Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Chrome.exe *32 processes on start up


  • This topic is locked This topic is locked
12 replies to this topic

#1 kevitzchi

kevitzchi

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 02 February 2015 - 10:11 AM

Hello

 

My computer starts up and runs up to 9 Chrome.exe *32 processes upon start up and when running.  I've read up on this and it appears to be malware.  I've tried some of the removal tools but to no avail.  Problems include a very long start up time, machine running very slowly in general and a lot of pop ups.

 

I have followed the instructions for posting a new thread.  Following is the FRST log and the Addition log is attached.  Thank you much in advance for your help!  - Kevin

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by User (administrator) on DTNI-PC02 on 02-02-2015 14:55:48
Running from C:\Users\User\Desktop
Loaded Profiles: UpdatusUser & User (Available profiles: UpdatusUser & avecadmin & User & LogMeInRemoteUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\nacl64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Common Files\Sage SBD\SBDDesktop\v12\SBDDesktop.exe
(Sage (UK) Ltd.) C:\Program Files (x86)\Sage\Accounts\sg50Launcher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\User\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816336 2012-03-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\...\MountPoints2: {0469a1cf-fba6-11e1-9e91-806e6f6e6963} - D:\start.exe
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\...\Run: [SkyDrive] => C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-10] (Microsoft Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3122436482-257910113-1078007541-1000] =>
ProxyServer: [S-1-5-21-3122436482-257910113-1078007541-1002] =>
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.co.uk/
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1000 -> {9973CBA2-904B-4B33-8F81-108D5BE02372} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1002 -> {9973CBA2-904B-4B33-8F81-108D5BE02372} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3122436482-257910113-1078007541-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p3sz3dun.default
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={BB4FD0C9-2EB0-4C58-9372-36C769484890}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-03 08:43:27&v=17.3.1.91&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={BB4FD0C9-2EB0-4C58-9372-36C769484890}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-03 08:43:27&v=18.0.5.292&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={A55F4E7D-FED4-41F8-BBE4-900F45AB7F98}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-21 11:33:51&v=18.0.5.292&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={A55F4E7D-FED4-41F8-BBE4-900F45AB7F98}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-03 08:43:27&v=18.0.5.292&pid=safeguard&sg=&sap=hp
hxxp://mysearch.avg.com?cid={BB4FD0C9-2EB0-4C58-9372-36C769484890}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-03 08:43:27&v=18.0.5.292&pid=safeguard&sg=&sap=hp
hxxp://mysearch.avg.com?cid={A55F4E7D-FED4-41F8-BBE4-900F45AB7F98}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-21 11:33:51&v=18.0.5.292&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={A55F4E7D-FED4-41F8-BBE4-900F45AB7F98}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-21 11:33:51&v=18.1.0.443&pid=safeguard&sg=&sap=hp", "hxxp://speedial.com/?f=1&a=spd_secureddownload_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0FtAyByC0E0C0AyBzzyBtN0D0Tzu0SzzyDyDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0E0EtCtDyCyCtDtGyDtCyCyDtGyD0EtC0EtGtCyC0A0DtGtAtC0D0D0AyD0EyCyE0CtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0AzzyD0FzyzzyEtG0AtB0EyEtGzytAzztAtGyByCyEzztGyDtByEyCyDtAtA0A0AzzyE0B2Q&cr=1969514337&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-05]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-05]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-05]
CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-06-05]
CHR Extension: (Online project management software: Wedoist) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfemlcofmppfkjnndnoakpgekdmkpbn [2014-06-05]
CHR Extension: (AVG Secure Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-01-19]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-05]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-25]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-25]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-25]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-25]
CHR Extension: (Chrome In-App Payments service) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-25]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-25]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
CHR Extension: (McAfee Security Scan+) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-05-04]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-04]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-09-15]
CHR Extension: (Online project management software: Wedoist) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\hhfemlcofmppfkjnndnoakpgekdmkpbn [2014-09-15]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
CHR HKU\S-1-5-21-3122436482-257910113-1078007541-1002\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\User\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-15] (SurfRight B.V.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [377704 2015-01-28] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2015-01-28] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft) [File not signed]
R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2013-01-30] (Sage (UK) Limited) [File not signed]
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2015-01-15] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-27] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-15] (Emsisoft GmbH)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 RapportCerberus_80116; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80116.sys [845464 2015-01-07] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2014-12-22] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2014-12-10] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2014-12-22] (IBM Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-01-15] ()
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 SBIOSIO; \??\C:\Users\User\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-02 14:55 - 2015-02-02 14:55 - 00029760 _____ () C:\Users\User\Desktop\FRST.txt
2015-02-02 14:55 - 2015-02-02 14:36 - 02131456 _____ (Farbar) C:\Users\User\Desktop\FRST64 (1).exe
2015-02-02 14:36 - 2015-02-02 14:36 - 02131456 _____ (Farbar) C:\Users\User\Downloads\FRST64 (1).exe
2015-02-02 14:35 - 2015-02-02 14:35 - 01122304 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-01-30 11:10 - 2015-01-30 11:15 - 00092012 _____ () C:\Users\User\Downloads\DTNI 2012 13 EXP PROFILE (41).XLSX
2015-01-26 15:31 - 2015-01-26 15:31 - 00015204 _____ () C:\Users\User\Downloads\Membership list - last paid up as at 19 Jan 2015.xlsx
2015-01-23 10:23 - 2015-01-23 10:23 - 00492544 _____ () C:\Users\User\Downloads\216 DEVELOPMENT TRUST (3).xls
2015-01-23 10:23 - 2015-01-23 10:23 - 00492544 _____ () C:\Users\User\Downloads\216 DEVELOPMENT TRUST (2).xls
2015-01-23 10:22 - 2015-01-23 10:22 - 00492544 _____ () C:\Users\User\Downloads\216 DEVELOPMENT TRUST (1).xls
2015-01-23 09:39 - 2015-01-23 09:40 - 00492544 _____ () C:\Users\User\Downloads\216 DEVELOPMENT TRUST.xls
2015-01-19 15:48 - 2015-01-28 14:26 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-19 15:48 - 2015-01-19 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-19 14:24 - 2015-01-19 14:24 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe
2015-01-19 13:20 - 2015-01-19 14:00 - 00000000 ____D () C:\AdwCleaner
2015-01-19 13:20 - 2015-01-19 13:20 - 02186752 _____ () C:\Users\User\Downloads\AdwCleaner.exe
2015-01-19 13:16 - 2015-01-19 13:18 - 00000000 ____D () C:\Qoobox
2015-01-19 13:15 - 2015-01-19 13:15 - 00000000 ____D () C:\windows\erdnt
2015-01-19 13:14 - 2015-01-19 13:18 - 05608785 _____ (Swearware) C:\Users\User\Downloads\ComboFix.exe
2015-01-19 13:02 - 2015-01-19 13:02 - 00015204 _____ () C:\Users\User\Documents\Membership list - last paid up as at 19 Jan 2015.xlsx
2015-01-19 12:46 - 2015-01-19 12:46 - 00015151 _____ () C:\Users\User\Downloads\Current Membership List (3).xlsx
2015-01-19 12:45 - 2015-01-19 13:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-19 12:41 - 2015-01-19 13:16 - 00000000 ____D () C:\Users\User\Desktop\mbar
2015-01-19 12:40 - 2015-01-19 12:40 - 16448208 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.08.2.1001.exe
2015-01-19 12:31 - 2015-01-19 12:32 - 00049009 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-19 12:29 - 2015-02-02 14:55 - 00000000 ____D () C:\FRST
2015-01-19 12:29 - 2015-02-02 14:38 - 00043011 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-19 12:28 - 2015-01-19 12:28 - 02126848 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-01-16 11:33 - 2015-01-26 15:05 - 00000000 ____D () C:\Users\User\Documents\Board Reports and Agendas
2015-01-16 11:12 - 2015-01-16 11:12 - 00097965 _____ () C:\Users\User\Downloads\DTNI 2012 13 EXP PROFILE (40).XLSX
2015-01-16 09:40 - 2015-01-16 09:40 - 00002356 _____ () C:\EamClean.log
2015-01-15 13:43 - 2015-01-15 13:43 - 00000743 _____ () C:\Users\User\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-15 13:42 - 2015-01-15 13:44 - 00000000 ____D () C:\EEK
2015-01-15 13:39 - 2015-01-15 13:41 - 166345872 _____ () C:\Users\User\Downloads\EmsisoftEmergencyKit.exe
2015-01-15 12:03 - 2015-01-15 12:03 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-01-15 12:03 - 2015-01-15 12:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-15 12:01 - 2015-01-15 12:02 - 18467928 _____ () C:\Users\User\Downloads\RogueKillerX64.exe
2015-01-15 11:50 - 2015-01-15 11:50 - 00359902 _____ () C:\windows\system32\.crusader
2015-01-15 11:31 - 2015-01-15 11:31 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-15 11:31 - 2015-01-15 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-15 11:31 - 2015-01-15 11:31 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-15 11:29 - 2015-01-15 11:50 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-15 11:29 - 2015-01-15 11:30 - 11225840 _____ (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro_x64.exe
2015-01-15 11:28 - 2015-01-15 11:28 - 10285456 _____ (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro.exe
2015-01-15 11:26 - 2015-01-15 11:26 - 00273996 _____ () C:\Users\User\Downloads\ESETPoweliksCleaner.exe_20150115.112624.7312.log
2015-01-15 11:26 - 2015-01-15 11:26 - 00186568 _____ (ESET) C:\Users\User\Downloads\ESETPoweliksCleaner.exe
2015-01-14 11:03 - 2015-02-02 14:27 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 11:02 - 2015-01-19 12:41 - 00096472 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-14 11:02 - 2015-01-14 11:02 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-14 11:02 - 2015-01-14 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 11:02 - 2015-01-14 11:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 11:02 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-14 11:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-14 11:00 - 2015-01-14 11:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-14 10:49 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 10:49 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 10:49 - 2014-12-11 17:47 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 10:49 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 10:49 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 10:49 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-14 10:48 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 10:48 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 10:48 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 10:48 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 10:48 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 10:48 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 10:48 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 10:25 - 2015-01-14 10:25 - 00000000 ____D () C:\windows\pss
2015-01-13 11:11 - 2015-01-13 11:11 - 00000171 _____ () C:\Users\User\Downloads\DTNI Timesheet November 26th 2014 (1).gdoc
2015-01-13 11:10 - 2015-01-13 11:10 - 00000171 _____ () C:\Users\User\Downloads\DTNI Timesheet November 26th 2014.gdoc
2015-01-13 09:07 - 2015-01-13 09:07 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-02 14:25 - 2014-05-20 20:34 - 00004974 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for DTNI-PC02-User DTNI-PC02
2015-02-02 14:25 - 2013-05-14 14:38 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 14:11 - 2012-07-10 20:12 - 01997224 _____ () C:\windows\WindowsUpdate.log
2015-02-02 10:40 - 2014-05-17 16:24 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{A1ABDCEE-4E6E-4CAA-895F-1775C3277BE2}
2015-02-02 10:29 - 2009-07-14 04:45 - 00031808 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-02 10:29 - 2009-07-14 04:45 - 00031808 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-02 10:09 - 2014-05-14 08:48 - 00000000 ___RD () C:\Users\User\Dropbox
2015-02-02 10:09 - 2014-05-14 08:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-02-02 10:07 - 2014-05-20 09:35 - 00000000 ___RD () C:\Users\User\OneDrive
2015-02-02 10:05 - 2014-02-25 11:01 - 00000964 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-02-02 10:05 - 2014-02-25 11:01 - 00000948 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-02-02 10:05 - 2014-02-25 11:01 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-02-02 10:04 - 2014-06-15 13:43 - 00008506 _____ () C:\windows\setupact.log
2015-02-02 10:04 - 2013-05-14 14:38 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 10:04 - 2012-07-10 04:17 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-02-02 10:04 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-30 15:20 - 2013-05-14 13:42 - 00000000 ____D () C:\Users\avecadmin
2015-01-30 15:18 - 2014-02-25 11:31 - 00000000 ___RD () C:\Users\User\Google Drive
2015-01-30 10:27 - 2014-02-25 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-29 16:56 - 2012-07-10 04:17 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-01-29 16:50 - 2009-07-14 05:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-29 16:45 - 2010-11-21 03:47 - 00878606 _____ () C:\windows\PFRO.log
2015-01-28 13:55 - 2014-02-25 11:01 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2015-01-28 13:51 - 2014-02-25 11:01 - 00107392 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll
2015-01-28 13:51 - 2014-02-25 11:01 - 00092520 _____ (LogMeIn, Inc.) C:\windows\system32\LMIinit.dll
2015-01-28 13:51 - 2014-02-25 11:01 - 00035688 _____ (LogMeIn, Inc.) C:\windows\system32\LMIport.dll
2015-01-19 15:48 - 2013-05-14 14:38 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-19 15:47 - 2014-03-03 23:41 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2015-01-19 15:06 - 2014-04-29 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-01-16 09:40 - 2014-05-04 21:42 - 00000000 ____D () C:\Users\User\AppData\Local\SlimWare Utilities Inc
2015-01-15 11:56 - 2014-05-04 21:42 - 00016152 _____ () C:\windows\system32\Drivers\SWDUMon.sys
2015-01-15 11:32 - 2014-03-07 16:24 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-01-05 10:52 - 2013-05-14 14:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-05 10:49 - 2014-05-20 08:47 - 00000000 ____D () C:\Program Files\Microsoft Office 15
 
==================== Files in the root of some directories =======
 
2014-05-05 13:03 - 2014-05-05 13:03 - 0000045 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2012-07-10 05:49 - 2012-07-10 05:50 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-07-10 05:43 - 2012-07-10 05:44 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-07-10 05:47 - 2012-07-10 05:48 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-07-10 05:44 - 2012-07-10 05:47 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-07-10 05:48 - 2012-07-10 05:49 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd3qs_1.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-28 14:54
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:37 PM

Posted 03 February 2015 - 11:29 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 kevitzchi

kevitzchi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 05 February 2015 - 09:26 AM

Hello there - thanks for getting back to me.  Following are the 4 logs:

 

  # AdwCleaner v4.109 - Report created 04/02/2015 at 14:55:45

# Updated 24/01/2015 by Xplode
# Database : 2015-01-24.3 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : User - DTNI-PC02
# Running from : C:\Users\User\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] -
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v20.0.1 (en-US)
 
 
-\\ Google Chrome v40.0.2214.93
 
 
*************************
 
AdwCleaner[R0].txt - [3080 octets] - [19/01/2015 13:21:03]
AdwCleaner[R1].txt - [1128 octets] - [04/02/2015 14:48:30]
AdwCleaner[S0].txt - [3103 octets] - [19/01/2015 14:00:08]
AdwCleaner[S1].txt - [1054 octets] - [04/02/2015 14:55:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1114 octets] ##########
 
 
 
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/02/04 15:05:14 GMT</date>
<logfile>mbam-log-2015-02-04 (15-05-13).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.02.04.07</malware-database>
<rootkit-database>v2015.02.03.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>User</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>482771</objects>
<time>2062</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>warn</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by User on 04/02/2015 at 16:27:28.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update webget
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util webget
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{06263A95-D0AA-4B4A-AA89-4AA9BF77DEED}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{07FA66FF-C0A1-4C1E-8DC3-71B4CFCBE30E}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{23AC3125-2936-4A57-91AB-C45A524F7CE2}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{255F2F2A-11CF-4D91-A46D-B103A081926B}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{262F20CD-F47C-4398-857D-E09DD029CF17}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{4A17BACA-A40D-45A8-B521-078095CB8D2C}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{52BEAC76-B63D-4989-88A5-8F7AD6BDF6C1}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{69311F96-7B38-41E8-8BA6-F6D1A21F45E4}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{7ADA6012-DFF0-4D94-B2E8-7DA952BDF4F3}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{7DE42A0A-93F0-408A-A25B-FBF9BA0BBB53}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{8009927D-4F30-4802-B8E9-DEF520F197A2}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{83E9847C-C1FF-49B2-8BBC-CEC7AF4956DF}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{8FF449D0-3C82-4D40-8805-458F25D2F362}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{9EF2F82E-907A-4C3F-BAD9-405C22E3CB23}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{A6A95EB4-ADDB-4790-84C9-982A49905911}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{A91D00DD-1FFE-43BA-9635-9FB33AE65AA4}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{AB45A4D8-6599-400A-8A09-343FC8A64931}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{B25D3058-BCA7-426C-8F87-13D2EFB4DCF8}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{B2A14720-5D7E-47DE-AEED-C99ED8BDCEA6}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{B41F2450-E5CB-41BD-8599-900393C0A1A5}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{B8C4952A-2528-4CD9-9227-E6E69800CBF7}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{D3B00A7C-F74A-42BC-BB90-EC2DD9FD9CC4}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{D46E9A16-3561-4E30-8867-BECB7E1EE982}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{D49C506E-FA16-4BD6-BCB3-047B37F29CE5}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{D66B71C9-DAB3-4E6B-B4F0-460A6F600EC4}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{E5870F65-FE1D-4A49-966A-2903202502AF}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{EFE32D40-F03C-4528-AEE2-27BB0FC00536}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{F782BFE6-8749-4E5A-9CB1-E11106DAECC2}
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/02/2015 at 16:35:57.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015
Ran by User (administrator) on DTNI-PC02 on 04-02-2015 16:38:45
Running from C:\Users\User\Desktop
Loaded Profiles: UpdatusUser & User &  (Available profiles: UpdatusUser & avecadmin & User & LogMeInRemoteUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
(Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\nacl64.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816336 2012-03-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\...\MountPoints2: {0469a1cf-fba6-11e1-9e91-806e6f6e6963} - D:\start.exe
HKU\S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {0469a1cf-fba6-11e1-9e91-806e6f6e6963} - D:\start.exe
HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\avecadmin\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70 /CMPID=0214c
HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\...\Run: [SkyDrive] => C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-10] (Microsoft Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
HKU\S-1-5-21-3122436482-257910113-1078007541-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3122436482-257910113-1078007541-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SkyDrive] => C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-10] (Microsoft Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3122436482-257910113-1078007541-1000] =>
ProxyServer: [S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] =>
ProxyServer: [S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] =>
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
HKU\S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.co.uk/
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
HKU\S-1-5-21-3122436482-257910113-1078007541-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.co.uk/
HKU\S-1-5-21-3122436482-257910113-1078007541-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1000 -> {9973CBA2-904B-4B33-8F81-108D5BE02372} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9973CBA2-904B-4B33-8F81-108D5BE02372} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9973CBA2-904B-4B33-8F81-108D5BE02372} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1002 -> {9973CBA2-904B-4B33-8F81-108D5BE02372} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9973CBA2-904B-4B33-8F81-108D5BE02372} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3122436482-257910113-1078007541-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p3sz3dun.default
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={BB4FD0C9-2EB0-4C58-9372-36C769484890}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-03 08:43:27&v=17.3.1.91&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={BB4FD0C9-2EB0-4C58-9372-36C769484890}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-03 08:43:27&v=18.0.5.292&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={A55F4E7D-FED4-41F8-BBE4-900F45AB7F98}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-21 11:33:51&v=18.0.5.292&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={A55F4E7D-FED4-41F8-BBE4-900F45AB7F98}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-03 08:43:27&v=18.0.5.292&pid=safeguard&sg=&sap=hp
hxxp://mysearch.avg.com?cid={BB4FD0C9-2EB0-4C58-9372-36C769484890}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-03 08:43:27&v=18.0.5.292&pid=safeguard&sg=&sap=hp
hxxp://mysearch.avg.com?cid={A55F4E7D-FED4-41F8-BBE4-900F45AB7F98}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-21 11:33:51&v=18.0.5.292&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={A55F4E7D-FED4-41F8-BBE4-900F45AB7F98}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-21 11:33:51&v=18.1.0.443&pid=safeguard&sg=&sap=hp", "hxxp://speedial.com/?f=1&a=spd_secureddownload_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0FtAyByC0E0C0AyBzzyBtN0D0Tzu0SzzyDyDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0E0EtCtDyCyCtDtGyDtCyCyDtGyD0EtC0EtGtCyC0A0DtGtAtC0D0D0AyD0EyCyE0CtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0AzzyD0FzyzzyEtG0AtB0EyEtGzytAzztAtGyByCyEzztGyDtByEyCyDtAtA0A0AzzyE0B2Q&cr=1969514337&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-05]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-05]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-05]
CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-06-05]
CHR Extension: (Online project management software: Wedoist) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfemlcofmppfkjnndnoakpgekdmkpbn [2014-06-05]
CHR Extension: (AVG Secure Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-02-04]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-05]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-25]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-25]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-25]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-25]
CHR Extension: (Chrome In-App Payments service) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-25]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-25]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
CHR Extension: (McAfee Security Scan+) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-05-04]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-04]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-09-15]
CHR Extension: (Online project management software: Wedoist) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\hhfemlcofmppfkjnndnoakpgekdmkpbn [2014-09-15]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
CHR HKU\S-1-5-21-3122436482-257910113-1078007541-1002\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\User\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-04]
CHR HKU\S-1-5-21-3122436482-257910113-1078007541-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\User\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-15] (SurfRight B.V.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [377704 2015-01-28] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2015-01-28] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft) [File not signed]
R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2013-01-30] (Sage (UK) Limited) [File not signed]
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2015-01-15] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-27] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-15] (Emsisoft GmbH)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 RapportCerberus_80116; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80116.sys [845464 2015-01-07] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2014-12-22] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2014-12-10] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2014-12-22] (IBM Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-01-15] ()
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 SBIOSIO; \??\C:\Users\User\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 16:37 - 2015-02-04 16:37 - 02131968 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-02-04 16:37 - 2015-02-04 16:37 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2015-02-04 16:35 - 2015-02-04 16:35 - 01388274 _____ (Thisisu) C:\Users\User\Downloads\JRT (2).exe
2015-02-04 16:35 - 2015-02-04 16:35 - 00003974 _____ () C:\Users\User\Desktop\JRT.txt
2015-02-04 16:28 - 2015-02-04 16:28 - 01388274 _____ (Thisisu) C:\Users\User\Downloads\JRT (1).exe
2015-02-04 16:26 - 2015-02-04 16:27 - 01388274 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2015-02-04 15:07 - 2015-02-04 15:07 - 00001093 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-02-04 14:44 - 2015-02-04 14:44 - 02194432 _____ () C:\Users\User\Downloads\AdwCleaner (1).exe
2015-02-03 11:18 - 2015-02-03 11:53 - 00010150 _____ () C:\Users\User\Desktop\Current Financial Position.xlsx
2015-02-02 14:56 - 2015-02-02 14:57 - 00049427 _____ () C:\Users\User\Desktop\Addition.txt
2015-02-02 14:55 - 2015-02-04 16:38 - 00035378 _____ () C:\Users\User\Desktop\FRST.txt
2015-02-02 14:36 - 2015-02-02 14:36 - 02131456 _____ (Farbar) C:\Users\User\Downloads\FRST64 (1).exe
2015-02-02 14:35 - 2015-02-02 14:35 - 01122304 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-01-30 11:10 - 2015-01-30 11:15 - 00092012 _____ () C:\Users\User\Downloads\DTNI 2012 13 EXP PROFILE (41).XLSX
2015-01-26 15:31 - 2015-01-26 15:31 - 00015204 _____ () C:\Users\User\Downloads\Membership list - last paid up as at 19 Jan 2015.xlsx
2015-01-23 10:23 - 2015-01-23 10:23 - 00492544 _____ () C:\Users\User\Downloads\216 DEVELOPMENT TRUST (3).xls
2015-01-23 10:23 - 2015-01-23 10:23 - 00492544 _____ () C:\Users\User\Downloads\216 DEVELOPMENT TRUST (2).xls
2015-01-23 10:22 - 2015-01-23 10:22 - 00492544 _____ () C:\Users\User\Downloads\216 DEVELOPMENT TRUST (1).xls
2015-01-23 09:39 - 2015-01-23 09:40 - 00492544 _____ () C:\Users\User\Downloads\216 DEVELOPMENT TRUST.xls
2015-01-19 15:48 - 2015-01-28 14:26 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-19 15:48 - 2015-01-19 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-19 14:24 - 2015-01-19 14:24 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe
2015-01-19 13:20 - 2015-02-04 14:55 - 00000000 ____D () C:\AdwCleaner
2015-01-19 13:20 - 2015-01-19 13:20 - 02186752 _____ () C:\Users\User\Downloads\AdwCleaner.exe
2015-01-19 13:16 - 2015-01-19 13:18 - 00000000 ____D () C:\Qoobox
2015-01-19 13:15 - 2015-01-19 13:15 - 00000000 ____D () C:\windows\erdnt
2015-01-19 13:14 - 2015-01-19 13:18 - 05608785 _____ (Swearware) C:\Users\User\Downloads\ComboFix.exe
2015-01-19 13:02 - 2015-01-19 13:02 - 00015204 _____ () C:\Users\User\Documents\Membership list - last paid up as at 19 Jan 2015.xlsx
2015-01-19 12:46 - 2015-01-19 12:46 - 00015151 _____ () C:\Users\User\Downloads\Current Membership List (3).xlsx
2015-01-19 12:45 - 2015-01-19 13:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-19 12:41 - 2015-01-19 13:16 - 00000000 ____D () C:\Users\User\Desktop\mbar
2015-01-19 12:40 - 2015-01-19 12:40 - 16448208 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.08.2.1001.exe
2015-01-19 12:31 - 2015-01-19 12:32 - 00049009 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-19 12:29 - 2015-02-04 16:38 - 00000000 ____D () C:\FRST
2015-01-19 12:29 - 2015-02-02 14:38 - 00043011 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-19 12:28 - 2015-01-19 12:28 - 02126848 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-01-16 11:33 - 2015-01-26 15:05 - 00000000 ____D () C:\Users\User\Documents\Board Reports and Agendas
2015-01-16 11:12 - 2015-01-16 11:12 - 00097965 _____ () C:\Users\User\Downloads\DTNI 2012 13 EXP PROFILE (40).XLSX
2015-01-16 09:40 - 2015-01-16 09:40 - 00002356 _____ () C:\EamClean.log
2015-01-15 13:43 - 2015-01-15 13:43 - 00000743 _____ () C:\Users\User\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-15 13:42 - 2015-01-15 13:44 - 00000000 ____D () C:\EEK
2015-01-15 13:39 - 2015-01-15 13:41 - 166345872 _____ () C:\Users\User\Downloads\EmsisoftEmergencyKit.exe
2015-01-15 12:03 - 2015-01-15 12:03 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-01-15 12:03 - 2015-01-15 12:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-15 12:01 - 2015-01-15 12:02 - 18467928 _____ () C:\Users\User\Downloads\RogueKillerX64.exe
2015-01-15 11:50 - 2015-01-15 11:50 - 00359902 _____ () C:\windows\system32\.crusader
2015-01-15 11:31 - 2015-01-15 11:31 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-15 11:31 - 2015-01-15 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-15 11:31 - 2015-01-15 11:31 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-15 11:29 - 2015-01-15 11:50 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-15 11:29 - 2015-01-15 11:30 - 11225840 _____ (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro_x64.exe
2015-01-15 11:28 - 2015-01-15 11:28 - 10285456 _____ (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro.exe
2015-01-15 11:26 - 2015-01-15 11:26 - 00273996 _____ () C:\Users\User\Downloads\ESETPoweliksCleaner.exe_20150115.112624.7312.log
2015-01-15 11:26 - 2015-01-15 11:26 - 00186568 _____ (ESET) C:\Users\User\Downloads\ESETPoweliksCleaner.exe
2015-01-14 11:03 - 2015-02-04 15:05 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 11:02 - 2015-01-19 12:41 - 00096472 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-14 11:02 - 2015-01-14 11:02 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-14 11:02 - 2015-01-14 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 11:02 - 2015-01-14 11:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 11:02 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-14 11:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-14 11:00 - 2015-01-14 11:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-14 10:49 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 10:49 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 10:49 - 2014-12-11 17:47 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 10:49 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 10:49 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 10:49 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-14 10:48 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 10:48 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 10:48 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 10:48 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 10:48 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 10:48 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 10:48 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 10:25 - 2015-01-14 10:25 - 00000000 ____D () C:\windows\pss
2015-01-13 11:11 - 2015-01-13 11:11 - 00000171 _____ () C:\Users\User\Downloads\DTNI Timesheet November 26th 2014 (1).gdoc
2015-01-13 11:10 - 2015-01-13 11:10 - 00000171 _____ () C:\Users\User\Downloads\DTNI Timesheet November 26th 2014.gdoc
2015-01-13 09:07 - 2015-01-13 09:07 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 16:29 - 2014-05-17 16:24 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{A1ABDCEE-4E6E-4CAA-895F-1775C3277BE2}
2015-02-04 16:25 - 2013-05-14 14:38 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 16:06 - 2012-07-10 20:12 - 01052661 _____ () C:\windows\WindowsUpdate.log
2015-02-04 15:49 - 2014-05-20 20:34 - 00004974 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for DTNI-PC02-User DTNI-PC02
2015-02-04 15:25 - 2013-05-14 14:38 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 15:16 - 2009-07-14 04:45 - 00031808 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 15:16 - 2009-07-14 04:45 - 00031808 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 15:07 - 2014-06-17 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-04 15:07 - 2014-06-17 12:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-04 15:07 - 2014-06-14 19:14 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-04 15:03 - 2014-05-14 08:48 - 00000000 ___RD () C:\Users\User\Dropbox
2015-02-04 15:03 - 2014-05-14 08:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-02-04 15:00 - 2014-02-25 11:01 - 00000964 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-02-04 15:00 - 2014-02-25 11:01 - 00000948 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-02-04 14:59 - 2014-05-20 09:35 - 00000000 ___RD () C:\Users\User\OneDrive
2015-02-04 14:58 - 2012-07-10 04:17 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-02-04 14:57 - 2014-06-15 13:43 - 00008618 _____ () C:\windows\setupact.log
2015-02-04 14:57 - 2010-11-21 03:47 - 00878916 _____ () C:\windows\PFRO.log
2015-02-04 14:57 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-04 14:25 - 2014-02-25 11:01 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-02-02 22:02 - 2012-07-10 04:17 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-01-30 15:20 - 2013-05-14 13:42 - 00000000 ____D () C:\Users\avecadmin
2015-01-30 15:18 - 2014-02-25 11:31 - 00000000 ___RD () C:\Users\User\Google Drive
2015-01-30 10:27 - 2014-02-25 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-29 16:50 - 2009-07-14 05:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-28 13:55 - 2014-02-25 11:01 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2015-01-28 13:51 - 2014-02-25 11:01 - 00107392 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll
2015-01-28 13:51 - 2014-02-25 11:01 - 00092520 _____ (LogMeIn, Inc.) C:\windows\system32\LMIinit.dll
2015-01-28 13:51 - 2014-02-25 11:01 - 00035688 _____ (LogMeIn, Inc.) C:\windows\system32\LMIport.dll
2015-01-19 15:48 - 2013-05-14 14:38 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-19 15:47 - 2014-03-03 23:41 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2015-01-19 15:06 - 2014-04-29 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-01-16 09:40 - 2014-05-04 21:42 - 00000000 ____D () C:\Users\User\AppData\Local\SlimWare Utilities Inc
2015-01-15 11:56 - 2014-05-04 21:42 - 00016152 _____ () C:\windows\system32\Drivers\SWDUMon.sys
2015-01-15 11:32 - 2014-03-07 16:24 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-01-05 10:52 - 2013-05-14 14:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-05 10:49 - 2014-05-20 08:47 - 00000000 ____D () C:\Program Files\Microsoft Office 15
 
==================== Files in the root of some directories =======
 
2014-05-05 13:03 - 2014-05-05 13:03 - 0000045 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2012-07-10 05:49 - 2012-07-10 05:50 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-07-10 05:43 - 2012-07-10 05:44 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-07-10 05:47 - 2012-07-10 05:48 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-07-10 05:44 - 2012-07-10 05:47 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-07-10 05:48 - 2012-07-10 05:49 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp15thyi.dll
C:\Users\User\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-04 15:59
 
==================== End Of Log ============================


#4 kevitzchi

kevitzchi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 05 February 2015 - 09:30 AM

This is the MBAM file in txt. file format.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 04/02/2015
Scan Time: 15:05:14
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.04.07
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 482771
Time Elapsed: 34 min, 22 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:37 PM

Posted 05 February 2015 - 11:30 AM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={BB4FD0C9-2EB0-4C58-9372-36C769484890}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-03 08:43:27&v=17.3.1.91&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={BB4FD0C9-2EB0-4C58-9372-36C769484890}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-03 08:43:27&v=18.0.5.292&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={A55F4E7D-FED4-41F8-BBE4-900F45AB7F98}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-21 11:33:51&v=18.0.5.292&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={A55F4E7D-FED4-41F8-BBE4-900F45AB7F98}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-03 08:43:27&v=18.0.5.292&pid=safeguard&sg=&sap=hp
    hxxp://mysearch.avg.com?cid={BB4FD0C9-2EB0-4C58-9372-36C769484890}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-03 08:43:27&v=18.0.5.292&pid=safeguard&sg=&sap=hp
    hxxp://mysearch.avg.com?cid={A55F4E7D-FED4-41F8-BBE4-900F45AB7F98}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-21 11:33:51&v=18.0.5.292&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={A55F4E7D-FED4-41F8-BBE4-900F45AB7F98}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-21 11:33:51&v=18.1.0.443&pid=safeguard&sg=&sap=hp", "hxxp://speedial.com/?f=1&a=spd_secureddownload_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0FtAyByC0E0C0AyBzzyBtN0D0Tzu0SzzyDyDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0E0EtCtDyCyCtDtGyDtCyCyDtGyD0EtC0EtGtCyC0A0DtGtAtC0D0D0AyD0EyCyE0CtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0AzzyD0FzyzzyEtG0AtB0EyEtGzytAzztAtGyByCyEzztGyDtByEyCyDtAtA0A0AzzyE0B2Q&cr=1969514337&ir="
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    Toolbar: HKU\S-1-5-21-3122436482-257910113-1078007541-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
    Toolbar: HKU\S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
    Toolbar: HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    ProxyServer: [S-1-5-21-3122436482-257910113-1078007541-1000] =>
    ProxyServer: [S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] =>
    ProxyServer: [S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] =>
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 kevitzchi

kevitzchi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 08 February 2015 - 02:17 PM

Thank you :)  The mcahine is running much better already.  Here are the first two logs.  I'm about to run the Eset scan and will come back to you after that :)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015
Ran by User at 2015-02-06 13:12:43 Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: UpdatusUser & avecadmin & User & LogMeInRemoteUser (Available profiles: UpdatusUser & avecadmin & User & LogMeInRemoteUser)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={BB4FD0C9-2EB0-4C58-9372-36C769484890}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-03 08:43:27&v=17.3.1.91&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={BB4FD0C9-2EB0-4C58-9372-36C769484890}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-03 08:43:27&v=18.0.5.292&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={A55F4E7D-FED4-41F8-BBE4-900F45AB7F98}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-21 11:33:51&v=18.0.5.292&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={A55F4E7D-FED4-41F8-BBE4-900F45AB7F98}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-03 08:43:27&v=18.0.5.292&pid=safeguard&sg=&sap=hp
hxxp://mysearch.avg.com?cid={BB4FD0C9-2EB0-4C58-9372-36C769484890}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-03 08:43:27&v=18.0.5.292&pid=safeguard&sg=&sap=hp
hxxp://mysearch.avg.com?cid={A55F4E7D-FED4-41F8-BBE4-900F45AB7F98}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-21 11:33:51&v=18.0.5.292&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={A55F4E7D-FED4-41F8-BBE4-900F45AB7F98}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-21 11:33:51&v=18.1.0.443&pid=safeguard&sg=&sap=hp", "hxxp://speedial.com/?f=1&a=spd_secureddownload_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0FtAyByC0E0C0AyBzzyBtN0D0Tzu0SzzyDyDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0E0EtCtDyCyCtDtGyDtCyCyDtGyD0EtC0EtGtCyC0A0DtGtAtC0D0D0AyD0EyCyE0CtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0AzzyD0FzyzzyEtG0AtB0EyEtGzytAzztAtGyByCyEzztGyDtByEyCyDtAtA0A0AzzyE0B2Q&cr=1969514337&ir="
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
Toolbar: HKU\S-1-5-21-3122436482-257910113-1078007541-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
ProxyServer: [S-1-5-21-3122436482-257910113-1078007541-1000] =>
ProxyServer: [S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] =>
ProxyServer: [S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] =>
EmptyTemp:
*****************
 
Chrome StartupUrls deleted successfully.
hxxp://mysearch.avg.com?cid={BB4FD0C9-2EB0-4C58-9372-36C769484890}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-03 08:43:27&v=18.0.5.292&pid=safeguard&sg=&sap=hp => Error: No automatic fix found for this entry.
hxxp://mysearch.avg.com?cid={A55F4E7D-FED4-41F8-BBE4-900F45AB7F98}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-21 11:33:51&v=18.0.5.292&pid=safeguard&sg=&sap=hp", "hxxp://mysearch.avg.com?cid={A55F4E7D-FED4-41F8-BBE4-900F45AB7F98}&mid=941a14f991a147d29609f121dbafd96e-fced076c24e36727317b66698fd8d0119e51de70&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-21 11:33:51&v=18.1.0.443&pid=safeguard&sg=&sap=hp", "hxxp://speedial.com/?f=1&a=spd_secureddownload_14_18_ch&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0A0FtAyByC0E0C0AyBzzyBtN0D0Tzu0SzzyDyDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0E0EtCtDyCyCtDtGyDtCyCyDtGyD0EtC0EtGtCyC0A0DtGtAtC0D0D0AyD0EyCyE0CtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0AzzyD0FzyzzyEtG0AtB0EyEtGzytAzztAtGyByCyEzztGyDtByEyCyDtAtA0A0AzzyE0B2Q&cr=1969514337&ir=" => Error: No automatic fix found for this entry.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. 
HKU\S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-3122436482-257910113-1078007541-1000-{{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-3122436482-257910113-1078007541-1000-{{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. 
HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-3122436482-257910113-1078007541-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-3122436482-257910113-1078007541-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
EmptyTemp: => Removed 1.2 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 13:14:03 ====
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015
Ran by User (administrator) on DTNI-PC02 on 06-02-2015 13:24:20
Running from C:\Users\User\Desktop
Loaded Profiles: UpdatusUser & User (Available profiles: UpdatusUser & avecadmin & User & LogMeInRemoteUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
(Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\ExpressCacheRun64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816336 2012-03-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-27] (Google Inc.)
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\...\MountPoints2: {0469a1cf-fba6-11e1-9e91-806e6f6e6963} - D:\start.exe
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\...\Run: [SkyDrive] => C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-10] (Microsoft Corporation)
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-27] (Google Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3122436482-257910113-1078007541-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.co.uk/
HKU\S-1-5-21-3122436482-257910113-1078007541-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1000 -> {9973CBA2-904B-4B33-8F81-108D5BE02372} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3122436482-257910113-1078007541-1002 -> {9973CBA2-904B-4B33-8F81-108D5BE02372} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p3sz3dun.default
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-05]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-05]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-05]
CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-06-05]
CHR Extension: (Online project management software: Wedoist) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfemlcofmppfkjnndnoakpgekdmkpbn [2014-06-05]
CHR Extension: (AVG Secure Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-02-04]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-05]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-25]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-25]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-25]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-25]
CHR Extension: (Chrome In-App Payments service) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-25]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-25]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
CHR Extension: (McAfee Security Scan+) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-05-04]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-04]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
CHR Extension: (Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-09-15]
CHR Extension: (Online project management software: Wedoist) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\hhfemlcofmppfkjnndnoakpgekdmkpbn [2014-09-15]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
CHR HKU\S-1-5-21-3122436482-257910113-1078007541-1002\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\User\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-16] (Avira Operations GmbH & Co. KG)
S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-15] (SurfRight B.V.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [377704 2015-01-28] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2015-01-28] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft) [File not signed]
R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2013-01-30] (Sage (UK) Limited) [File not signed]
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2015-01-15] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-27] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-15] (Emsisoft GmbH)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 RapportCerberus_80116; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80116.sys [845464 2015-01-07] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2014-12-22] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2014-12-10] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2014-12-22] (IBM Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-01-15] ()
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 SBIOSIO; \??\C:\Users\User\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 11:40 - 2015-02-06 11:40 - 00000857 _____ () C:\Users\User\Downloads\Bernadette McAliskey (1).vcf
2015-02-06 11:39 - 2015-02-06 11:39 - 00000641 _____ () C:\Users\User\Downloads\Betty Carlisle (1).vcf
2015-02-06 09:59 - 2015-02-06 09:59 - 00000641 _____ () C:\Users\User\Downloads\Betty Carlisle.vcf
2015-02-06 09:58 - 2015-02-06 09:58 - 00000857 _____ () C:\Users\User\Downloads\Bernadette McAliskey.vcf
2015-02-06 09:44 - 2015-02-06 09:44 - 00000640 _____ () C:\windows\SysWOW64\SGLCH32.USR
2015-02-04 16:37 - 2015-02-04 16:37 - 02131968 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-02-04 16:37 - 2015-02-04 16:37 - 00000000 ____D () C:\Users\User\Desktop\FRST-OlderVersion
2015-02-04 16:35 - 2015-02-04 16:35 - 01388274 _____ (Thisisu) C:\Users\User\Downloads\JRT (2).exe
2015-02-04 16:35 - 2015-02-04 16:35 - 00003974 _____ () C:\Users\User\Desktop\JRT.txt
2015-02-04 16:28 - 2015-02-04 16:28 - 01388274 _____ (Thisisu) C:\Users\User\Downloads\JRT (1).exe
2015-02-04 16:26 - 2015-02-04 16:27 - 01388274 _____ (Thisisu) C:\Users\User\Downloads\JRT.exe
2015-02-04 15:07 - 2015-02-04 15:07 - 00001093 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-02-04 14:44 - 2015-02-04 14:44 - 02194432 _____ () C:\Users\User\Downloads\AdwCleaner (1).exe
2015-02-03 11:18 - 2015-02-03 11:53 - 00010150 _____ () C:\Users\User\Desktop\Current Financial Position.xlsx
2015-02-02 14:56 - 2015-02-02 14:57 - 00049427 _____ () C:\Users\User\Desktop\Addition.txt
2015-02-02 14:55 - 2015-02-06 13:24 - 00026371 _____ () C:\Users\User\Desktop\FRST.txt
2015-02-02 14:36 - 2015-02-02 14:36 - 02131456 _____ (Farbar) C:\Users\User\Downloads\FRST64 (1).exe
2015-02-02 14:35 - 2015-02-02 14:35 - 01122304 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-01-30 11:10 - 2015-01-30 11:15 - 00092012 _____ () C:\Users\User\Downloads\DTNI 2012 13 EXP PROFILE (41).XLSX
2015-01-26 15:31 - 2015-01-26 15:31 - 00015204 _____ () C:\Users\User\Downloads\Membership list - last paid up as at 19 Jan 2015.xlsx
2015-01-23 10:23 - 2015-01-23 10:23 - 00492544 _____ () C:\Users\User\Downloads\216 DEVELOPMENT TRUST (3).xls
2015-01-23 10:23 - 2015-01-23 10:23 - 00492544 _____ () C:\Users\User\Downloads\216 DEVELOPMENT TRUST (2).xls
2015-01-23 10:22 - 2015-01-23 10:22 - 00492544 _____ () C:\Users\User\Downloads\216 DEVELOPMENT TRUST (1).xls
2015-01-23 09:39 - 2015-01-23 09:40 - 00492544 _____ () C:\Users\User\Downloads\216 DEVELOPMENT TRUST.xls
2015-01-19 15:48 - 2015-02-04 19:29 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-19 15:48 - 2015-01-19 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-19 14:24 - 2015-01-19 14:24 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe
2015-01-19 13:20 - 2015-02-04 14:55 - 00000000 ____D () C:\AdwCleaner
2015-01-19 13:20 - 2015-01-19 13:20 - 02186752 _____ () C:\Users\User\Downloads\AdwCleaner.exe
2015-01-19 13:16 - 2015-01-19 13:18 - 00000000 ____D () C:\Qoobox
2015-01-19 13:15 - 2015-01-19 13:15 - 00000000 ____D () C:\windows\erdnt
2015-01-19 13:14 - 2015-01-19 13:18 - 05608785 _____ (Swearware) C:\Users\User\Downloads\ComboFix.exe
2015-01-19 13:02 - 2015-01-19 13:02 - 00015204 _____ () C:\Users\User\Documents\Membership list - last paid up as at 19 Jan 2015.xlsx
2015-01-19 12:46 - 2015-01-19 12:46 - 00015151 _____ () C:\Users\User\Downloads\Current Membership List (3).xlsx
2015-01-19 12:45 - 2015-01-19 13:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-19 12:41 - 2015-01-19 13:16 - 00000000 ____D () C:\Users\User\Desktop\mbar
2015-01-19 12:40 - 2015-01-19 12:40 - 16448208 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.08.2.1001.exe
2015-01-19 12:31 - 2015-01-19 12:32 - 00049009 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-19 12:29 - 2015-02-06 13:24 - 00000000 ____D () C:\FRST
2015-01-19 12:29 - 2015-02-02 14:38 - 00043011 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-19 12:28 - 2015-01-19 12:28 - 02126848 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-01-16 11:33 - 2015-01-26 15:05 - 00000000 ____D () C:\Users\User\Documents\Board Reports and Agendas
2015-01-16 11:12 - 2015-01-16 11:12 - 00097965 _____ () C:\Users\User\Downloads\DTNI 2012 13 EXP PROFILE (40).XLSX
2015-01-16 09:40 - 2015-01-16 09:40 - 00002356 _____ () C:\EamClean.log
2015-01-15 13:43 - 2015-01-15 13:43 - 00000743 _____ () C:\Users\User\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-15 13:42 - 2015-01-15 13:44 - 00000000 ____D () C:\EEK
2015-01-15 13:39 - 2015-01-15 13:41 - 166345872 _____ () C:\Users\User\Downloads\EmsisoftEmergencyKit.exe
2015-01-15 12:03 - 2015-01-15 12:03 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-01-15 12:03 - 2015-01-15 12:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-15 12:01 - 2015-01-15 12:02 - 18467928 _____ () C:\Users\User\Downloads\RogueKillerX64.exe
2015-01-15 11:50 - 2015-01-15 11:50 - 00359902 _____ () C:\windows\system32\.crusader
2015-01-15 11:31 - 2015-01-15 11:31 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-15 11:31 - 2015-01-15 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-15 11:31 - 2015-01-15 11:31 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-15 11:29 - 2015-01-15 11:50 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-15 11:29 - 2015-01-15 11:30 - 11225840 _____ (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro_x64.exe
2015-01-15 11:28 - 2015-01-15 11:28 - 10285456 _____ (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro.exe
2015-01-15 11:26 - 2015-01-15 11:26 - 00273996 _____ () C:\Users\User\Downloads\ESETPoweliksCleaner.exe_20150115.112624.7312.log
2015-01-15 11:26 - 2015-01-15 11:26 - 00186568 _____ (ESET) C:\Users\User\Downloads\ESETPoweliksCleaner.exe
2015-01-14 11:03 - 2015-02-04 15:05 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 11:02 - 2015-01-19 12:41 - 00096472 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-14 11:02 - 2015-01-14 11:02 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-14 11:02 - 2015-01-14 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-14 11:02 - 2015-01-14 11:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 11:02 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-14 11:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-14 11:00 - 2015-01-14 11:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-14 10:49 - 2014-12-19 03:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 10:49 - 2014-12-19 01:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 10:49 - 2014-12-11 17:47 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 10:49 - 2014-12-06 04:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 10:49 - 2014-12-06 03:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 10:49 - 2014-12-06 03:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-14 10:48 - 2014-12-12 05:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 10:48 - 2014-12-12 05:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 10:48 - 2014-12-12 05:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 10:48 - 2014-12-12 05:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 10:48 - 2014-12-12 05:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 10:48 - 2014-12-12 05:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 10:48 - 2014-12-12 05:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 10:25 - 2015-01-14 10:25 - 00000000 ____D () C:\windows\pss
2015-01-13 11:11 - 2015-01-13 11:11 - 00000171 _____ () C:\Users\User\Downloads\DTNI Timesheet November 26th 2014 (1).gdoc
2015-01-13 11:10 - 2015-01-13 11:10 - 00000171 _____ () C:\Users\User\Downloads\DTNI Timesheet November 26th 2014.gdoc
2015-01-13 09:07 - 2015-01-13 09:07 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 13:26 - 2014-05-20 20:34 - 00004974 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for DTNI-PC02-User DTNI-PC02
2015-02-06 13:25 - 2013-05-14 14:38 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 13:23 - 2012-07-10 20:12 - 01387235 _____ () C:\windows\WindowsUpdate.log
2015-02-06 13:21 - 2014-05-14 08:48 - 00000000 ___RD () C:\Users\User\Dropbox
2015-02-06 13:21 - 2014-05-14 08:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-02-06 13:20 - 2014-05-20 09:35 - 00000000 ___RD () C:\Users\User\OneDrive
2015-02-06 13:18 - 2013-05-14 14:38 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 13:18 - 2012-07-10 04:17 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-02-06 13:17 - 2014-02-25 11:01 - 00000964 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-02-06 13:17 - 2014-02-25 11:01 - 00000948 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-02-06 13:16 - 2014-06-15 13:43 - 00008674 _____ () C:\windows\setupact.log
2015-02-06 13:16 - 2010-11-21 03:47 - 00892776 _____ () C:\windows\PFRO.log
2015-02-06 13:16 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-06 11:00 - 2009-07-14 02:34 - 00000790 _____ () C:\windows\win.ini
2015-02-06 09:58 - 2014-01-29 16:47 - 00791752 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-02-06 09:51 - 2013-05-14 13:42 - 00000000 ____D () C:\Users\avecadmin
2015-02-06 09:46 - 2009-07-14 04:45 - 00031808 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 09:46 - 2009-07-14 04:45 - 00031808 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 09:45 - 2014-05-17 16:24 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{A1ABDCEE-4E6E-4CAA-895F-1775C3277BE2}
2015-02-06 09:30 - 2014-02-25 11:01 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-02-05 20:31 - 2012-07-10 04:17 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-02-04 15:07 - 2014-06-17 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-04 15:07 - 2014-06-17 12:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-04 15:07 - 2014-06-14 19:14 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-30 15:18 - 2014-02-25 11:31 - 00000000 ___RD () C:\Users\User\Google Drive
2015-01-30 10:27 - 2014-02-25 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-29 16:50 - 2009-07-14 05:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-28 13:55 - 2014-02-25 11:01 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2015-01-28 13:51 - 2014-02-25 11:01 - 00107392 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll
2015-01-28 13:51 - 2014-02-25 11:01 - 00092520 _____ (LogMeIn, Inc.) C:\windows\system32\LMIinit.dll
2015-01-28 13:51 - 2014-02-25 11:01 - 00035688 _____ (LogMeIn, Inc.) C:\windows\system32\LMIport.dll
2015-01-19 15:48 - 2013-05-14 14:38 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-19 15:47 - 2014-03-03 23:41 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2015-01-19 15:06 - 2014-04-29 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-01-16 09:40 - 2014-05-04 21:42 - 00000000 ____D () C:\Users\User\AppData\Local\SlimWare Utilities Inc
2015-01-15 11:56 - 2014-05-04 21:42 - 00016152 _____ () C:\windows\system32\Drivers\SWDUMon.sys
2015-01-15 11:32 - 2014-03-07 16:24 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
 
==================== Files in the root of some directories =======
 
2014-05-05 13:03 - 2014-05-05 13:03 - 0000045 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2012-07-10 05:49 - 2012-07-10 05:50 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-07-10 05:43 - 2012-07-10 05:44 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-07-10 05:47 - 2012-07-10 05:48 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-07-10 05:44 - 2012-07-10 05:47 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-07-10 05:48 - 2012-07-10 05:49 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp73qd_k.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-04 15:59
 
==================== End Of Log ============================


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:37 PM

Posted 08 February 2015 - 03:12 PM

OK I'm waiting for the ESET results. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 kevitzchi

kevitzchi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 09 February 2015 - 07:05 AM

All looks good!  Thanks for your assistance :)

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4566fc6f44a6ca47bbfec8abe0179ed2
# engine=22368
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-08 09:42:21
# local_time=2015-02-08 09:42:21 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 9771 22224561 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 190231 175896791 0 0
# scanned=195017
# found=0
# cleaned=0
# scan_time=5709


#9 kevitzchi

kevitzchi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 09 February 2015 - 07:29 AM

OK I think I may have spoken too soon.  I went into task manager and there still numerous dubious looking chrome processes running in the background.  The machine seems to be running a little more smoothly and when I do open Chrome, only one tab opens, as before 5/6 opened.

 

 I've attached a screen shot.

Attached Files



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:37 PM

Posted 09 February 2015 - 08:26 AM

The multiple Chrome processes are normal. The more tabs are open the more processes get created.

So, any other issues? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 kevitzchi

kevitzchi
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 09 February 2015 - 08:31 AM

OK thank you.  I just thought it strange, as even when I only have one tab open, there are 6 chrome processes running.

 

No, no other issues, thanks!  



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:37 PM

Posted 09 February 2015 - 09:39 AM

Hello,
in my opinion your PC is clean. :) My help is of course completely free of charge but if you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I'd really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:37 PM

Posted 14 February 2015 - 07:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users