Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown malware


  • This topic is locked This topic is locked
18 replies to this topic

#1 alessandrocancian

alessandrocancian

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 14 January 2015 - 11:30 AM

Hello, I havesome malware that affects my pc performance but I cannot get rid of it

 

Here is the DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16599  BrowserJavaVersion: 10.45.2
Run by User at 16:17:03 on 2015-01-14
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3004.533 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Realtek\USB Wireless LAN Utility\RtlService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\runSW.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\Program Files\Tor\tor.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files\NETGEAR\WNA3100M\WifiSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\USB Wireless LAN Utility\RtWlan.exe
C:\Windows\SwUSB.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\NETGEAR\WNA3100M\WNA3100M.exe
C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\users\user\desktop\tor browser\Browser\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: {609D670F-B735-4da7-AC6D-F3BD358E325E} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\18.1.9.799\AVG Secure Search_toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\18.1.9.799\AVG Secure Search_toolbar.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Facebook Update] "c:\users\user\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [eMuleAutoStart] c:\program files\emule\emule.exe -AutoStart
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Smart File Advisor] "c:\program files\smart file advisor\sfa.exe" /checkassoc
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1025-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~2.lnk - c:\program files\netgear\wna3100m\WNA3100M.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3200\WNDA3200WPSMgr.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Scarica con Mipony - c:\program files\mipony\browser\IEContext.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {619D670F-B735-4da7-AC6D-F3BD358E325E} - {609D670F-B735-4da7-AC6D-F3BD358E325E} - <orphaned>
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{066AC905-CCAE-4082-93CC-59C15BC50323} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3463FFD7-B3D1-4D70-9A01-4805FFFEE5EC} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4CCF38AF-6A50-46D9-9C0A-FA8F48089F51} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5C933A76-57B7-4691-9E1D-D8CA1EABB0B4} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7EC0CC4A-3D12-4FBA-B8AD-3E70FE284266} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F77297C4-D09C-4A25-931F-A5B3E833B30E} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.1.9\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-11-18 154904]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-10-5 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-12-8 208152]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-28 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-10-10 200984]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-29 42784]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2013-9-7 1439744]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2011-6-4 117584]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-12-10 19:01:13 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-10 19:01:12 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-08 21:25:06 208152 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-12-03 02:06:01 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-24 20:44:32 367104 ----a-w- c:\windows\system32\html.iec
2014-11-24 20:40:49 1810944 ----a-w- c:\windows\system32\jscript9.dll
2014-11-24 20:35:25 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-11-24 20:34:40 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-24 20:33:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-24 20:33:47 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-11-24 20:32:47 11776 ----a-w- c:\windows\system32\mshta.exe
2014-11-24 20:32:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-18 21:41:58 154904 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-11-18 14:56:48 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-11-07 01:33:21 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-04 00:19:33 2048 ----a-w- c:\windows\system32\tzres.dll
2014-10-24 01:04:29 67072 ----a-w- c:\windows\system32\packager.dll
2014-10-24 01:03:40 499200 ----a-w- c:\windows\system32\kerberos.dll
2014-10-18 01:08:10 564224 ----a-w- c:\windows\system32\oleaut32.dll
.
============= FINISH: 16.26.06,80 ===============
 
Regards

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:27 PM

Posted 14 January 2015 - 03:14 PM

Hey, :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:27 PM

Posted 18 January 2015 - 09:25 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:27 PM

Posted 25 January 2015 - 06:58 PM

User returned.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 alessandrocancian

alessandrocancian
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 26 January 2015 - 04:17 PM

Thank you.

 

I ran FRST but I only get this one log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by User (administrator) on USER-PC on 26-01-2015 21:15:10
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Realtek) C:\Program Files\Realtek\USB Wireless LAN Utility\RtlService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\runSW.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\Tor\tor.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe
() C:\Program Files\NETGEAR\WNA3100M\WifiSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(http://www.emule-project.net) C:\Program Files\eMule\emule.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files\NETGEAR\WNA3100M\WNA3100M.exe
(NETGEAR) C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Realtek) C:\Windows\SwUSB.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\USB Wireless LAN Utility\RtWLan.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\User\Downloads\FRST (3).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-08-25] ()
HKLM\...\Run: [Smart File Advisor] => C:\Program Files\Smart File Advisor\sfa.exe [280824 2011-04-04] (Filefacts.net)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Run: [Facebook Update] => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-16] (Facebook Inc.)
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-07] (Google Inc.)
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Run: [eMuleAutoStart] => C:\Program Files\eMule\emule.exe [5758976 2010-04-07] (http://www.emule-project.net)
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {0405fdbf-b0b5-11e1-a1d8-0024541a0135} - D:\Autorun.exe
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {0a23952b-a64e-11e2-b93f-0024541a0135} - D:\AutoRun.exe
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {0a23953e-a64e-11e2-b93f-0024541a0135} - D:\AutoRun.exe
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {127fb140-a524-11e2-a4f7-0024541a0135} - D:\AutoRun.exe
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {efe727f5-30a6-11e2-89ec-0024541a0135} - E:\Startme.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1025-0000-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100M Genie.lnk
ShortcutTarget: NETGEAR WNA3100M Genie.lnk -> C:\Program Files\NETGEAR\WNA3100M\WNA3100M.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3200 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNDA3200 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe (NETGEAR)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=112843&tt=3612_8&babsrc=HP_ss&mntrId=4e84e9ca0000000000000026b67c089d
SearchScopes: HKU\S-1-5-21-2387696044-1817770176-3943162159-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2387696044-1817770176-3943162159-1000 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-2387696044-1817770176-3943162159-1000 -> C0B65BA5B7ED488C9121239F2C04F753 URL = http://isearch.avg.com/search?cid={7AB366E7-EC9F-4E0B-9BAA-CB592B50C271}&mid=92572c06e6a647d094ced16d12fee8c6-ea852a314a184d7311b053e749ea7c83dfc59b66&lang=en&ds=AVG&pr=fr&d=2012-10-29 07:33:34&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2387696044-1817770176-3943162159-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2387696044-1817770176-3943162159-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112843&tt=3612_8&babsrc=SP_ss&mntrId=4e84e9ca0000000000000026b67c089d
SearchScopes: HKU\S-1-5-21-2387696044-1817770176-3943162159-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO: No Name -> {609D670F-B735-4da7-AC6D-F3BD358E325E} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-06-07]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03]
CHR Extension: (McAfee Security Scan+) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-22]
CHR Extension: (Chromebleed) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-04-09]
CHR Extension: (MSN Homepage) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2014-10-19]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-31]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [bodddioamolcibagionmmobehnbhiakf] - C:\Program Files\BrowserCompanion\blabbers-ch.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [Not Found]
CHR HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - No Path
StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-06-07] (Macrovision Europe Ltd.) [File not signed]
S3 jswpsapi; C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe [954368 2009-11-05] (Atheros Communications, Inc.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 RealtekWlanU; C:\Program Files\Realtek\USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S2 RTLDHCPService; C:\Program Files\Realtek\USB Wireless LAN Utility\RTLDHCP.exe [261848 2013-11-12] (Realtek)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 tor; C:\Program Files\Tor\tor.exe [2897422 2012-06-09] () [File not signed] <==== ATTENTION
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-13] (AVG Secure Search)
R2 WDCS_WNDA3200; C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [167936 2010-06-23] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 WSWNA3100M; C:\Program Files\NETGEAR\WNA3100M\WifiSvc.exe [307456 2012-02-24] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1439744 2010-10-11] (Atheros Communications, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-13] (AVG Technologies)
S3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-11] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [25088 2012-10-11] (ManyCam LLC)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [693760 2011-06-01] (Realtek Semiconductor Corporation                           )
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2474200 2014-01-13] (Realtek Semiconductor Corporation                           )
S3 WNA3100M; C:\Windows\System32\DRIVERS\WNA3100M.sys [911464 2011-12-30] (NETGEAR Corporation                           )
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 21:14 - 2015-01-26 21:14 - 02129920 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-01-26 21:14 - 2015-01-26 21:14 - 01120768 _____ (Farbar) C:\Users\User\Downloads\FRST (3).exe
2015-01-26 16:44 - 2015-01-26 16:44 - 01120768 _____ (Farbar) C:\Users\User\Downloads\FRST (2).exe
2015-01-25 21:50 - 2015-01-25 21:51 - 00032120 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-25 21:49 - 2015-01-26 21:15 - 00022560 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-25 21:47 - 2015-01-26 21:15 - 00000000 ____D () C:\FRST
2015-01-25 21:47 - 2015-01-25 21:47 - 01120768 _____ (Farbar) C:\Users\User\Downloads\FRST (1).exe
2015-01-25 21:39 - 2015-01-25 21:39 - 01120768 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-01-19 19:45 - 2015-01-19 19:45 - 00727678 _____ () C:\Users\User\Downloads\IMG_1228.mp4
2015-01-17 11:14 - 2014-12-19 00:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-17 10:51 - 2014-12-06 03:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-17 10:51 - 2014-12-06 03:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-17 10:51 - 2014-12-06 03:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-17 10:48 - 2014-12-06 03:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 19:01 - 2015-01-16 19:02 - 31744112 _____ (Trion Worlds Inc.) C:\Users\User\Downloads\GlyphInstall-0-131 (1).exe
2015-01-16 19:00 - 2015-01-16 19:02 - 31744112 _____ (Trion Worlds Inc.) C:\Users\User\Downloads\GlyphInstall-0-131.exe
2015-01-14 19:04 - 2015-01-14 19:04 - 00072904 _____ () C:\Users\User\Downloads\Presentation2.pptx
2015-01-14 16:26 - 2015-01-14 16:26 - 00014165 _____ () C:\Users\User\Desktop\dds.txt
2015-01-14 16:26 - 2015-01-14 16:26 - 00007384 _____ () C:\Users\User\Desktop\attach.txt
2015-01-13 23:17 - 2015-01-13 23:17 - 00000000 ____D () C:\Windows\erdnt
2015-01-13 23:16 - 2015-01-13 23:27 - 00000000 ___SD () C:\32788R22FWJFW
2015-01-13 23:15 - 2015-01-13 23:17 - 05609736 _____ (Swearware) C:\Users\User\Downloads\ComboFix (1).exe
2015-01-13 23:13 - 2015-01-13 23:13 - 05609736 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
2015-01-13 23:12 - 2015-01-13 23:12 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.com
2015-01-11 20:27 - 2015-01-11 20:28 - 00065536 _____ () C:\Users\User\Downloads\FLVPlayer-Chrome (6).exe
2015-01-04 22:09 - 2015-01-04 22:09 - 00066528 _____ () C:\Users\User\Downloads\FLVPlayer-Chrome (5).exe
2015-01-04 22:08 - 2015-01-04 22:08 - 00066528 _____ () C:\Users\User\Downloads\FLVPlayer-Chrome (4).exe
2015-01-02 08:14 - 2015-01-02 08:14 - 00298724 _____ () C:\Users\User\Downloads\BoardingPassDisplay - Ryanair.com.html
2015-01-02 08:09 - 2015-01-02 08:09 - 00298724 _____ () C:\Users\User\Desktop\BoardingPassDisplay - Ryanair.com.html
2015-01-02 08:09 - 2015-01-02 08:09 - 00000000 ____D () C:\Users\User\Desktop\BoardingPassDisplay - Ryanair.com_files
2014-12-28 21:01 - 2014-12-28 21:01 - 00076248 _____ () C:\Users\User\Downloads\FLVPlayer-Chrome (3).exe
2014-12-27 22:36 - 2014-12-27 22:36 - 00076224 _____ () C:\Users\User\Downloads\FLVPlayer-Chrome (2).exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 21:01 - 2012-08-13 19:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-26 20:59 - 2014-11-13 20:12 - 00356933 _____ () C:\Windows\runSW.log
2015-01-26 20:59 - 2006-11-02 12:47 - 00004928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 20:59 - 2006-11-02 12:47 - 00004928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 20:56 - 2012-06-07 16:06 - 00000000 ___RD () C:\Users\User\Dropbox
2015-01-26 20:55 - 2012-06-07 15:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-01-26 20:03 - 2009-04-11 12:37 - 01966176 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 18:39 - 2013-07-16 17:32 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387696044-1817770176-3943162159-1000UA.job
2015-01-26 18:37 - 2013-07-16 17:32 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387696044-1817770176-3943162159-1000Core.job
2015-01-26 18:21 - 2012-06-07 15:48 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2387696044-1817770176-3943162159-1000Core.job
2015-01-26 17:31 - 2012-06-07 16:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-01-26 16:59 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 16:57 - 2006-11-02 13:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-26 16:18 - 2012-06-07 12:15 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-24 23:01 - 2012-08-13 19:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-24 23:01 - 2012-08-13 19:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-24 19:28 - 2012-06-07 15:49 - 00002035 _____ () C:\Users\User\Desktop\Google Chrome.lnk
2015-01-19 19:48 - 2012-06-07 23:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-01-17 11:14 - 2013-08-15 06:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-17 10:53 - 2006-11-02 10:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-12 17:50 - 2013-01-12 12:40 - 00000000 ____D () C:\Users\User\Desktop\Tor Browser
2015-01-12 16:12 - 2014-10-16 23:22 - 00000802 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-12 16:12 - 2014-04-01 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-10 16:17 - 2012-06-07 16:41 - 00000000 ____D () C:\ProgramData\FLEXnet
 
==================== Files in the root of some directories =======
 
2012-06-07 09:19 - 2014-11-09 10:32 - 0007728 _____ () C:\Users\User\AppData\Local\d3d9caps.dat
2012-11-03 09:40 - 2014-11-29 22:17 - 0104960 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-24 10:13 - 2012-06-24 10:13 - 0033758 _____ () C:\Users\User\AppData\Local\dt.dat
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1bvjzy.dll
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-26 17:10
 
==================== End Of Log ============================


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:27 PM

Posted 26 January 2015 - 04:30 PM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 alessandrocancian

alessandrocancian
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 27 January 2015 - 06:36 PM

Thanks Machiavelli :)

 

Here the logs of the scans:

 

AdwCleaner:

 

 # AdwCleaner v4.109 - Report created 26/01/2015 at 23:56:23

# Updated 24/01/2015 by Xplode

# Database : 2015-01-25.1 [Live]

# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)

# Username : User - USER-PC

# Running from : C:\Users\User\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

Service Deleted : vToolbarUpdater18.1.9

Service Deleted : Skype C2C Service

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Browser Manager

Folder Deleted : C:\Program Files\1ClickDownload

Folder Deleted : C:\Program Files\AVG Secure Search

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

Folder Deleted : C:\Users\User\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\User\AppData\LocalLow\AVG Secure Search

Folder Deleted : C:\Users\User\AppData\LocalLow\bbrs_002.tb

Folder Deleted : C:\Users\User\AppData\Roaming\Babylon

Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh

File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage

File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.windfinder.com_0.localstorage

File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.windfinder.com_0.localstorage-journal

File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage

File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal

File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\C0B65BA5B7ED488C9121239F2C04F753

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\Blabbers

Key Deleted : HKCU\Software\BrowserCompanion

Key Deleted : HKCU\Software\DataMngr

[#] Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\BrowserCompanion

Key Deleted : HKLM\SOFTWARE\BrowserMngr

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\DataMngr

Key Deleted : HKLM\SOFTWARE\PIP

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16599

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

 

-\\ Google Chrome v

 

 

*************************

 

AdwCleaner[R0].txt - [8907 octets] - [26/01/2015 23:45:06]

AdwCleaner[S0].txt - [8830 octets] - [26/01/2015 23:56:23]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8890 octets] ##########

 

Malware Bites:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 27/01/2015 0.11.04, SYSTEM, USER-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.1.14.1, 
Update, 27/01/2015 0.11.04, SYSTEM, USER-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 27/01/2015 0.11.10, SYSTEM, USER-PC, Manual, Malware Database, 2014.11.20.6, 2015.1.26.8, 
Protection, 27/01/2015 0.11.13, SYSTEM, USER-PC, Protection, Malware Protection, Starting, 
Protection, 27/01/2015 0.11.13, SYSTEM, USER-PC, Protection, Malware Protection, Started, 
Protection, 27/01/2015 0.11.16, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 27/01/2015 0.11.16, SYSTEM, USER-PC, Protection, Refresh, Starting, 
Protection, 27/01/2015 0.11.17, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Protection, 27/01/2015 0.11.17, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 27/01/2015 0.11.18, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 27/01/2015 0.11.36, SYSTEM, USER-PC, Protection, Refresh, Success, 
Protection, 27/01/2015 0.11.36, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 27/01/2015 0.11.36, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Update, 27/01/2015 1.28.13, SYSTEM, USER-PC, Scheduler, Malware Database, 2015.1.26.8, 2015.1.27.1, 
Protection, 27/01/2015 1.28.15, SYSTEM, USER-PC, Protection, Refresh, Starting, 
Protection, 27/01/2015 1.28.15, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 27/01/2015 1.28.17, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 27/01/2015 1.31.55, SYSTEM, USER-PC, Protection, Refresh, Success, 
Protection, 27/01/2015 1.31.56, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 27/01/2015 1.32.27, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Update, 27/01/2015 3.34.45, SYSTEM, USER-PC, Scheduler, Malware Database, 2015.1.27.1, 2015.1.27.2, 
Protection, 27/01/2015 3.34.47, SYSTEM, USER-PC, Protection, Refresh, Starting, 
Protection, 27/01/2015 3.34.47, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 27/01/2015 3.34.48, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 27/01/2015 3.36.08, SYSTEM, USER-PC, Protection, Refresh, Success, 
Update, 27/01/2015 7.16.07, SYSTEM, USER-PC, Scheduler, Malware Database, 2015.1.27.2, 2015.1.27.3, 
Protection, 27/01/2015 7.16.08, SYSTEM, USER-PC, Protection, Refresh, Starting, 
Protection, 27/01/2015 7.16.21, SYSTEM, USER-PC, Protection, Refresh, Success, 
Protection, 27/01/2015 7.27.06, SYSTEM, USER-PC, Protection, Malware Protection, Starting, 
Protection, 27/01/2015 7.27.06, SYSTEM, USER-PC, Protection, Malware Protection, Started, 
Protection, 27/01/2015 7.27.06, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 27/01/2015 7.29.19, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Update, 27/01/2015 8.31.29, SYSTEM, USER-PC, Scheduler, Malware Database, 2015.1.27.3, 2015.1.27.5, 
Protection, 27/01/2015 8.31.29, SYSTEM, USER-PC, Protection, Refresh, Starting, 
Protection, 27/01/2015 8.31.29, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 27/01/2015 8.31.30, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 27/01/2015 8.32.20, SYSTEM, USER-PC, Protection, Refresh, Success, 
Protection, 27/01/2015 8.32.20, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 27/01/2015 8.32.20, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Update, 27/01/2015 12.31.54, SYSTEM, USER-PC, Scheduler, Malware Database, 2015.1.27.5, 2015.1.27.6, 
Protection, 27/01/2015 12.31.55, SYSTEM, USER-PC, Protection, Refresh, Starting, 
Protection, 27/01/2015 12.31.55, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 27/01/2015 12.31.56, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 27/01/2015 12.32.57, SYSTEM, USER-PC, Protection, Refresh, Success, 
Protection, 27/01/2015 12.32.57, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 27/01/2015 12.32.59, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Update, 27/01/2015 13.19.44, SYSTEM, USER-PC, Scheduler, Failed, Unable to access update server, 
Detection, 27/01/2015 13.53.00, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 89.248.168.124, www.zenex.tv, 0, Outbound, 
Detection, 27/01/2015 14.00.25, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 89.248.168.124, www.zenex.tv, 0, Outbound, 
Detection, 27/01/2015 14.16.40, SYSTEM, USER-PC, Protection, Malicious Website Protection, IP, 89.248.168.124, www.zenex.tv, 0, Outbound, 
Protection, 27/01/2015 16.31.36, SYSTEM, USER-PC, Protection, Malware Protection, Starting, 
Protection, 27/01/2015 16.31.37, SYSTEM, USER-PC, Protection, Malware Protection, Started, 
Protection, 27/01/2015 16.31.37, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 27/01/2015 16.33.43, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Update, 27/01/2015 17.30.52, SYSTEM, USER-PC, Scheduler, Failed, Unable to access update server, 
Update, 27/01/2015 18.44.20, SYSTEM, USER-PC, Scheduler, Malware Database, 2015.1.27.6, 2015.1.27.8, 
Protection, 27/01/2015 18.44.20, SYSTEM, USER-PC, Protection, Refresh, Starting, 
Protection, 27/01/2015 18.44.20, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 27/01/2015 18.44.21, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 27/01/2015 18.45.14, SYSTEM, USER-PC, Protection, Refresh, Success, 
Protection, 27/01/2015 18.45.15, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 27/01/2015 18.45.17, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Update, 27/01/2015 19.35.32, SYSTEM, USER-PC, Scheduler, Malware Database, 2015.1.27.8, 2015.1.27.9, 
Protection, 27/01/2015 19.35.32, SYSTEM, USER-PC, Protection, Refresh, Starting, 
Protection, 27/01/2015 19.35.32, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 27/01/2015 19.35.35, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 27/01/2015 19.37.47, SYSTEM, USER-PC, Protection, Refresh, Success, 
Protection, 27/01/2015 19.37.47, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 27/01/2015 19.37.50, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Update, 27/01/2015 21.32.56, SYSTEM, USER-PC, Scheduler, Malware Database, 2015.1.27.9, 2015.1.27.10, 
Protection, 27/01/2015 21.32.57, SYSTEM, USER-PC, Protection, Refresh, Starting, 
Protection, 27/01/2015 21.32.57, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 27/01/2015 21.33.00, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 27/01/2015 21.36.09, SYSTEM, USER-PC, Protection, Refresh, Success, 
Protection, 27/01/2015 21.36.10, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 27/01/2015 21.36.51, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Protection, 27/01/2015 22.31.47, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 27/01/2015 22.31.48, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 27/01/2015 22.31.48, SYSTEM, USER-PC, Protection, Malware Protection, Stopping, 
Protection, 27/01/2015 22.31.50, SYSTEM, USER-PC, Protection, Malware Protection, Stopped, 
Update, 27/01/2015 22.33.01, SYSTEM, USER-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.1.14.1, 
Update, 27/01/2015 22.33.01, SYSTEM, USER-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 27/01/2015 22.33.07, SYSTEM, USER-PC, Manual, Malware Database, 2014.11.20.6, 2015.1.27.10, 
Protection, 27/01/2015 22.33.18, SYSTEM, USER-PC, Protection, Malware Protection, Starting, 
Protection, 27/01/2015 22.33.18, SYSTEM, USER-PC, Protection, Malware Protection, Started, 
Protection, 27/01/2015 22.33.19, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 27/01/2015 22.33.19, SYSTEM, USER-PC, Protection, Refresh, Starting, 
Protection, 27/01/2015 22.33.20, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Protection, 27/01/2015 22.33.20, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 27/01/2015 22.33.20, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 27/01/2015 22.33.35, SYSTEM, USER-PC, Protection, Refresh, Success, 
Protection, 27/01/2015 22.33.35, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 27/01/2015 22.33.36, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Scan, 27/01/2015 22.36.00, SYSTEM, USER-PC, Manual, Start:27/01/2015 22.33.44, Duration:2 min 15 sec, Threat Scan, Cancelled, 0 Malware Detections, 0 Non-Malware Detections, 
 
(end)
 
JRT:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by User on 27/01/2015 at 22.36.53,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{609D670F-B735-4da7-AC6D-F3BD358E325E}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{609D670F-B735-4da7-AC6D-F3BD358E325E}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/01/2015 at 23.24.16,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by User (administrator) on USER-PC on 27-01-2015 23:27:20
Running from c:\Users\User\Downloads
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Realtek) C:\Program Files\Realtek\USB Wireless LAN Utility\RtlService.exe
() C:\Windows\runSW.exe
() C:\Program Files\Tor\tor.exe
() C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe
() C:\Program Files\NETGEAR\WNA3100M\WifiSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\USB Wireless LAN Utility\RtWLan.exe
(Realtek) C:\Windows\SwUSB.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\NETGEAR\WNA3100M\WNA3100M.exe
(NETGEAR) C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Smart File Advisor] => C:\Program Files\Smart File Advisor\sfa.exe [280824 2011-04-04] (Filefacts.net)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Run: [Facebook Update] => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-16] (Facebook Inc.)
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-07] (Google Inc.)
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Run: [eMuleAutoStart] => C:\Program Files\eMule\emule.exe [5758976 2010-04-07] (http://www.emule-project.net)
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {0405fdbf-b0b5-11e1-a1d8-0024541a0135} - D:\Autorun.exe
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {0a23952b-a64e-11e2-b93f-0024541a0135} - D:\AutoRun.exe
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {0a23953e-a64e-11e2-b93f-0024541a0135} - D:\AutoRun.exe
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {127fb140-a524-11e2-a4f7-0024541a0135} - D:\AutoRun.exe
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {efe727f5-30a6-11e2-89ec-0024541a0135} - E:\Startme.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1025-0000-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100M Genie.lnk
ShortcutTarget: NETGEAR WNA3100M Genie.lnk -> C:\Program Files\NETGEAR\WNA3100M\WNA3100M.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3200 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNDA3200 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe (NETGEAR)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2387696044-1817770176-3943162159-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-06-07]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03]
CHR Extension: (Chromebleed) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-04-09]
CHR Extension: (MSN Homepage) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2014-10-19]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-31]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - No Path
StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-06-07] (Macrovision Europe Ltd.) [File not signed]
S3 jswpsapi; C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe [954368 2009-11-05] (Atheros Communications, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 RealtekWlanU; C:\Program Files\Realtek\USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S2 RTLDHCPService; C:\Program Files\Realtek\USB Wireless LAN Utility\RTLDHCP.exe [261848 2013-11-12] (Realtek)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()
R2 tor; C:\Program Files\Tor\tor.exe [2897422 2012-06-09] () [File not signed] <==== ATTENTION
R2 WDCS_WNDA3200; C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [167936 2010-06-23] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 WSWNA3100M; C:\Program Files\NETGEAR\WNA3100M\WifiSvc.exe [307456 2012-02-24] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1439744 2010-10-11] (Atheros Communications, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-13] (AVG Technologies)
S3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [25088 2012-10-11] (ManyCam LLC)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [693760 2011-06-01] (Realtek Semiconductor Corporation                           )
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2474200 2014-01-13] (Realtek Semiconductor Corporation                           )
S3 WNA3100M; C:\Windows\System32\DRIVERS\WNA3100M.sys [911464 2011-12-30] (NETGEAR Corporation                           )
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-27 23:24 - 2015-01-27 23:24 - 00000924 _____ () C:\Users\User\Desktop\JRT.txt
2015-01-27 22:47 - 2015-01-27 22:47 - 01707939 _____ (Thisisu) C:\Users\User\Downloads\JRT (1).exe
2015-01-27 22:36 - 2015-01-27 22:36 - 00000000 ____D () C:\Windows\ERUNT
2015-01-27 22:35 - 2015-01-27 22:35 - 01707939 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2015-01-27 22:27 - 2015-01-27 22:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-27 00:10 - 2015-01-27 22:33 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 00:10 - 2015-01-27 22:32 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-27 00:10 - 2015-01-27 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-27 00:10 - 2015-01-27 22:32 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-27 00:10 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-27 00:10 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-27 00:10 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-27 00:08 - 2015-01-27 00:09 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-26 23:44 - 2015-01-26 23:56 - 00000000 ____D () C:\AdwCleaner
2015-01-26 22:30 - 2015-01-26 22:31 - 02194432 _____ () C:\Users\User\Downloads\AdwCleaner.exe
2015-01-26 21:20 - 2015-01-26 21:20 - 01120768 _____ (Farbar) C:\Users\User\Downloads\FRST (4).exe
2015-01-26 21:14 - 2015-01-26 21:14 - 02129920 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-01-26 21:14 - 2015-01-26 21:14 - 01120768 _____ (Farbar) C:\Users\User\Downloads\FRST (3).exe
2015-01-26 16:44 - 2015-01-26 16:44 - 01120768 _____ (Farbar) C:\Users\User\Downloads\FRST (2).exe
2015-01-25 21:50 - 2015-01-25 21:51 - 00032120 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-25 21:49 - 2015-01-27 23:27 - 00019126 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-25 21:47 - 2015-01-27 23:27 - 00000000 ____D () C:\FRST
2015-01-25 21:47 - 2015-01-25 21:47 - 01120768 _____ (Farbar) C:\Users\User\Downloads\FRST (1).exe
2015-01-25 21:39 - 2015-01-25 21:39 - 01120768 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-01-19 19:45 - 2015-01-19 19:45 - 00727678 _____ () C:\Users\User\Downloads\IMG_1228.mp4
2015-01-17 11:14 - 2014-12-19 00:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-17 10:51 - 2014-12-06 03:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-17 10:51 - 2014-12-06 03:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-17 10:51 - 2014-12-06 03:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-17 10:48 - 2014-12-06 03:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 19:01 - 2015-01-16 19:02 - 31744112 _____ (Trion Worlds Inc.) C:\Users\User\Downloads\GlyphInstall-0-131 (1).exe
2015-01-16 19:00 - 2015-01-16 19:02 - 31744112 _____ (Trion Worlds Inc.) C:\Users\User\Downloads\GlyphInstall-0-131.exe
2015-01-14 19:04 - 2015-01-14 19:04 - 00072904 _____ () C:\Users\User\Downloads\Presentation2.pptx
2015-01-14 16:26 - 2015-01-14 16:26 - 00014165 _____ () C:\Users\User\Desktop\dds.txt
2015-01-14 16:26 - 2015-01-14 16:26 - 00007384 _____ () C:\Users\User\Desktop\attach.txt
2015-01-13 23:17 - 2015-01-13 23:17 - 00000000 ____D () C:\Windows\erdnt
2015-01-13 23:16 - 2015-01-13 23:27 - 00000000 ___SD () C:\32788R22FWJFW
2015-01-13 23:15 - 2015-01-13 23:17 - 05609736 _____ (Swearware) C:\Users\User\Downloads\ComboFix (1).exe
2015-01-13 23:13 - 2015-01-13 23:13 - 05609736 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
2015-01-13 23:12 - 2015-01-13 23:12 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.com
2015-01-11 20:27 - 2015-01-11 20:28 - 00065536 _____ () C:\Users\User\Downloads\FLVPlayer-Chrome (6).exe
2015-01-04 22:09 - 2015-01-04 22:09 - 00066528 _____ () C:\Users\User\Downloads\FLVPlayer-Chrome (5).exe
2015-01-04 22:08 - 2015-01-04 22:08 - 00066528 _____ () C:\Users\User\Downloads\FLVPlayer-Chrome (4).exe
2015-01-02 08:14 - 2015-01-02 08:14 - 00298724 _____ () C:\Users\User\Downloads\BoardingPassDisplay - Ryanair.com.html
2015-01-02 08:09 - 2015-01-02 08:09 - 00298724 _____ () C:\Users\User\Desktop\BoardingPassDisplay - Ryanair.com.html
2015-01-02 08:09 - 2015-01-02 08:09 - 00000000 ____D () C:\Users\User\Desktop\BoardingPassDisplay - Ryanair.com_files
2014-12-28 21:01 - 2014-12-28 21:01 - 00076248 _____ () C:\Users\User\Downloads\FLVPlayer-Chrome (3).exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-27 23:01 - 2012-08-13 19:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-27 22:31 - 2006-11-02 12:47 - 00004928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 22:31 - 2006-11-02 12:47 - 00004928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 22:21 - 2014-11-13 20:12 - 00364108 _____ () C:\Windows\runSW.log
2015-01-27 21:37 - 2013-07-16 17:32 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387696044-1817770176-3943162159-1000UA.job
2015-01-27 20:57 - 2009-04-11 12:37 - 02025333 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 18:37 - 2013-07-16 17:32 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387696044-1817770176-3943162159-1000Core.job
2015-01-27 18:21 - 2012-06-07 15:48 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2387696044-1817770176-3943162159-1000Core.job
2015-01-27 17:08 - 2012-06-07 16:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-01-27 16:38 - 2012-06-07 16:06 - 00000000 ___RD () C:\Users\User\Dropbox
2015-01-27 16:37 - 2012-06-07 15:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-01-27 16:31 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 14:26 - 2006-11-02 13:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-27 12:12 - 2012-06-07 12:15 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-27 07:59 - 2013-05-25 15:39 - 00000000 ____D () C:\Program Files\Smart File Advisor
2015-01-27 07:26 - 2008-01-21 02:47 - 00209768 _____ () C:\Windows\PFRO.log
2015-01-27 07:22 - 2012-09-23 13:38 - 00000000 ____D () C:\Users\User\AppData\Local\Unity
2015-01-27 02:33 - 2012-06-07 15:49 - 00002035 _____ () C:\Users\User\Desktop\Google Chrome.lnk
2015-01-27 00:10 - 2012-09-29 16:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-24 23:01 - 2012-08-13 19:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-24 23:01 - 2012-08-13 19:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-19 19:48 - 2012-06-07 23:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-01-17 11:14 - 2013-08-15 06:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-17 10:53 - 2006-11-02 10:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-12 17:50 - 2013-01-12 12:40 - 00000000 ____D () C:\Users\User\Desktop\Tor Browser
2015-01-12 16:12 - 2014-10-16 23:22 - 00000802 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-12 16:12 - 2014-04-01 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-10 16:17 - 2012-06-07 16:41 - 00000000 ____D () C:\ProgramData\FLEXnet
 
==================== Files in the root of some directories =======
 
2012-06-07 09:19 - 2014-11-09 10:32 - 0007728 _____ () C:\Users\User\AppData\Local\d3d9caps.dat
2012-11-03 09:40 - 2014-11-29 22:17 - 0104960 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-24 10:13 - 2012-06-24 10:13 - 0033758 _____ () C:\Users\User\AppData\Local\dt.dat
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpidua9x.dll
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-27 16:39
 
==================== End Of Log ============================
Thanks!
 
Alessandro


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:27 PM

Posted 28 January 2015 - 10:27 AM

Hey Alessandro, :)

That was the wrong MBAM Log.
  • Start Malwarebytes
  • Go to the tab called History
  • Then click on Application Logs
tq7qi6z6.png
  • Then select the one log where it has found anything, do a double click on it
  • Then click on the Export
  • Button - select in the menu Text File (.txt)
p84ykoav.png
  • Save it on your Desktop and post the content of this text file into your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 alessandrocancian

alessandrocancian
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 28 January 2015 - 04:43 PM

Hey, sorry, this must be the correct one :)

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 27/01/2015
Scan Time: 22.33.44
Logfile: mlb.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.27.10
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 2044
Time Elapsed: 2 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:27 PM

Posted 28 January 2015 - 04:50 PM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {0405fdbf-b0b5-11e1-a1d8-0024541a0135} - D:\Autorun.exe
    HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {0a23952b-a64e-11e2-b93f-0024541a0135} - D:\AutoRun.exe
    HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {0a23953e-a64e-11e2-b93f-0024541a0135} - D:\AutoRun.exe
    HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {127fb140-a524-11e2-a4f7-0024541a0135} - D:\AutoRun.exe
    HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {efe727f5-30a6-11e2-89ec-0024541a0135} - E:\Startme.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
    CHR HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - No Path
    R2 tor; C:\Program Files\Tor\tor.exe [2897422 2012-06-09] () [File not signed] <==== ATTENTION
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 alessandrocancian

alessandrocancian
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 29 January 2015 - 02:31 PM

Thanks :)

 

So starting from the question, the pc is apparently still slowed down.

 

Here the requested logs:

 

FRST fix

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by User at 2015-01-29 16:45:24 Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {0405fdbf-b0b5-11e1-a1d8-0024541a0135} - D:\Autorun.exe
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {0a23952b-a64e-11e2-b93f-0024541a0135} - D:\AutoRun.exe
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {0a23953e-a64e-11e2-b93f-0024541a0135} - D:\AutoRun.exe
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {127fb140-a524-11e2-a4f7-0024541a0135} - D:\AutoRun.exe
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\MountPoints2: {efe727f5-30a6-11e2-89ec-0024541a0135} - E:\Startme.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
CHR HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - No Path
R2 tor; C:\Program Files\Tor\tor.exe [2897422 2012-06-09] () [File not signed] <==== ATTENTION
EmptyTemp:
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0405fdbf-b0b5-11e1-a1d8-0024541a0135}" => Key deleted successfully.
HKCR\CLSID\{0405fdbf-b0b5-11e1-a1d8-0024541a0135} => Key not found. 
"HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a23952b-a64e-11e2-b93f-0024541a0135}" => Key deleted successfully.
HKCR\CLSID\{0a23952b-a64e-11e2-b93f-0024541a0135} => Key not found. 
"HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a23953e-a64e-11e2-b93f-0024541a0135}" => Key deleted successfully.
HKCR\CLSID\{0a23953e-a64e-11e2-b93f-0024541a0135} => Key not found. 
"HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{127fb140-a524-11e2-a4f7-0024541a0135}" => Key deleted successfully.
HKCR\CLSID\{127fb140-a524-11e2-a4f7-0024541a0135} => Key not found. 
"HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efe727f5-30a6-11e2-89ec-0024541a0135}" => Key deleted successfully.
HKCR\CLSID\{efe727f5-30a6-11e2-89ec-0024541a0135} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found. 
"HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\SOFTWARE\Google\Chrome\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim" => Key deleted successfully.
tor => Service stopped successfully.
tor => Service deleted successfully.
EmptyTemp: => Removed 1.1 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 16:48:19 ====
 
ESET
 
C:\AdwCleaner\Quarantine\C\Users\User\AppData\LocalLow\bbrs_002.tb\content\witmain.js.vir Win32/BrowserCompanion.G potentially unwanted application deleted - quarantined
C:\Program Files\Smart File Advisor\sfa.exe a variant of Win32/SmartFileAdvisor.A potentially unwanted application deleted - quarantined
C:\Program Files\Smart File Advisor\sfa_inst.exe a variant of Win32/SmartFileAdvisor.A potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\DAEMONToolsUltra110-0101.exe Win32/DownWare.L potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\emule050a.exe Win32/Toolbar.Babylon potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\FLVPlayer-Chrome (1).exe NSIS/TrojanDownloader.Adload.AA trojan cleaned by deleting - quarantined
C:\Users\User\Downloads\FLVPlayer-Chrome (2).exe NSIS/TrojanDownloader.Adload.AA trojan cleaned by deleting - quarantined
C:\Users\User\Downloads\FLVPlayer-Chrome (3).exe NSIS/TrojanDownloader.Adload.AA trojan cleaned by deleting - quarantined
C:\Users\User\Downloads\FLVPlayer-Chrome (4).exe NSIS/TrojanDownloader.Adload.AA trojan cleaned by deleting - quarantined
C:\Users\User\Downloads\FLVPlayer-Chrome (5).exe NSIS/TrojanDownloader.Adload.AA trojan cleaned by deleting - quarantined
C:\Users\User\Downloads\FLVPlayer-Chrome (6).exe NSIS/TrojanDownloader.Adload.AA trojan cleaned by deleting - quarantined
C:\Users\User\Downloads\FLVPlayer-Chrome.exe NSIS/TrojanDownloader.Adload.AB trojan cleaned by deleting - quarantined
C:\Users\User\Downloads\isobuster_all_lang.exe Win32/Toolbar.Conduit.S potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\Mipony-Installer.exe Win32/Toolbar.Babylon potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\ReimageSetup.exe a variant of Win32/ReImageRepair.C potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\SoftonicDownloader_per_daemon-tools.exe Win32/SoftonicDownloader.E potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\SoftonicDownloader_per_pdf-xchange-viewer.exe Win32/SoftonicDownloader.E potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\The_Social_Network_2010_DVDSCR_XViD_WBZ.exe Win32/Adware.1ClickDownload.G application cleaned by deleting - quarantined
C:\Users\User\Downloads\Unconfirmed 48221.crdownload Win32/VOPackage.AZ potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\yet_another_cleaner_brog (1).exe Win32/ELEX.AY potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\yet_another_cleaner_brog (2).exe Win32/ELEX.AY potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\yet_another_cleaner_brog (3).exe Win32/ELEX.AY potentially unwanted application deleted - quarantined
C:\Users\User\Downloads\yet_another_cleaner_brog.exe Win32/ELEX.AY potentially unwanted application deleted - quarantined
 
 
Thanks!


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:27 PM

Posted 30 January 2015 - 02:33 AM

Hey, :)

What's with Step 2?
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 alessandrocancian

alessandrocancian
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 30 January 2015 - 11:21 AM

Hi Machiavelli,

 

here's the log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by User (administrator) on USER-PC on 30-01-2015 16:09:33
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Realtek) C:\Program Files\Realtek\USB Wireless LAN Utility\RtlService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\USB Wireless LAN Utility\RtWLan.exe
() C:\Windows\runSW.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Realtek) C:\Windows\SwUSB.exe
() C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe
() C:\Program Files\NETGEAR\WNA3100M\WifiSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(http://www.emule-project.net) C:\Program Files\eMule\emule.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Program Files\NETGEAR\WNA3100M\WNA3100M.exe
(NETGEAR) C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Google Inc.) C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Run: [Facebook Update] => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-16] (Facebook Inc.)
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-07] (Google Inc.)
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\...\Run: [eMuleAutoStart] => C:\Program Files\eMule\emule.exe [5758976 2010-04-07] (http://www.emule-project.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1025-0000-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100M Genie.lnk
ShortcutTarget: NETGEAR WNA3100M Genie.lnk -> C:\Program Files\NETGEAR\WNA3100M\WNA3100M.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3200 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNDA3200 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe (NETGEAR)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2387696044-1817770176-3943162159-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
SearchScopes: HKU\S-1-5-21-2387696044-1817770176-3943162159-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2387696044-1817770176-3943162159-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-06-07]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03]
CHR Extension: (Chromebleed) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-04-09]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-31]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-06-07] (Macrovision Europe Ltd.) [File not signed]
S3 jswpsapi; C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe [954368 2009-11-05] (Atheros Communications, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 RealtekWlanU; C:\Program Files\Realtek\USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S2 RTLDHCPService; C:\Program Files\Realtek\USB Wireless LAN Utility\RTLDHCP.exe [261848 2013-11-12] (Realtek)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()
R2 WDCS_WNDA3200; C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [167936 2010-06-23] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 WSWNA3100M; C:\Program Files\NETGEAR\WNA3100M\WifiSvc.exe [307456 2012-02-24] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1439744 2010-10-11] (Atheros Communications, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-13] (AVG Technologies)
S3 BazisVirtualCDBus; C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [25088 2012-10-11] (ManyCam LLC)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [693760 2011-06-01] (Realtek Semiconductor Corporation                           )
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2474200 2014-01-13] (Realtek Semiconductor Corporation                           )
S3 WNA3100M; C:\Windows\System32\DRIVERS\WNA3100M.sys [911464 2011-12-30] (NETGEAR Corporation                           )
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-30 16:10 - 2015-01-30 16:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2015-01-30 16:09 - 2015-01-30 16:11 - 00017891 _____ () C:\Users\User\Desktop\FRST.txt
2015-01-29 17:06 - 2015-01-29 17:06 - 00000000 ____D () C:\Program Files\ESET
2015-01-29 16:43 - 2015-01-29 16:43 - 01121792 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2015-01-29 16:43 - 2015-01-29 16:43 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2015-01-29 16:25 - 2015-01-29 16:31 - 00000000 ____D () C:\Users\User\Downloads\FRST-OlderVersion
2015-01-27 23:34 - 2015-01-27 23:34 - 00009394 _____ () C:\Users\User\Desktop\Malware Bites.txt
2015-01-27 23:24 - 2015-01-27 23:24 - 00000924 _____ () C:\Users\User\Desktop\JRT.txt
2015-01-27 22:47 - 2015-01-27 22:47 - 01707939 _____ (Thisisu) C:\Users\User\Downloads\JRT (1).exe
2015-01-27 22:36 - 2015-01-27 22:36 - 00000000 ____D () C:\Windows\ERUNT
2015-01-27 22:35 - 2015-01-27 22:35 - 01707939 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2015-01-27 22:27 - 2015-01-27 22:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-27 00:10 - 2015-01-30 16:03 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 00:10 - 2015-01-27 22:32 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-27 00:10 - 2015-01-27 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-27 00:10 - 2015-01-27 22:32 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-27 00:10 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-27 00:10 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-27 00:10 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-27 00:08 - 2015-01-27 00:09 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-26 23:44 - 2015-01-26 23:56 - 00000000 ____D () C:\AdwCleaner
2015-01-26 22:30 - 2015-01-26 22:31 - 02194432 _____ () C:\Users\User\Downloads\AdwCleaner.exe
2015-01-25 21:50 - 2015-01-25 21:51 - 00032120 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-25 21:49 - 2015-01-27 23:33 - 00028661 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-25 21:47 - 2015-01-30 16:09 - 00000000 ____D () C:\FRST
2015-01-19 19:45 - 2015-01-19 19:45 - 00727678 _____ () C:\Users\User\Downloads\IMG_1228.mp4
2015-01-17 11:14 - 2014-12-19 00:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-17 10:51 - 2014-12-06 03:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-17 10:51 - 2014-12-06 03:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-17 10:51 - 2014-12-06 03:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-17 10:48 - 2014-12-06 03:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 19:01 - 2015-01-16 19:02 - 31744112 _____ (Trion Worlds Inc.) C:\Users\User\Downloads\GlyphInstall-0-131 (1).exe
2015-01-16 19:00 - 2015-01-16 19:02 - 31744112 _____ (Trion Worlds Inc.) C:\Users\User\Downloads\GlyphInstall-0-131.exe
2015-01-14 19:04 - 2015-01-14 19:04 - 00072904 _____ () C:\Users\User\Downloads\Presentation2.pptx
2015-01-14 16:26 - 2015-01-14 16:26 - 00014165 _____ () C:\Users\User\Desktop\dds.txt
2015-01-14 16:26 - 2015-01-14 16:26 - 00007384 _____ () C:\Users\User\Desktop\attach.txt
2015-01-13 23:17 - 2015-01-13 23:17 - 00000000 ____D () C:\Windows\erdnt
2015-01-13 23:16 - 2015-01-13 23:27 - 00000000 ___SD () C:\32788R22FWJFW
2015-01-13 23:15 - 2015-01-13 23:17 - 05609736 _____ (Swearware) C:\Users\User\Downloads\ComboFix (1).exe
2015-01-13 23:13 - 2015-01-13 23:13 - 05609736 ____R (Swearware) C:\Users\User\Downloads\ComboFix.exe
2015-01-13 23:12 - 2015-01-13 23:12 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.com
2015-01-02 08:14 - 2015-01-02 08:14 - 00298724 _____ () C:\Users\User\Downloads\BoardingPassDisplay - Ryanair.com.html
2015-01-02 08:09 - 2015-01-02 08:09 - 00298724 _____ () C:\Users\User\Desktop\BoardingPassDisplay - Ryanair.com.html
2015-01-02 08:09 - 2015-01-02 08:09 - 00000000 ____D () C:\Users\User\Desktop\BoardingPassDisplay - Ryanair.com_files
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-30 16:10 - 2009-04-11 12:37 - 01057779 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 16:07 - 2012-06-07 16:06 - 00000000 ___RD () C:\Users\User\Dropbox
2015-01-30 16:07 - 2012-06-07 15:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-01-30 16:04 - 2012-06-07 12:15 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-30 16:02 - 2012-08-13 19:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 15:59 - 2014-11-13 20:12 - 00375142 _____ () C:\Windows\runSW.log
2015-01-30 15:59 - 2006-11-02 12:47 - 00004928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 15:59 - 2006-11-02 12:47 - 00004928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 15:58 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 01:37 - 2006-11-02 13:01 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-30 00:37 - 2013-07-16 17:32 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387696044-1817770176-3943162159-1000UA.job
2015-01-29 23:03 - 2012-06-07 16:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-01-29 18:49 - 2013-05-25 15:39 - 00000000 ____D () C:\Program Files\Smart File Advisor
2015-01-29 18:37 - 2013-07-16 17:32 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387696044-1817770176-3943162159-1000Core.job
2015-01-29 18:21 - 2012-06-07 15:48 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2387696044-1817770176-3943162159-1000Core.job
2015-01-28 11:30 - 2006-11-02 10:33 - 00778840 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 07:26 - 2008-01-21 02:47 - 00209768 _____ () C:\Windows\PFRO.log
2015-01-27 07:22 - 2012-09-23 13:38 - 00000000 ____D () C:\Users\User\AppData\Local\Unity
2015-01-27 02:33 - 2012-06-07 15:49 - 00002035 _____ () C:\Users\User\Desktop\Google Chrome.lnk
2015-01-27 00:10 - 2012-09-29 16:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-24 23:01 - 2012-08-13 19:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-24 23:01 - 2012-08-13 19:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-19 19:48 - 2012-06-07 23:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-01-17 11:14 - 2013-08-15 06:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-17 10:53 - 2006-11-02 10:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-12 17:50 - 2013-01-12 12:40 - 00000000 ____D () C:\Users\User\Desktop\Tor Browser
2015-01-12 16:12 - 2014-10-16 23:22 - 00000802 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-12 16:12 - 2014-04-01 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-10 16:17 - 2012-06-07 16:41 - 00000000 ____D () C:\ProgramData\FLEXnet
 
==================== Files in the root of some directories =======
 
2012-06-07 09:19 - 2014-11-09 10:32 - 0007728 _____ () C:\Users\User\AppData\Local\d3d9caps.dat
2012-11-03 09:40 - 2014-11-29 22:17 - 0104960 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-24 10:13 - 2012-06-24 10:13 - 0033758 _____ () C:\Users\User\AppData\Local\dt.dat
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz64lwg.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-30 16:06
 
==================== End Of Log ============================
 
Cheers!


#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:27 PM

Posted 30 January 2015 - 04:18 PM

Hey, :)
  • Download Windows Repair (All in One) from this site
  • Install the program then run it.
NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.
  • Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
  • If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk. In that case make sure you restart computer.
p22004342.gif
  • Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:
p22004343.gif
  • Go to Step 4 and under "System Restore" click on Create button:
p22004346.gif
  • Go to Start Repairs tab and click Start button. Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design. Click on Start button.
 
p22004347.gif
  • Post Windows Repair log which is located in the following folder:
    • 64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    • 32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
Still problems?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 alessandrocancian

alessandrocancian
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 01 February 2015 - 03:36 PM

Hi there :)

 

I hope this is the correct log!

 

Tweaking.com - Windows Repair v2.10.4
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows Vista ™ Home Premium
OS Architecture: 32-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: USER-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Current Profile: C:\Users\User
Current Profile SID: S-1-5-21-2387696044-1817770176-3943162159-1000
Current Profile Classes: S-1-5-21-2387696044-1817770176-3943162159-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\User\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 05:09:12
 
Process Count: 77
Commit Total: 1,99 GB
Commit Limit: 3,90 GB
Commit Peak: 2,67 GB
Handle Count: 31889
Kernel Total: 189,50 MB
Kernel Paged: 120,08 MB
Kernel Non Paged: 69,42 MB
System Cache: 1,62 GB
Thread Count: 1027
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2,93 GB
Memory Used: 1,63 GB(55,7209%)
Memory Avail.: 1,30 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2,93 GB
Memory Used: 1,23 GB(42,0318%)
Memory Avail.: 1,70 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (01/02/2015 20.31.48)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 0
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (01/02/2015 20.31.52)
   Running Repair Under Current User Account
   Done (01/02/2015 20.32.36)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (01/02/2015 20.32.36)
   Running Repair Under System Account





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users