jpg
My help is always free of charge. If you appreciate my work, you can buy me a beer or two by clicking here - paypal.gif

#13 nabu

nabu
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 11 November 2013 - 06:11 PM

Great!

 

So here you go the logs!!

 

 

HitmanPro 3.7.8.208
www.hitmanpro.com
 
   Computer name . . . . : NOWEHERELAND
   Windows . . . . . . . : 6.1.0.7600.X64/4
   User name . . . . . . : Nowehereland\IreAle
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (22 days left)
 
   Scan date . . . . . . : 2013-11-11 23:02:43
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 42s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 81
 
   Objects scanned . . . : 1.531.303
   Files scanned . . . . : 17.577
   Remnants scanned  . . : 326.673 files / 1.187.053 keys
 
Cookies _____________________________________________________________________
 
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:112.2o7.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.e-kolay.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.payclick.it
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.propellerads.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.bleepingcomputer.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.clicmanager.fr
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.rcs.it
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.torrentco.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.atdmt.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:chitika.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:coop.solution.weborama.fr
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:dandmholdings.112.2o7.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ferrero2.solution.weborama.fr
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:fl01.ct2.comclick.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:jpmorganchase.112.2o7.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:nissan2.solution.weborama.fr
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:philips.112.2o7.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool-eu-ie.creative-serving.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:prisacom.112.2o7.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:sonyeurope.112.2o7.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.adotube.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.at.atwola.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:vodafoneit.solution.weborama.fr
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:weboramaitdata.solution.weborama.fr
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:weboramaitdatas3.solution.weborama.fr
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.smartadserver.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\IreAle\AppData\Roaming\Microsoft\Windows\Cookies\XQFYLNDQ.txt
   C:\Users\IreAle\AppData\Roaming\Mozilla\Firefox\Profiles\zaeroxpe.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Users\IreAle\AppData\Roaming\Mozilla\Firefox\Profiles\zaeroxpe.default\cookies.sqlite:ads.bleepingcomputer.com
   C:\Users\IreAle\AppData\Roaming\Mozilla\Firefox\Profiles\zaeroxpe.default\cookies.sqlite:chitika.net
   C:\Users\IreAle\AppData\Roaming\Mozilla\Firefox\Profiles\zaeroxpe.default\cookies.sqlite:invitemedia.com
   C:\Users\IreAle\AppData\Roaming\Mozilla\Firefox\Profiles\zaeroxpe.default\cookies.sqlite:media6degrees.com
   C:\Users\IreAle\AppData\Roaming\Mozilla\Firefox\Profiles\zaeroxpe.default\cookies.sqlite:mm.chitika.net
   C:\Users\IreAle\AppData\Roaming\Mozilla\Firefox\Profiles\zaeroxpe.default\cookies.sqlite:ru4.com
   C:\Users\IreAle\AppData\Roaming\Mozilla\Firefox\Profiles\zaeroxpe.default\cookies.sqlite:tribalfusion.com
 
 
 
 
 
 
 
 

 Results of screen317's Security Check version 0.99.76  
 Windows 7  x64   
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 25  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
  Adobe Flash Player 11.2.202.235 Flash Player out of Date!  
 Mozilla Firefox (9.0.1) 
 Google Chrome 30.0.1599.101  
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 BillP Studios WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleeping Freestyler


  • Malware Response Team
  • 6,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:53 AM

Posted 12 November 2013 - 03:21 PM

Hi,

 

 

STEP 1 - UPDATING TASKS

 

 

 

Go ahead and install Service Pack 1 for Windows 7!

Check the link below for more info:

http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1

 

 

Re-enable your antivirus program.

 

 

Upgrading Java:


javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.
 

  • Download the latest version of Java SE 7.
  • Click the Java™ 7 Update 45 "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-7u45-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java:
    Java 7 Update 25
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-7u45-windows-i586.exe and select "Run as an Administrator.")

 

 

Or you can simple uninstall JAVA and try avoid installing Java unless absolutely required by your applications: (it's your call)...

 

http://www.techsupportforum.com/5494-java-time-to-wake-up-and-smell-the-coffee/

 

 

Next please run JavaRa.

  • Please download JavaRa and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • Choose Remove JRE and from the drop-down menu select any Java version (if listed) and press Run Uninstaller. (If Java is not listed please click on Next).
  • Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
  • When that's successfully done, please click OK to close the message.
  • Click on Next and skip the downloading process. Click Next and now click on Close this wizard and click Finish.
  • From the main menu please choose Additional tasks
  • Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click Run. The browsers should be closed before running this task.
  • When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
  • A log file should be created in the same directory as JavaRa.
  • Please post the log in your next reply.
  • Close JavaRa by clicking the red cross button.

 

 

Your Internet Explorer is out of date! Even you don't use it it's recommended to update it.

You can download the latest one from here =>  Internet Explorer 11.0 Final for Windows 7 EN x86

You can download the latest one from here =>  Internet Explorer 11.0 Final for Windows 7 EN x64

 

 

 

Your adobe flash player is out of date. Older versions are vulnerable to attack and exploitation. Please go to the links below to update it:

Adobe Flash Player 11.9.900.152 Final for (Internet Explorer)

]Adobe Flash Player 11.9.900.152 Final for (Firefox, Safari, Opera)

Note: Your browsers should be closed before proceeding with the installation process.



Your Mozilla Firefox is out of date!
Download and install the latest version Mozilla Firefox 25.0 Final for Windows
Do a backup of your existing profile using Mozbackup or FEBE before you proceed with the update.
 

 

  • It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

 

 

Visit Microsoft's Windows Update Site Frequently

 

  • It is important that you visit Windows Update regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.  
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

.

Great work. Finally we got there. :bananas:

 

Nicely done ! This is the end of our journey if you don't have any more questions.
I have some final words for you.
All Clean !
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean.

 

 

 

STEP 2 - CLEANUP



To remove all of the tools we used and the files and folders they created, please do the following:

 

 

Download the following file => txt.gif  fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
It's no needed to post the log this time.

 

 

Please download OTC.exe by OldTimer and save it to your desktop.
 

  • Right-click the OTC.exe and choose Run as Administrator.
  • Click on CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

 

  • Next please download Delfix.exe by Xplode and save it to your desktop.
  • Please start it and check the box next to "Remove disinfection tools" and click on the run button.
  • The tool will delete itself once it finishes.

 

Note: If any tool, file, log file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.



STEP 2 SECURITY ADVICES



Change all your passwords !


Since your computer was infected for peace of mind, I would however advise you that all your passwords be changed immediately !! (just in case).
Use different passwords for all your accounts. Also don't use easy passwords such as your favorite teams, bands or pets because this will allow people to guess your password.
You can use PC Tools Password Generator to create random passwords and then install an application like KeePass Password Safe to store them for easy access.If you do Online Banikng please read this article: Online Banking Protection Against Identity Theft



Keep your antivirus software turned on and up-to-date

 

  • Make sure your antivirus software is turned on and up-to-date.
  • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note:
  • You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • You should scan your computer with an AntiSpyware program like Malwarebytes' Anti-Malware on a regular basis just as you would an antivirus software.
  • Be sure to check for and download any definition updates prior to performing a scan.

 

 

Install HIPS based software if needed (or use Limited Account with UAC enabled)


HIPS based software controls what an application is allowed to do and not allowed to do.
It monitors what each application tries to do, how it use the internet and give you the ability to block any suspicious activity occurring on your computer.
In my opinion the best way to prevent an unknown malware from gaining access is to use some HIPS programs (like COMODO, PrivateFirewall, Online Armor etc.) to control the access rights of legitimate applications, although this would only be advisable for experienced users...
However, you should be aware though that (if you install Comodo Firewall and not the whole package Comodo Internet Security) this is not an replacement for a standard antivirus application. It's a great tool to add another layer of protection to your existent antivirus application. It takes some time and knowledge to configure it for individual purposes but once done, you should not have a problems with it.
There are so many reviews on YouTube and blogs about all these programs.
Keep in mind to choose carefully in order to avoid conflicts or instability caused by incompatible security programs.
Also having more than one "real-time" program can be a drain on your PC's efficiency...
 
If you like Comodo you should choose for yourself which version of Comodo you will use 5 or 6. Personally I stick to version 5 at least for now!
COMODO V5 & V6 Users Count Poll

 

 

Be prepared for CryptoLocker:

 

CryptoLocker Ransomware Information Guide and FAQ

Cryptolocker Ransomware: What You Need To Know

 

Since the prevention is better than cure you can use gpedit built-in Windows or CryptoPrevent (described in the first link) to secure the PC against this locker.

Another way is to use Comodo Firewall and to add all local disks to Protected Files and Folders

Panda Antivirus Cloud added a new feature called data shield which should work as well (don't install it if already have another antivirus solution on board).

You may want to check HitmanPro.Alert.CryptoGuard too.

 

 

Practice Safe Internet


One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.  Below are a list of simple precautions to take to keep your computer clean and running securely:
 

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • .exe, .com, .bat, .pif, .scr, .vbs, .js or .jse do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:
    Foistware, And how to avoid it. There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams.  For a list of these types of programs we recommend you visit this link: About Malwares, Rogues, Scarewares, SmitfraudFix
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you.  We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections. Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications. Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems. So my advice is - stay away from them!
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site. Note: skip this advice if your antivirus have a Web Guard.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

 

 

Tweak your browsers
 
 
MOZILLA FIREFOX


To prevent further infections be sure to install the following add-ons NoScript and AdBlock Plus

 

Adblock Plus hides all those annoying (and potentially dangerous) advertisements on websites that try and tempt you to buy or download something. AdBlock not only speeds up your browsing and makes it easier on your eyes, but also makes it safer.

 

Adblock Plus can be found here.

 

NoScript is only for advanced users as it blocks all the interactive parts of a webpage, such as login options. Obviously you wouldn’t want to block your ability to log on to your internet banking or your webmail, but thankfully you can tell NoScript to allow certain websites and block others. This is very useful to ensure that the website you’re visiting is not trying to tempt you to interact with another, more dangerous website.

 

NoScript can be found here
 

 

 

Google Chrome

 
If you like Google Chrome there are many similar extensions for this browser as well. Since I am not a Google Chrome user I can't tell you which of them are good and how they work. You should find out by yourself.

However Google Chrome can block a lot of unknown malware because of his sandbox.Beware of the fact that Google Chrome doesn't provide master password protection for your saved in the browser passwords. Check this out: Google Chrome security flaw offers unrestricted password access

 

 

 

For Internet Explorer 9/10 read the articles below:
 

Security and privacy features in Internet Explorer 9

Enhanced Protected Mode
Use Tracking Protection in Internet Explorer

Security in Internet Explorer 10

 

Immunize your browsers with SpywareBlaster 5 and Spybot Search and Destroy 1.6

Also MBAM acquired the following software Malwarebytes Anti-Exploit and it should work with the most popular browsers. Beware the product is in beta stage.

Changelog can be seen here and known issues here.

 

EMET is another great tool which should lock the pc against exploits.
 

 

 

Disable the dangerous services you don't need and don't use like Remote Registy, Server, RemoteAccess etc. (if you don't feel comfortable to change the services configuration then please skip this step). It's a good idea to disable the autorun functionality using the following tool to prevent spreading of the infections from USB flash drives.

 
Make the extensions for known file types visible:
 
 
Be wary of files with a double extension such as jpg.exe. As a default setting, Windows often hides common file extensions, meaning that a program like image.jpg.exe will appear to you as simply image.jpg. Double extensions exploit this by hiding the second, dangerous extension and reassuring you with the first one.Check this out - Show or hide file name extensions.

 

 

Create an image of your system (you can use the built-in Windows software as well if you prefere)

 

  • Now when your pc is malware free it is a good idea to do a backup of all important files just in case something happens it.
  • Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.
  • The download link is here.
  • The tutorials can be found here.
  • Be sure to read the tutorial first.

 

 

Optimize Windows 7 for better performance

Check this article for more information.

 

Especially you need to defragment your C:\ Drive (if you don't use an SSD drive).

 

Follow this list and your potential for being infected again will reduce dramatically.

Safe Surfing! :)
 

 

Cheers,

Georgi


qnfKk.jpg
My help is always free of charge. If you appreciate my work, you can buy me a beer or two by clicking here - paypal.gif

#15 nabu

nabu
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 13 November 2013 - 02:27 PM

Hi!

 

I'm having some doubts on the service pack 1 step...

It doesn't show up on windows update...

I saw there are manual ways to update downloading the package manually...should i use this one?

Windows update it also says there is the optional update for live essential, but i can't do it 'cause i have a recent version of it installed...and it says i should uninstall all the essential programs...could it be this having an pending optional update that cause me not to have the service pack update showed?






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users