Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Coinminer Malware(?)


  • This topic is locked This topic is locked
9 replies to this topic

#1 Eddoras

Eddoras

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 03 December 2014 - 10:18 AM

Recently i'm experiencing decent performance reduction and heating problems.Scanned with many antivirus software and one of them found win32/coinminer malware , but i cant remember which one found it.After that , software deleted coinminer but of course can't solved problems.After that , i scanned my pc with various programs but was not found c.miner virus , even combofix didnt change anything.

 

And coinminer using svchost.exe probably.When i stop svchost task from task manager , my internet disconnecting and comes back after about 30 sec.Svchost's ram usage always +100k , and sometimes more than this , which i think its abnormal usage.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.71.2
Run by Hp at 17:07:03 on 2014-12-03
Microsoft Windows 7 Professional   6.1.7601.1.1254.90.1055.18.3894.2052 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Hp\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Hp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [OscarEditor] "C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" Minimum
uRun: [F.lux] "C:\Users\Hp\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Spotify Web Helper] "C:\Users\Hp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\Hp\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0F063F24-9C6C-4F7D-9F80-2ACB4CCFFAD9} : NameServer = 8.8.4.4,8.8.8.8
TCP: Interfaces\{0F063F24-9C6C-4F7D-9F80-2ACB4CCFFAD9} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0F063F24-9C6C-4F7D-9F80-2ACB4CCFFAD9}\14251425 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0F063F24-9C6C-4F7D-9F80-2ACB4CCFFAD9}\24A4B4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0F063F24-9C6C-4F7D-9F80-2ACB4CCFFAD9}\24F6C67656E696E6355637967416A75647563796 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{0F063F24-9C6C-4F7D-9F80-2ACB4CCFFAD9}\26A6B63716D696 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{0F063F24-9C6C-4F7D-9F80-2ACB4CCFFAD9}\26A6B63716D696 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0F063F24-9C6C-4F7D-9F80-2ACB4CCFFAD9}\4545E45445F54505C494E4B4F503335454 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0F063F24-9C6C-4F7D-9F80-2ACB4CCFFAD9}\85075627961602E656F60265F536364663 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{0F063F24-9C6C-4F7D-9F80-2ACB4CCFFAD9}\85075627961602E656F60265F536364663 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{26CA43F2-43B9-482E-AF8E-0D3DD3507FAF} : DHCPNameServer = 192.168.42.129
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-11-21 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-11-21 267632]
R0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2009-7-26 18784]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-10-28 73296]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-11-21 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-11-21 436624]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-8-29 283064]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-7 203776]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-11-21 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-11-21 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-11-21 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-21 50344]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-6-4 5024576]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2013-10-9 905272]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-11-2 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-8-26 158976]
R3 IntcDAud;Intel® Ekran İçin Ses;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-4-4 12262624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-11-6 2152768]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-3 1871160]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-3 968504]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-1-12 49152]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2013-4-24 14448]
S3 hptmv;hptmv;C:\Windows\System32\drivers\hptmv.sys [2009-7-26 93472]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-12-3 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-12-3 63704]
S3 MegaSR1;MegaSR1;C:\Windows\System32\drivers\MegaSR1.sys [2009-7-26 453952]
S3 Pnp680;Pnp680;C:\Windows\System32\drivers\PnP680.sys [2009-7-26 80424]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-11-2 335464]
S3 SI3112r;SI3112r;C:\Windows\System32\drivers\SI3112r.sys [2009-7-26 164656]
S3 SI3114;SI3114;C:\Windows\System32\drivers\SI3114.sys [2009-7-26 99120]
S3 SI3124;SI3124;C:\Windows\System32\drivers\SI3124.sys [2009-7-26 113456]
S3 Si3124r5;Si3124r5;C:\Windows\System32\drivers\Si3124r5.sys [2009-7-26 334640]
S3 Si3531;Si3531;C:\Windows\System32\drivers\Si3531.sys [2009-7-26 330544]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-4-24 155824]
S3 StorSvc;Depolama Hizmeti;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-26 59392]
S3 viamrx64;viamrx64;C:\Windows\System32\drivers\viamrx64.sys [2009-7-26 157336]
S3 ViBusX64;ViBusX64;C:\Windows\System32\drivers\ViBusX64.sys [2009-7-26 25240]
S3 ViPrtX64;ViPrtX64;C:\Windows\System32\drivers\ViPrtX64.sys [2009-7-26 67224]
S3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-4 1255736]
.
=============== Created Last 30 ================
.
2014-12-03 14:45:55 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2014-12-02 22:42:14 -------- d-----w- C:\AdwCleaner
2014-12-02 22:23:39 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-02 22:23:09 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-12-02 22:23:09 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-12-02 22:23:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-02 22:20:40 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-12-02 22:20:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-12-02 20:42:25 -------- d-----w- C:\FRST
2014-11-27 10:10:44 -------- d-sh--w- C:\$RECYCLE.BIN
2014-11-20 23:19:57 -------- d-----w- C:\Users\Hp\AppData\Roaming\AVAST Software
2014-11-20 23:08:44 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-20 23:08:44 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-11-20 23:08:43 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-20 23:08:42 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-20 23:08:42 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-20 23:08:41 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-20 23:08:40 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-20 23:08:36 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-20 23:05:44 -------- d-----w- C:\Program Files\AVAST Software
2014-11-20 06:49:41 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-11-20 06:49:13 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-11-20 06:49:13 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-11-20 06:49:13 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-11-20 06:49:13 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-11-15 04:06:54 98816 ----a-w- C:\Windows\sed.exe
2014-11-15 04:06:54 256000 ----a-w- C:\Windows\PEV.exe
2014-11-15 04:06:54 208896 ----a-w- C:\Windows\MBR.exe
2014-11-05 23:08:00 -------- d-----w- C:\Users\Hp\AppData\Roaming\ProductData
2014-11-05 23:06:53 -------- d-----w- C:\ProgramData\ProductData
2014-11-05 23:06:30 -------- d-----w- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-11-05 23:06:29 -------- d-----w- C:\ProgramData\IObit
2014-11-05 23:06:29 -------- d-----w- C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
2014-11-05 23:06:28 -------- d-----w- C:\Users\Hp\AppData\Roaming\IObit
2014-11-05 23:06:12 -------- d-----w- C:\Program Files (x86)\IObit
2014-11-05 19:11:18 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2014-11-26 17:02:24 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-26 17:02:24 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-04 12:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 17:08:09,29 ===============
 
 
 
 
 
Attached File  attach.txt   8.56KB   0 downloads
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 08 December 2014 - 08:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 Eddoras

Eddoras
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 08 December 2014 - 01:05 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 02
Ran by Hp (administrator) on HP-BILGISAYAR on 08-12-2014 20:02:38
Running from C:\Users\Hp\Desktop
Loaded Profile: Hp (Available profiles: Hp)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Türkçe (Türkiye)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe
(Flux Software LLC) C:\Users\Hp\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\Hp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-21] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1143727104-3539544773-1633512193-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe [2636800 2010-07-22] ()
HKU\S-1-5-21-1143727104-3539544773-1633512193-1000\...\Run: [F.lux] => C:\Users\Hp\AppData\Local\FluxSoftware\Flux\flux.exe [1013128 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-1143727104-3539544773-1633512193-1000\...\Run: [Spotify Web Helper] => C:\Users\Hp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-12] (Spotify Ltd)
HKU\S-1-5-21-1143727104-3539544773-1633512193-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
Startup: C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0F063F24-9C6C-4F7D-9F80-2ACB4CCFFAD9}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\fuifdv43.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1143727104-3539544773-1633512193-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Hp\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1143727104-3539544773-1633512193-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-21]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: No Name - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\fuifdv43.default\extensions\ascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.tr/
CHR Profile: C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Grooveshark Downloader) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglmoaliddiejknfhdgicfdlaplbojem [2014-09-03]
CHR Extension: (ZenMate) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-07-17]
CHR Extension: (AdBlock) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-18]
CHR Extension: (Google Cüzdan) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-11-29] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-12] () [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-21] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-29] (Disc Soft Ltd)
S3 hptmv; C:\Windows\system32\DRIVERS\hptmv.sys [93472 2006-09-18] (HighPoint Technologies, Inc.)
S3 iteraid; C:\Windows\system32\DRIVERS\iteraid.sys [32768 2007-05-02] (ITE Tech. Inc.)
R0 johci; C:\Windows\System32\DRIVERS\johci.sys [18784 2008-10-09] (JMicron )
S3 MegaSR1; C:\Windows\system32\DRIVERS\MegaSR1.sys [453952 2008-06-26] (LSI Corporation, Inc.)
S3 nvrd64; C:\Windows\system32\DRIVERS\nvrd64.sys [167456 2008-11-12] (NVIDIA Corporation)
S3 Pnp680; C:\Windows\system32\DRIVERS\pnp680.sys [80424 2007-11-13] (Silicon Image, Inc)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 SI3112r; C:\Windows\system32\DRIVERS\SI3112r.sys [164656 2007-02-01] (Silicon Image, Inc)
S3 SI3114; C:\Windows\system32\DRIVERS\SI3114.sys [99120 2006-11-10] (Silicon Image, Inc.)
S3 SI3114r; C:\Windows\system32\DRIVERS\SI3114R.sys [163632 2007-04-11] (Silicon Image, Inc)
S3 SI3124; C:\Windows\system32\DRIVERS\SI3124.sys [113456 2006-11-02] (Silicon Image, Inc.)
S3 Si3124r5; C:\Windows\system32\DRIVERS\Si3124r5.sys [334640 2006-09-20] (Silicon Image, Inc)
S3 SI3132; C:\Windows\system32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
S3 Si3531; C:\Windows\system32\DRIVERS\Si3531.sys [330544 2007-06-01] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
S3 viamrx64; C:\Windows\system32\DRIVERS\viamrx64.sys [157336 2008-04-21] (VIA Technologies Inc.,Ltd)
S3 ViBusX64; C:\Windows\system32\DRIVERS\ViBusX64.sys [25240 2008-04-15] (VIA Technologies, Inc.)
S3 ViPrtX64; C:\Windows\system32\DRIVERS\ViPrtX64.sys [67224 2008-04-15] (VIA Technologies, Inc.)
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-08 20:02 - 2014-12-08 20:03 - 00014502 _____ () C:\Users\Hp\Desktop\FRST.txt
2014-12-08 20:01 - 2014-12-08 20:02 - 02119680 _____ (Farbar) C:\Users\Hp\Desktop\FRST64.exe
2014-12-06 21:22 - 2014-12-06 21:22 - 00025975 _____ () C:\Users\Hp\Downloads\465247-Sinister-2012-1CD-23.976fps-TR-25kB-TurkceAltyazi-org.rar
2014-12-06 20:43 - 2014-12-06 20:43 - 00017960 _____ () C:\Users\Hp\Downloads\[kickass.so]sinister.2012.720p.brrip.x264.yify.torrent
2014-12-03 16:45 - 2014-12-04 19:43 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-12-03 16:44 - 2014-12-03 16:44 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Hp\Downloads\cbSetup.exe
2014-12-03 16:44 - 2014-12-03 16:44 - 00688992 ____R (Swearware) C:\Users\Hp\Downloads\dds.com
2014-12-03 01:21 - 2014-12-03 19:46 - 00000000 ____D () C:\Users\Hp\Desktop\Coinmnr mbytes
2014-12-03 00:42 - 2014-12-03 17:27 - 00000000 ____D () C:\AdwCleaner
2014-12-03 00:41 - 2014-12-03 00:41 - 02154496 _____ () C:\Users\Hp\Desktop\AdwCleaner.exe
2014-12-03 00:23 - 2014-12-08 10:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-03 00:23 - 2014-12-05 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-03 00:23 - 2014-12-05 12:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-03 00:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-03 00:23 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-03 00:20 - 2014-12-05 12:12 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-03 00:20 - 2014-12-03 00:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-12-03 00:20 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-02 22:42 - 2014-12-08 20:02 - 00000000 ____D () C:\FRST
2014-11-29 20:39 - 2014-11-29 20:39 - 00014315 _____ () C:\Users\Hp\Downloads\_ComboWatch-1.20100813.zip
2014-11-28 23:38 - 2014-12-08 12:57 - 00000863 _____ () C:\Users\Hp\Desktop\WOW.txt
2014-11-27 12:15 - 2014-11-27 12:15 - 00022297 _____ () C:\ComboFix.txt
2014-11-25 18:02 - 2014-11-25 18:02 - 00710206 _____ () C:\Users\Hp\Downloads\XPerl-r407.zip
2014-11-24 20:59 - 2014-11-24 20:59 - 03246812 _____ () C:\Users\Hp\Downloads\AuctioneerSuite-5.8.4723.zip
2014-11-24 20:31 - 2014-11-24 20:31 - 00323823 _____ () C:\Users\Hp\Downloads\Quartz-3.0.3.1.zip
2014-11-24 19:24 - 2014-11-24 19:24 - 00246754 _____ () C:\Users\Hp\Downloads\Bartender4-4.4.2.zip
2014-11-24 19:09 - 2014-11-24 19:09 - 00070013 _____ () C:\Users\Hp\Downloads\Critline_3.0.2.zip
2014-11-24 19:09 - 2014-11-24 19:09 - 00001289 _____ () C:\Users\Hp\Desktop\AddOns - Kısayol.lnk
2014-11-24 19:08 - 2014-11-24 19:09 - 00357076 _____ () C:\Users\Hp\Downloads\Recount-v4.0.1_release.zip
2014-11-24 19:07 - 2014-11-24 19:07 - 00170279 _____ () C:\Users\Hp\Downloads\OneBag3-v3.3.11.zip
2014-11-24 16:57 - 2014-11-24 16:57 - 00287760 _____ () C:\Users\Hp\Downloads\InspectEquip-1.7.7.zip
2014-11-24 16:50 - 2014-11-24 16:50 - 00572295 _____ () C:\Users\Hp\Downloads\MikScrollingBattleText-5.4.78.zip
2014-11-21 01:19 - 2014-11-21 01:19 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\AVAST Software
2014-11-21 01:09 - 2014-11-22 09:03 - 00002008 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-21 01:09 - 2014-11-21 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-21 01:08 - 2014-12-07 11:17 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-21 01:08 - 2014-11-22 13:09 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-21 01:08 - 2014-11-21 01:08 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-21 01:08 - 2014-11-21 01:08 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-21 01:08 - 2014-11-21 01:08 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-21 01:08 - 2014-11-21 01:08 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-21 01:08 - 2014-11-21 01:08 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-21 01:08 - 2014-11-21 01:08 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-21 01:08 - 2014-11-21 01:08 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-21 01:08 - 2014-11-21 01:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-21 01:08 - 2014-11-21 01:08 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-21 01:05 - 2014-11-21 01:05 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-20 08:49 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-20 08:49 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-20 08:49 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-20 08:49 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-20 08:49 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-20 08:49 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-20 08:49 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-20 08:49 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-20 08:48 - 2014-11-21 01:05 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-11-20 08:46 - 2014-11-20 08:47 - 14107808 _____ (Microsoft Corporation) C:\Users\Hp\Downloads\mseinstall.exe
2014-11-20 07:51 - 2014-11-20 07:51 - 00576299 _____ () C:\Users\Hp\Downloads\Skada-1.4-21.zip
2014-11-20 07:47 - 2014-11-20 07:47 - 00211946 _____ () C:\Users\Hp\Downloads\TinyDPS-6.0.2.2.zip
2014-11-20 07:19 - 2014-11-20 07:19 - 00007592 _____ () C:\Users\Hp\Downloads\EasyDestroy-v201210250036.zip
2014-11-18 08:04 - 2014-11-18 08:04 - 01227942 _____ () C:\Users\Hp\Downloads\Materials Course Writing Skills I 18.11.2014.zip
2014-11-16 22:17 - 2014-11-16 22:17 - 00177136 _____ () C:\Users\Hp\Downloads\GearScore3.1.20.zip
2014-11-16 22:10 - 2014-11-16 22:10 - 00177324 _____ () C:\Users\Hp\Downloads\GearScore3.1.20b.zip
2014-11-16 02:45 - 2014-11-16 02:45 - 02503365 _____ (http://www.didsoft.com ) C:\Users\Hp\Downloads\EPS_setup.exe
2014-11-15 06:06 - 2014-11-27 12:15 - 00000000 ____D () C:\Qoobox
2014-11-15 06:06 - 2014-11-27 12:08 - 00000000 ____D () C:\Windows\erdnt
2014-11-15 06:06 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-15 06:06 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-15 06:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-15 06:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-15 06:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-15 06:06 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-15 06:06 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-15 06:06 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-15 05:38 - 2014-11-27 12:00 - 05599228 ____R (Swearware) C:\Users\Hp\Documents\ComboFix.exe
2014-11-14 14:13 - 2014-11-14 14:13 - 00002994 _____ () C:\Windows\System32\Tasks\{0C3C3B0F-A7D8-465D-BDCF-3AD4C57A8930}
2014-11-14 11:39 - 2014-11-14 11:39 - 00110542 _____ () C:\Users\Hp\Downloads\WEEK 6 (Plus-Medieval Literature).pptx
2014-11-14 11:39 - 2014-11-14 11:39 - 00060704 _____ () C:\Users\Hp\Downloads\LITERARY TERMS WEEK 6 -.pptx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-08 20:02 - 2012-11-02 10:40 - 00000814 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-08 19:59 - 2014-10-07 20:19 - 00000000 ____D () C:\Users\Hp\AppData\Local\Battle.net
2014-12-08 19:49 - 2014-01-18 00:02 - 00001020 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-08 19:24 - 2012-11-01 20:33 - 01210809 _____ () C:\Windows\WindowsUpdate.log
2014-12-08 19:07 - 2014-01-05 13:02 - 00000916 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1143727104-3539544773-1633512193-1000UA.job
2014-12-08 18:49 - 2014-01-18 00:02 - 00001016 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-08 13:07 - 2014-01-05 13:02 - 00000894 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1143727104-3539544773-1633512193-1000Core.job
2014-12-08 09:58 - 2014-03-31 00:47 - 00026712 _____ () C:\Windows\setupact.log
2014-12-08 09:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-07 11:51 - 2014-10-28 14:36 - 00000000 ____D () C:\ProgramData\VMware
2014-12-07 11:50 - 2014-10-28 14:38 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\VMware
2014-12-07 11:50 - 2009-07-27 13:35 - 00670090 _____ () C:\Windows\system32\perfh01F.dat
2014-12-07 11:50 - 2009-07-27 13:35 - 00144506 _____ () C:\Windows\system32\perfc01F.dat
2014-12-07 00:51 - 2012-11-19 20:49 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\Skype
2014-12-06 21:24 - 2012-11-03 11:29 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\uTorrent
2014-12-06 20:43 - 2013-01-29 14:16 - 00000000 ____D () C:\Users\Hp\Documents\BitenTorrentler
2014-12-06 18:13 - 2014-10-13 23:40 - 00000000 ____D () C:\Users\Hp\Desktop\Hstone SS
2014-12-06 16:46 - 2009-07-14 07:13 - 01614678 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-03 00:46 - 2012-11-02 10:48 - 01474368 _____ () C:\Windows\PFRO.log
2014-12-03 00:23 - 2014-03-31 19:22 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\Malwarebytes
2014-12-02 09:56 - 2014-11-06 01:06 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-01 22:40 - 2014-01-05 00:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-01 01:37 - 2014-04-05 12:06 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\Spotify
2014-11-29 20:17 - 2013-06-20 09:42 - 00000000 ____D () C:\Users\Hp\Documents\ABİ SİLMEE
2014-11-27 12:10 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-26 23:51 - 2014-01-18 00:04 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 22:59 - 2014-09-28 13:58 - 00000000 ____D () C:\Users\Hp\Desktop\IDE
2014-11-26 19:02 - 2012-11-02 10:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 19:02 - 2012-11-02 10:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 19:02 - 2012-11-02 10:40 - 00003752 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 17:17 - 2014-04-05 12:07 - 00000000 ____D () C:\Users\Hp\AppData\Local\Spotify
2014-11-24 19:09 - 2012-11-03 14:19 - 00000000 ___RD () C:\Users\Hp\Desktop\Oyunlar
2014-11-22 11:58 - 2014-07-25 09:37 - 00005428 _____ () C:\Users\Hp\Desktop\Yeni Metin Belgesi.txt
2014-11-21 04:09 - 2012-11-02 10:36 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\asd
2014-11-21 01:05 - 2014-03-31 17:51 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-20 22:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-11-20 09:21 - 2014-05-14 23:22 - 00000000 ____D () C:\ProgramData\EPS
2014-11-20 09:20 - 2013-12-29 22:22 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\.minecraft
2014-11-20 09:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-11-20 09:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-11-20 09:13 - 2009-07-14 06:45 - 00009936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 09:13 - 2009-07-14 06:45 - 00009936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-15 18:44 - 2014-01-18 00:02 - 00004016 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 18:44 - 2014-01-18 00:02 - 00003764 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 06:16 - 2013-08-10 17:03 - 00000000 ____D () C:\Users\Administrator
2014-11-15 06:05 - 2013-08-26 14:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-15 06:05 - 2013-08-26 14:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-15 06:01 - 2013-05-24 23:32 - 00000000 ____D () C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Virus Remover
2014-11-15 05:59 - 2014-10-28 14:38 - 00000000 ____D () C:\Users\Hp\AppData\Local\VMware
2014-11-15 05:59 - 2013-08-26 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-15 03:26 - 2009-07-14 07:08 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-14 13:50 - 2014-11-02 15:59 - 00001281 _____ () C:\Users\Hp\Desktop\WoW.lnk
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-05 13:50
 
==================== End Of Log ============================
 
 
 
Attached File  Addition.txt   27.21KB   1 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 08 December 2014 - 02:36 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-1143727104-3539544773-1633512193-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: No Name - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\fuifdv43.default\extensions\ascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR Extension: (Google Cüzdan) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Restore you Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

How is the computer running now?

#5 Eddoras

Eddoras
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 08 December 2014 - 03:51 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 02
Ran by Hp at 2014-12-08 22:15:01 Run:2
Running from C:\Users\Hp\Desktop
Loaded Profile: Hp (Available profiles: Hp)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-1143727104-3539544773-1633512193-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: No Name - C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\fuifdv43.default\extensions\ascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR Extension: (Google Cüzdan) - C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
End
*****************
 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
"HKU\S-1-5-21-1143727104-3539544773-1633512193-1000\Software\MozillaPlugins\ubisoft.com/uplaypc" => Key deleted successfully.
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll not found.
C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\fuifdv43.default\extensions\ascsurfingprotection@iobit.com not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
vmci => Service deleted successfully.
VMnetAdapter => Service deleted successfully.
 
==== End of Fixlog ====
 
And if i encounter anything makes system unstable , i need to use Last good configuration thing ?


#6 Eddoras

Eddoras
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 08 December 2014 - 04:12 PM

Looks like performance reduction and overheating problem solved , it still heating bit but i think its normal heating for Hp notebook. :rolleyes:  I need to test for few days is it same or not.

 

Thanks a lot.Appreciated for help.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 09 December 2014 - 08:45 AM

And if i encounter anything makes system unstable , i need to use Last good configuration thing ?


Yes.

===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#8 Eddoras

Eddoras
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 09 December 2014 - 11:42 AM

 Results of screen317's Security Check version 0.99.91  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71  
 Adobe Flash Player 15.0.0.239  
 Adobe Reader 8 Adobe Reader out of Date!
 Google Chrome (39.0.2171.65) 
 Google Chrome (39.0.2171.71) 
````````Process Check: objlist.exe by Laurent````````
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 09 December 2014 - 02:16 PM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 15 December 2014 - 09:14 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users