Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspect csrss.exe virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 Bleky

Bleky

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:01:17 PM

Posted 06 October 2014 - 02:21 PM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.67.2
Run by USER at 21:18:50 on 2014-10-06
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.385.1033.18.3574.2389 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\HitmanPro.Alert\hmpalert.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\vmnat.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TeamViewer\Version9\tv_w32.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.hr/
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\program files\amd\steadyvideo\SteadyVideo.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightShot] c:\users\user\appdata\local\skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ITSecMng] c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe /START
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Avira Systray] c:\program files\avira\my avira\Avira.OE.Systray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %windir%\system32\vsocklib.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9887B342-0491-449B-A360-B3AC871E5DE3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9887B342-0491-449B-A360-B3AC871E5DE3}\16462626D20727F646 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9887B342-0491-449B-A360-B3AC871E5DE3}\350756564645F6573686442363645403 : DHCPNameServer = 192.168.5.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files\amd\steadyvideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files\amd\steadyvideo\VideoMIMEFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\fmruwdpp.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\users\user\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2014-10-4 63824]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-6-6 37352]
R1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-2-18 74456]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-3-6 163328]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-6-6 430160]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-6-6 430160]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-6-6 1021008]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-6-6 97648]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\avira\my avira\Avira.OE.ServiceHost.exe [2014-8-27 160048]
R2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys [2014-4-3 75640]
R2 hmpalertsvc;HitmanPro.Alert Service;c:\program files\hitmanpro.alert\hmpalert.exe [2014-4-3 1876816]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-4-3 4799760]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2014-2-27 722624]
R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2012-1-4 82560]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2012-1-4 173184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-4 23256]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-6-6 414824]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\drivers\rtwlane.sys [2013-6-6 998544]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2013-6-6 44160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-3-26 1809720]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-3-26 860472]
S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [2013-6-24 26496]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-1-28 30976]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-9-13 108032]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-3-26 51928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-6-6 14848]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-12 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-6-6 24064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-6-6 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-6-6 27136]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-12 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-6-6 1343400]
.
=============== Created Last 30 ================
.
2014-10-04 11:14:34 -------- d-----w- c:\users\user\appdata\local\VMware
2014-10-04 11:13:53 63824 ----a-w- c:\windows\system32\drivers\vsock.sys
2014-10-04 11:13:53 63568 ----a-w- c:\windows\system32\vsocklib.dll
2014-10-04 11:13:44 26456 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2014-10-04 11:12:25 359128 ----a-w- c:\windows\system32\vmnetdhcp.exe
2014-10-04 11:12:17 437976 ----a-w- c:\windows\system32\vmnat.exe
2014-10-04 11:12:17 26968 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2014-10-04 11:12:06 776920 ----a-w- c:\windows\system32\vnetlib.dll
2014-10-04 11:11:55 43840 ----a-w- c:\windows\system32\drivers\hcmon.sys
2014-10-04 11:11:53 32320 ----a-w- c:\windows\system32\drivers\vmusb.sys
2014-10-04 11:10:33 -------- d-----w- c:\program files\VMware
2014-10-04 11:10:33 -------- d-----w- c:\program files\common files\VMware
2014-10-03 14:46:12 -------- d-----r- c:\users\user\Google disk
2014-10-02 15:09:16 -------- d-----w- c:\program files\VS Revo Group
2014-10-02 15:04:38 -------- d-----w- c:\users\user\appdata\local\VS Revo Group
2014-10-02 15:04:24 -------- d-----w- c:\programdata\VS Revo Group
2014-10-02 12:48:23 741488 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2014-10-02 12:48:07 105472 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2014-10-01 19:55:14 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 17:11:51 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-22 16:06:50 -------- d-----w- c:\users\user\appdata\roaming\PDAppFlex
2014-09-22 16:05:57 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-09-22 15:20:13 -------- d-----r- c:\users\user\Creative Cloud Files
2014-09-18 13:39:40 -------- d-----w- c:\program files\iPod
2014-09-18 13:39:38 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-18 13:39:38 -------- d-----w- c:\program files\iTunes
2014-09-13 18:43:07 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-09-13 18:43:06 259584 ----a-w- c:\program files\internet explorer\IEShims.dll
2014-09-13 18:43:05 752640 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2014-09-13 18:43:05 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-13 18:43:02 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-09-13 18:43:02 235192 ----a-w- c:\program files\internet explorer\sqmapi.dll
2014-09-13 18:43:01 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-09-13 18:43:01 272384 ----a-w- c:\program files\internet explorer\ieproxy.dll
2014-09-13 18:43:00 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-09-13 18:41:16 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 17:24:11 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 17:24:11 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 17:23:16 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 17:23:12 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 17:23:06 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 17:23:06 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-09 16:32:52 175976 ------w- c:\windows\system32\VBoxNetFltNobj.dll
2014-09-09 16:32:52 117272 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
.
==================== Find3M  ====================
.
2014-09-24 13:01:28 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-24 13:01:28 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-10 11:40:02 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-23 01:46:55 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 00:42:53 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-18 22:08:55 4232704 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 21:46:26 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 21:44:44 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 21:36:07 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 21:36:05 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 21:30:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:22:48 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:08:54 2014208 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- c:\windows\system32\wininet.dll
2014-08-07 13:57:03 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-06 16:40:50 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-07-28 12:52:00 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-07-28 12:52:00 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2014-07-26 12:13:31 35848 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-25 00:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-09 01:29:32 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 01:29:31 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
.
============= FINISH: 21:20:20,59 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:17 AM

Posted 11 October 2014 - 07:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:01:17 PM

Posted 11 October 2014 - 09:10 AM

Hi nasdaq

Im not at home today and I will post the logs tomorrow. :)

#4 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:01:17 PM

Posted 11 October 2014 - 01:34 PM

# AdwCleaner v3.311 - Report created 11/10/2014 at 20:20:51
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : USER - USER-PC
# Running from : C:\Users\USER\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Skillbrains
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : update-sys
Task Deleted : update-S-1-5-21-1232973798-4032959043-3512486690-1000
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [LightShot]
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKCU\Software\SkillBrains
Key Deleted : HKLM\SOFTWARE\SkillBrains
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
[ File : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\fmruwdpp.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1333 octets] - [11/10/2014 20:16:13]
AdwCleaner[S0].txt - [1243 octets] - [11/10/2014 20:20:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1303 octets] ##########
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-10-2014
Ran by USER (administrator) on USER-PC on 11-10-2014 20:26:13
Running from C:\Users\USER\Desktop
Loaded Profile: USER (Available profiles: USER)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2321680 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2012-04-04] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [407704 2012-04-04] (ActivIdentity)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-1232973798-4032959043-3512486690-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKU\S-1-5-21-1232973798-4032959043-3512486690-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [01MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll No File
ShellIconOverlayIdentifiers: [02MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll No File
ShellIconOverlayIdentifiers: [03MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA54092BFC062CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr-HR
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\fmruwdpp.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\USER\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\USER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\fmruwdpp.default\Extensions\abs@avira.com [2014-08-12]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.hr/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll No File
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-06]
CHR Extension: (Google disk) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-06]
CHR Extension: (WOT) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-11-10]
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-06]
CHR Extension: (Google pretraživanje) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-06]
CHR Extension: (Izvanmrežni Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-08-26]
CHR Extension: (Avira Browser Safety) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-05-11]
CHR Extension: (AdBlock) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-29]
CHR Extension: (Cut the Rope) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2013-08-26]
CHR Extension: (Google Novčanik) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-06]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-12] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [1876816 2014-04-11] (SurfRight B.V.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [359128 2014-06-12] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [722624 2014-02-27] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [437976 2014-06-12] (VMware, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AKSIM; C:\Windows\System32\drivers\aksim.sys [26496 2013-06-24] (ActivIdentity)
R3 amdhub30; C:\Windows\System32\DRIVERS\amdhub30.sys [82560 2012-01-04] (Advanced Micro Devices, INC.)
R3 amdxhc; C:\Windows\System32\DRIVERS\amdxhc.sys [173184 2012-01-04] (Advanced Micro Devices, INC.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [43840 2014-02-27] (VMware, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-01-28] ()
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [75640 2014-04-11] ()
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [74456 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [998544 2012-07-26] (Realtek Semiconductor Corporation                           )
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-06-06] (Avira GmbH)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [26456 2014-06-12] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [17104 2014-06-12] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37456 2014-06-12] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26968 2014-06-12] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\DRIVERS\vmusb.sys [32320 2014-02-27] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [66136 2014-06-12] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [63824 2013-10-08] (VMware, Inc.)
S3 catchme; \??\C:\Users\USER\AppData\Local\Temp\catchme.sys [X]
S3 Tosrfcom; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-11 20:26 - 2014-10-11 20:27 - 00017009 _____ () C:\Users\USER\Desktop\FRST.txt
2014-10-11 20:26 - 2014-10-11 20:26 - 00000000 ____D () C:\FRST
2014-10-11 20:24 - 2014-10-11 20:24 - 00001383 _____ () C:\Users\USER\Desktop\AdwCleaner[S0].txt
2014-10-11 20:16 - 2014-10-11 20:21 - 00000000 ____D () C:\AdwCleaner
2014-10-11 20:15 - 2014-10-11 20:15 - 01101312 _____ (Farbar) C:\Users\USER\Desktop\FRST.exe
2014-10-11 20:15 - 2014-10-11 20:14 - 01375089 _____ () C:\Users\USER\Desktop\AdwCleaner.exe
2014-10-11 20:14 - 2014-10-11 20:15 - 01101312 _____ (Farbar) C:\Users\USER\Downloads\FRST.exe
2014-10-11 20:14 - 2014-10-11 20:14 - 01375089 _____ () C:\Users\USER\Downloads\AdwCleaner.exe
2014-10-06 21:20 - 2014-10-06 21:20 - 00017823 _____ () C:\Users\USER\Desktop\dds.txt
2014-10-06 21:20 - 2014-10-06 21:20 - 00005871 _____ () C:\Users\USER\Desktop\attach.txt
2014-10-06 21:17 - 2014-10-06 21:17 - 00688992 ____R (Swearware) C:\Users\USER\Downloads\dds.com
2014-10-06 20:12 - 2014-10-03 13:52 - 00001137 _____ () C:\Users\USER\Desktop\Zadatak....txt
2014-10-06 20:12 - 2014-09-26 12:59 - 00000618 _____ () C:\Users\USER\Desktop\Petlje s uvjetom DO LOOP.txt
2014-10-06 13:39 - 2014-10-06 19:12 - 00514829 _____ () C:\Users\USER\Desktop\Carl von Linne prezentacija.pptx
2014-10-05 11:56 - 2014-10-05 13:30 - 2828101632 _____ () C:\Users\USER\Downloads\9600.16384.WINBLUE_RTM.130821-1623_X86FRE_ENTERPRISE_EVAL_EN-US-IRM_CENA_X86FREE_EN-US_DV5.ISO
2014-10-04 13:21 - 2014-10-06 15:00 - 00000000 ____D () C:\Users\USER\Documents\Virtual Machines
2014-10-04 13:14 - 2014-10-06 15:59 - 00000000 ____D () C:\Users\USER\AppData\Local\VMware
2014-10-04 13:14 - 2014-10-06 15:54 - 00000000 ____D () C:\Users\USER\AppData\Roaming\VMware
2014-10-04 13:13 - 2014-06-12 18:22 - 00026456 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2014-10-04 13:13 - 2013-10-08 18:20 - 00063824 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2014-10-04 13:13 - 2013-10-08 18:20 - 00063568 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-10-04 13:12 - 2014-06-12 18:23 - 00359128 _____ (VMware, Inc.) C:\Windows\system32\vmnetdhcp.exe
2014-10-04 13:12 - 2014-06-12 18:22 - 00776920 _____ (VMware, Inc.) C:\Windows\system32\vnetlib.dll
2014-10-04 13:12 - 2014-06-12 18:22 - 00437976 _____ (VMware, Inc.) C:\Windows\system32\vmnat.exe
2014-10-04 13:12 - 2014-06-12 18:22 - 00026968 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2014-10-04 13:11 - 2014-02-27 18:40 - 00043840 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2014-10-04 13:11 - 2014-02-27 18:40 - 00032320 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmusb.sys
2014-10-04 13:10 - 2014-10-11 20:24 - 00000000 ____D () C:\ProgramData\VMware
2014-10-04 13:10 - 2014-10-04 13:11 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-10-04 13:10 - 2014-10-04 13:10 - 00000000 ____D () C:\Program Files\VMware
2014-10-03 16:46 - 2014-10-03 16:51 - 00000000 ___RD () C:\Users\USER\Google disk
2014-10-03 16:41 - 2014-10-03 16:42 - 00895120 _____ (Google Inc.) C:\Users\USER\Downloads\googledrivesync.exe
2014-10-03 16:34 - 2014-10-03 16:34 - 00000000 ____D () C:\Users\USER\Desktop\Office2007-HRV
2014-10-02 17:09 - 2014-10-02 17:09 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-02 17:08 - 2014-10-02 17:09 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\USER\Downloads\revosetup.exe
2014-10-02 17:04 - 2014-10-02 17:04 - 00000000 ____D () C:\Users\USER\AppData\Local\VS Revo Group
2014-10-02 17:04 - 2014-10-02 17:04 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-10-02 17:03 - 2014-10-02 17:03 - 10691640 _____ (VS Revo Group ) C:\Users\USER\Downloads\RevoUninProSetup.exe
2014-10-02 16:59 - 2014-10-02 17:02 - 98900000 _____ (VMware, Inc.) C:\Users\USER\Downloads\VMware-player-6.0.3-1895310.exe
2014-10-02 14:54 - 2014-10-02 16:50 - 3167461376 _____ () C:\Users\USER\Downloads\WindowsTechnicalPreview-x86-EN-GB.iso
2014-10-02 14:48 - 2014-09-09 18:34 - 00741488 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-10-02 14:48 - 2014-09-09 18:32 - 00105472 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-10-02 14:36 - 2014-10-02 14:40 - 110671648 _____ (Oracle Corporation) C:\Users\USER\Downloads\VirtualBox-4.3.16-95972-Win.exe
2014-10-01 21:55 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-28 11:43 - 2014-09-28 11:43 - 05022208 _____ () C:\Users\USER\Downloads\Oblak (3).ppt
2014-09-28 11:39 - 2014-09-28 11:39 - 05022208 _____ () C:\Users\USER\Downloads\Oblak (2).ppt
2014-09-28 11:26 - 2014-09-28 11:26 - 01277440 _____ () C:\Users\USER\Downloads\lektira_dobrisa_cesaric_POKAZNO.ppt
2014-09-28 11:23 - 2014-09-28 11:24 - 05022208 _____ () C:\Users\USER\Downloads\Oblak (1).ppt
2014-09-28 11:23 - 2014-09-28 11:23 - 05022208 _____ () C:\Users\USER\Downloads\Oblak.ppt
2014-09-27 11:52 - 2014-09-27 11:52 - 06221312 _____ () C:\Users\USER\Desktop\Carl von Linne.ppt
2014-09-27 11:49 - 2014-09-27 11:50 - 06221312 _____ () C:\Users\USER\Downloads\linnaeus (1).ppt
2014-09-27 11:37 - 2014-09-27 11:37 - 00038570 _____ () C:\Users\USER\Desktop\Botanički vrt PMFa carl pon line.htm
2014-09-27 11:37 - 2014-09-27 11:37 - 00000000 ____D () C:\Users\USER\Desktop\Botanički vrt PMFa carl pon line_files
2014-09-27 11:35 - 2014-09-27 11:35 - 00042973 _____ () C:\Users\USER\Desktop\NATIONAL GEOGRAPHIC HRVATSKA - Home   ARHIV   Lipanj 2007..htm
2014-09-27 11:35 - 2014-09-27 11:35 - 00000000 ____D () C:\Users\USER\Desktop\NATIONAL GEOGRAPHIC HRVATSKA - Home   ARHIV   Lipanj 2007._files
2014-09-27 11:32 - 2014-09-27 11:32 - 00023615 _____ () C:\Users\USER\Desktop\Carl Linnaeus biografija.htm
2014-09-27 11:32 - 2014-09-27 11:32 - 00000000 ____D () C:\Users\USER\Desktop\Carl Linnaeus biografija_files
2014-09-27 11:02 - 2014-09-27 11:03 - 06154752 _____ () C:\Users\USER\Downloads\linnaeus.ppt
2014-09-27 10:38 - 2014-09-27 10:38 - 13052178 _____ () C:\Users\USER\Downloads\prilozi (3).zip
2014-09-26 17:25 - 2014-09-26 17:27 - 14996726 _____ () C:\Users\USER\Downloads\prilozi (2).zip
2014-09-25 19:11 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-22 19:00 - 2014-09-23 14:38 - 00110592 ____H () C:\Users\USER\Downloads\photothumb.db
2014-09-22 18:06 - 2014-09-22 18:06 - 00000000 ____D () C:\Users\USER\AppData\Roaming\PDAppFlex
2014-09-22 18:05 - 2014-09-22 18:07 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-09-22 17:20 - 2014-09-22 17:20 - 00000000 ___RD () C:\Users\USER\Creative Cloud Files
2014-09-22 17:05 - 2014-09-22 17:05 - 00615304 _____ (Adobe Systems Incorporated) C:\Users\USER\Downloads\CreativeCloudSet-Up.exe
2014-09-20 14:26 - 2014-09-20 14:28 - 40884414 _____ () C:\Users\USER\Downloads\qb64v0980-win (1).7z
2014-09-18 15:41 - 2014-09-18 15:41 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-18 15:41 - 2014-09-18 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-18 15:39 - 2014-09-18 15:41 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-18 15:39 - 2014-09-18 15:41 - 00000000 ____D () C:\Program Files\iTunes
2014-09-18 15:39 - 2014-09-18 15:39 - 00000000 ____D () C:\Program Files\iPod
2014-09-16 15:19 - 2014-09-16 15:19 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-16 15:19 - 2014-09-16 15:19 - 00001048 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-13 20:43 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-13 20:43 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-13 20:43 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-13 20:43 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-13 20:43 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-13 20:43 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-13 20:43 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-13 20:42 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-13 20:42 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 20:42 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 20:42 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 20:42 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-13 20:42 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 20:42 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-13 20:42 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-13 20:42 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-13 20:42 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-13 20:42 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-13 20:42 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 20:42 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 20:42 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 20:42 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 20:42 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 20:42 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 20:42 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 20:42 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-13 20:42 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-13 20:42 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 20:42 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 20:42 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-13 20:41 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 20:19 - 2014-09-13 20:56 - 1073741824 _____ () C:\Users\USER\Downloads\kubuntu-14.04.1-desktop-i386.iso
2014-09-12 16:36 - 2014-09-12 16:40 - 00000000 ____D () C:\Users\USER\Desktop\Loptice
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-11 20:27 - 2013-06-06 12:59 - 01354580 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 20:26 - 2014-04-03 16:27 - 00000000 ____D () C:\Windows\CryptoGuard
2014-10-11 20:23 - 2013-06-06 19:53 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-11 20:22 - 2010-11-20 23:48 - 00172164 _____ () C:\Windows\PFRO.log
2014-10-11 20:22 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-11 20:22 - 2009-07-14 06:39 - 00063374 _____ () C:\Windows\setupact.log
2014-10-11 20:20 - 2014-04-11 19:44 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1232973798-4032959043-3512486690-1000Core.job
2014-10-11 20:13 - 2013-06-06 19:53 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-11 20:12 - 2014-04-11 19:44 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1232973798-4032959043-3512486690-1000UA.job
2014-10-11 20:12 - 2013-07-29 18:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-10 20:36 - 2009-07-14 06:34 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-10 20:36 - 2009-07-14 06:34 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-06 20:13 - 2010-11-20 23:01 - 00789874 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-05 12:07 - 2013-06-16 11:52 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-10-04 17:49 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-10-04 17:09 - 2013-08-01 10:01 - 00000059 _____ () C:\Users\USER\AppData\Local\UserProducts.xml
2014-10-04 17:09 - 2013-08-01 10:01 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
2014-10-04 10:15 - 2013-06-06 19:53 - 00000000 ____D () C:\Program Files\Google
2014-10-03 16:44 - 2013-06-06 19:53 - 00000000 ____D () C:\Users\USER\AppData\Local\Google
2014-10-02 17:29 - 2014-03-09 23:55 - 00000000 ____D () C:\Users\USER\AppData\Local\CrashDumps
2014-10-02 16:55 - 2014-06-07 11:41 - 00000000 ____D () C:\Users\USER\.VirtualBox
2014-10-02 14:51 - 2014-06-07 11:42 - 00000000 ____D () C:\Users\USER\VirtualBox VMs
2014-09-28 14:49 - 2014-03-10 17:07 - 00000000 ____D () C:\Users\USER\Desktop\Dokaz o uplati
2014-09-27 10:40 - 2014-08-20 16:32 - 00139264 ____H () C:\Users\USER\Desktop\photothumb.db
2014-09-26 16:25 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-09-25 19:38 - 2013-11-04 20:55 - 00000000 ____D () C:\Users\USER\Desktop\2013-11-04 SLIKE I VIDEO ALESSANDRO
2014-09-25 19:18 - 2013-06-06 19:56 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 15:01 - 2013-06-07 14:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 15:01 - 2013-06-07 14:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-23 16:07 - 2013-09-25 18:53 - 00000000 ____D () C:\Users\USER\Desktop\Iphone slike
2014-09-23 14:55 - 2013-11-20 17:16 - 00000000 ____D () C:\Users\USER\Desktop\Originals
2014-09-22 19:00 - 2013-10-02 12:26 - 00000000 ____D () C:\Users\USER\Desktop\2013-10-02 ALESSANDRO SLIKE 2013
2014-09-22 18:18 - 2014-08-07 15:45 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-22 18:17 - 2013-06-06 13:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-22 18:15 - 2014-08-07 15:45 - 00000000 ____D () C:\Program Files\Adobe
2014-09-22 18:13 - 2013-06-06 19:21 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Adobe
2014-09-22 18:10 - 2014-08-07 16:24 - 00000000 ____D () C:\Users\USER\AppData\Local\Adobe
2014-09-22 17:15 - 2014-08-12 10:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-21 14:30 - 2013-11-04 22:18 - 00000000 ____D () C:\Users\USER\Desktop\Iphone slike - Copy
2014-09-20 13:14 - 2014-08-07 15:45 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 15:39 - 2014-07-21 10:08 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-16 15:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-13 20:41 - 2013-08-09 08:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 20:24 - 2013-06-06 14:23 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-13 20:19 - 2014-05-06 16:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
 
Some content of TEMP:
====================
C:\Users\USER\AppData\Local\Temp\avgnt.exe
C:\Users\USER\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-06 14:08
 
==================== End Of Log ============================
 
 
 
 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:17 AM

Posted 12 October 2014 - 07:43 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

ShellIconOverlayIdentifiers: [01MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll No File
ShellIconOverlayIdentifiers: [02MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll No File
ShellIconOverlayIdentifiers: [03MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll No File
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll No File
S3 catchme; \??\C:\Users\USER\AppData\Local\Temp\catchme.sys [X]
S3 Tosrfcom; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.
===

If your problem persists please run this tool.
Let me know the nature of your problem.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============


The tool will create a log (Fixlog.txt) please post it to your reply.

#6 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:01:17 PM

Posted 12 October 2014 - 02:09 PM

Browser is really slow at opening and loading...

 

 

Loaded Profile: USER (Available profiles: USER)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
ShellIconOverlayIdentifiers: [01MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll No File
ShellIconOverlayIdentifiers: [02MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll No File
ShellIconOverlayIdentifiers: [03MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll No File
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll No File
S3 catchme; \??\C:\Users\USER\AppData\Local\Temp\catchme.sys [X]
S3 Tosrfcom; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
End
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\01MemopalBackedUp" => Key deleted successfully.
"HKCR\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\02MemopalToBackup" => Key deleted successfully.
"HKCR\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\03MemopalPartiallyBackedUp" => Key deleted successfully.
"HKCR\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}" => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll not found.
C:\Windows\system32\npDeployJava1.dll not found.
catchme => Service deleted successfully.
Tosrfcom => Service deleted successfully.
VBoxNetFlt => Service deleted successfully.
VGPU => Service deleted successfully.
 
==== End of Fixlog ====


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:17 AM

Posted 13 October 2014 - 07:14 AM

Please refer to my previous post and follow the instructions for ComboFix

Let me know which browser is giving you this problem.

#8 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:01:17 PM

Posted 13 October 2014 - 11:42 AM

Well Combofix is magic,Chrome is faster now  :thumbsup:

But another problem is that MBAM does not work.


Edited by Bleky, 13 October 2014 - 11:44 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:17 AM

Posted 13 October 2014 - 12:40 PM

Download the Malwarebytes' removal Tool from the link below and run it. This will uninstall MBAM.
http://www.malwarebytes.org/mbam-clean.exe

Restart the computer normally and re-install the application.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

#10 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:01:17 PM

Posted 13 October 2014 - 01:36 PM

 Results of screen317's Security Check version 0.99.88  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (31.0) 
 Google Chrome 37.0.2062.120  
 Google Chrome 37.0.2062.124  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 7% 
````````````````````End of Log`````````````````````` 


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:17 AM

Posted 14 October 2014 - 07:33 AM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#12 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:01:17 PM

Posted 14 October 2014 - 08:57 AM

Thank you very much!

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:17 AM

Posted 14 October 2014 - 12:47 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users