Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SecurityHelper.dll trojan infection


  • This topic is locked This topic is locked
12 replies to this topic

#1 Catinhat

Catinhat

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 12 March 2015 - 01:53 PM

Hello,

I have problems removing this trojan (SecurityHelper.dll) from my pc. AVG started detecting it about a week or two ago (after a rather unfortunate run-in with uTorrent), but it keeps popping back up with every reboot. It also seems to generate a slew of infected tmp. files in Program data/Microsoft/Security/Client folder. I have since ran numerous virus removal tools, but even herdProtect failed to detect the root of the problem. Attatched are the FRST scans I have done.

Thanks in advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:51 AM

Posted 12 March 2015 - 03:26 PM

:welcome:

Hello Catinhat,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Catinhat

Catinhat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 12 March 2015 - 04:12 PM

Alright, here goes:

 

Security Check results

 

 Results of screen317's Security Check version 0.99.97  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox (36.0.1)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm zatray.exe  
 CheckPoint ZoneAlarm ZaPrivacyService.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

--------------------------------------------------------------------------------

 

Malwarebytes scan results

 

No malware was found.

 

--------------------------------------------------------------------------------

 

AdwCleaner log

 

# AdwCleaner v4.112 - Logfile created 12/03/2015 at 21:57:38
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Meles Meles - MELESMELES-PC
# Running from : C:\Users\Meles Meles\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Meles Meles\AppData\Roaming\Mozilla\Firefox\Profiles\iqyoinwe.default\searchplugins\zonealarm.xml
File Found : C:\Users\Meles Meles\AppData\Roaming\Mozilla\Firefox\Profiles\iqyoinwe.default\user.js
Folder Found : C:\Program Files (x86)\Check Point Software Technologies LTD
Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found : C:\Users\Meles Meles\AppData\Roaming\Check Point Software Technologies LTD
Folder Found : C:\Users\MELESM~1\AppData\Local\Temp\mt_ffx

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Found : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Found : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v36.0.1 (x86 hu)

[iqyoinwe.default] - Line Found : user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&gu=215c79b8acea42dc8d9cbd2fdf0f7056&tu=10G9y00Im2D33N0&sku=&tstsId=&ver=&&q=");
[iqyoinwe.default] - Line Found : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=215c79b8acea42dc8d9cbd2fdf0f7056&tu=10G9y00Im2D33N0&sku=&tstsId=&ver=&&q=");
[iqyoinwe.default] - Line Found : user_pref("keyword.URL", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&gu=215c79b8acea42dc8d9cbd2fdf0f7056&tu=10G9y00Im2D33N0&sku=&tstsId=&ver=&&q=");
*************************

AdwCleaner[R0].txt - [4874 bytes] - [12/03/2015 21:57:38]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4933 bytes] ##########

 

-------------------------------------------------------------------------------------------------------------------------------------------

 

And that's all. Also, I wouldn't want ZoneAlarm or DAEMON deleted, if that's what this means?

Thank you for the fast reply!


Edited by Catinhat, 12 March 2015 - 04:18 PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:51 AM

Posted 12 March 2015 - 04:34 PM

Hello Catinhat,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Catinhat

Catinhat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 12 March 2015 - 05:17 PM

SecurityHelper.dll persists!

AVG says: BackDoor.Generic18.BTFW, the name c:/ProgramData/Microsoft/Security/Client/SecurityHelper.dll

Also, I forgot to say before - I have tried to restore my system to an earlier point before posting this thread, but it failed. The error message said one of the files couldn't be acessed, if I remember correctly.

Here are the logs you asked for:

 

AdwCleaner

 

# AdwCleaner v4.112 - Logfile created 12/03/2015 at 22:41:59
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Meles Meles - MELESMELES-PC
# Running from : C:\Users\Meles Meles\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\Check Point Software Technologies LTD
Folder Deleted : C:\Users\MELESM~1\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\Meles Meles\AppData\Roaming\Check Point Software Technologies LTD
File Deleted : C:\Users\Meles Meles\AppData\Roaming\Mozilla\Firefox\Profiles\iqyoinwe.default\searchplugins\zonealarm.xml
File Deleted : C:\Users\Meles Meles\AppData\Roaming\Mozilla\Firefox\Profiles\iqyoinwe.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v36.0.1 (x86 hu)

[iqyoinwe.default\prefs.js] - Line Deleted : user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&gu=215c79b8acea42dc8d9cbd2fdf0f7056&tu=10G9y00Im2D33N0&sku=&tstsId=&ver=&&q=");
[iqyoinwe.default\prefs.js] - Line Deleted : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=215c79b8acea42dc8d9cbd2fdf0f7056&tu=10G9y00Im2D33N0&sku=&tstsId=&ver=&&q=");
[iqyoinwe.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&gu=215c79b8acea42dc8d9cbd2fdf0f7056&tu=10G9y00Im2D33N0&sku=&tstsId=&ver=&&q=");

*************************

AdwCleaner[R0].txt - [5032 bytes] - [12/03/2015 21:57:38]
AdwCleaner[R1].txt - [5091 bytes] - [12/03/2015 22:40:08]
AdwCleaner[S0].txt - [4897 bytes] - [12/03/2015 22:41:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4956  bytes] ##########
 

--------------------------------------------------------------------------------------------------------------------------

 

Junkware Removal

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Ultimate x64
Ran by Meles Meles on 2015.03.12. at 22:49:26,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015.03.12. at 22:52:51,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

------------------------------------------------------------------------------------------------------------------------

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Meles Meles (administrator) on MELESMELES-PC on 12-03-2015 23:04:11
Running from C:\Users\Meles Meles\Desktop
Loaded Profiles: Meles Meles (Available profiles: Meles Meles)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: magyar (Magyarország)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
(BitTorrent Inc.) C:\Users\Meles Meles\AppData\Roaming\uTorrent\uTorrent.exe
(Dell) C:\Users\Meles Meles\AppData\Local\Apps\2.0\4L0A4PPJ.6H5\7O0Z5MK8.04D\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe
() C:\Program Files (x86)\TP-LINK\TL-WN321G\COMMON\TWCU.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-2164468382-3904358654-1612140977-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [691656 2009-04-23] (DT Soft Ltd)
HKU\S-1-5-21-2164468382-3904358654-1612140977-1000\...\Run: [uTorrent] => C:\Users\Meles Meles\AppData\Roaming\uTorrent\uTorrent.exe [1742928 2015-03-04] (BitTorrent Inc.)
HKU\S-1-5-21-2164468382-3904358654-1612140977-1000\...\Run: [DellSystemDetect] => C:\Users\Meles Meles\AppData\Local\Apps\2.0\4L0A4PPJ.6H5\7O0Z5MK8.04D\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2015-02-02] (Dell)
HKU\S-1-5-21-2164468382-3904358654-1612140977-1000\...\MountPoints2: {720d2e08-aaf1-11e4-9b05-acf07e2f6c26} - H:\setup_vmb_lite.exe /checkApplicationPresence
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TL-WN321G Wireless Utility.lnk
ShortcutTarget: TL-WN321G Wireless Utility.lnk -> C:\Program Files (x86)\TP-LINK\TL-WN321G\COMMON\TWCU.exe ()
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2164468382-3904358654-1612140977-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Meles Meles\AppData\Roaming\Mozilla\Firefox\Profiles\iqyoinwe.default
FF SearchEngineOrder.1: Search By ZoneAlarm
FF SelectedSearchEngine: Search By ZoneAlarm
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-09] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-09] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2009-09-25] (Wacom, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sztaki-en-hu.xml [2014-11-26]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\vatera.xml [2014-11-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S2 RalinkRegistryWriter; C:\Program Files (x86)\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe [69632 2009-01-05] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2015-02-02] () [File not signed]
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)
U3 a75ihujo; C:\Windows\System32\Drivers\a75ihujo.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 22:52 - 2015-03-12 22:52 - 00000629 _____ () C:\Users\Meles Meles\Desktop\JRT.txt
2015-03-12 22:46 - 2015-03-12 22:47 - 01388333 _____ (Thisisu) C:\Users\Meles Meles\Desktop\JRT.exe
2015-03-12 22:45 - 2015-03-12 22:45 - 00005052 _____ () C:\Users\Meles Meles\Desktop\AdwCleaner[S0].txt
2015-03-12 22:01 - 2015-03-12 22:01 - 00005032 _____ () C:\Users\Meles Meles\Desktop\AdwCleaner[R0].txt
2015-03-12 21:57 - 2015-03-12 22:42 - 00000000 ____D () C:\AdwCleaner
2015-03-12 21:43 - 2015-03-12 21:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-12 21:43 - 2015-03-12 21:43 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-12 21:42 - 2015-03-12 21:55 - 00000000 ____D () C:\Users\Meles Meles\Desktop\mbar
2015-03-12 21:42 - 2015-03-12 21:42 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-12 21:39 - 2015-03-12 21:39 - 00000833 _____ () C:\Users\Meles Meles\Desktop\checkup.txt
2015-03-12 21:35 - 2015-03-12 21:35 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Meles Meles\Desktop\mbar-1.09.1.1004.exe
2015-03-12 21:35 - 2015-03-12 21:35 - 02171392 _____ () C:\Users\Meles Meles\Desktop\AdwCleaner.exe
2015-03-12 21:34 - 2015-03-12 21:34 - 00852604 _____ () C:\Users\Meles Meles\Desktop\SecurityCheck.exe
2015-03-12 19:34 - 2015-03-12 23:04 - 00011606 _____ () C:\Users\Meles Meles\Desktop\FRST.txt
2015-03-12 19:34 - 2015-03-12 19:35 - 00024391 _____ () C:\Users\Meles Meles\Desktop\Addition.txt
2015-03-12 19:33 - 2015-03-12 23:04 - 00000000 ____D () C:\FRST
2015-03-12 19:22 - 2015-03-12 19:22 - 02095616 _____ (Farbar) C:\Users\Meles Meles\Desktop\FRST64.exe
2015-03-12 06:39 - 2015-03-12 08:48 - 00000000 ____D () C:\Users\Meles Meles\Desktop\Scanner_Portable
2015-03-12 02:16 - 2015-03-12 02:16 - 00000000 _____ () C:\autoexec.bat
2015-03-10 23:57 - 2015-03-12 05:10 - 00000000 ____D () C:\Program Files (x86)\ABC Amber Palm Converter
2015-03-10 23:57 - 2015-03-10 23:57 - 00001062 _____ () C:\Users\Meles Meles\Desktop\ABC Amber Palm Converter.lnk
2015-03-10 23:56 - 2015-03-12 05:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProcessText Group
2015-03-10 23:56 - 2015-03-12 05:10 - 00000000 ____D () C:\Program Files (x86)\ABC Amber LIT Converter
2015-03-10 23:56 - 2015-03-10 23:56 - 00001052 _____ () C:\Users\Meles Meles\Desktop\ABC Amber LIT Converter.lnk
2015-03-10 23:56 - 2015-03-10 23:56 - 00000000 ____D () C:\Users\Meles Meles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProcessText Group
2015-03-10 12:59 - 2015-03-12 05:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-03-10 12:59 - 2015-03-10 12:59 - 00431395 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2015-03-10 12:59 - 2015-03-10 12:59 - 00000762 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2015-03-10 12:57 - 2015-03-10 12:59 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2015-03-10 12:56 - 2015-03-10 12:56 - 00000000 ____D () C:\ProgramData\CheckPoint
2015-03-10 12:17 - 2015-03-10 12:17 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-03-10 12:17 - 2015-03-10 12:17 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-03-09 15:35 - 2015-03-12 05:10 - 00000000 ____D () C:\Windows\system32\Macromed
2015-03-09 15:35 - 2015-03-09 15:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-09 15:35 - 2015-03-09 15:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-09 15:35 - 2015-03-09 15:35 - 00000000 ____D () C:\Users\Meles Meles\AppData\Local\Macromedia
2015-03-06 08:27 - 2015-03-12 05:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-01 05:54 - 2015-03-01 06:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-01 05:54 - 2015-03-01 05:54 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-02-25 05:17 - 2015-03-12 01:51 - 00000000 ____D () C:\Users\Meles Meles\AppData\Local\Idsoft
2015-02-25 05:16 - 2015-03-12 01:56 - 00000000 ____D () C:\Users\Meles Meles\AppData\Local\Icsoft
2015-02-21 05:00 - 2015-03-10 12:43 - 00000000 ____D () C:\Users\Meles Meles\AppData\Roaming\Malwarebytes
2015-02-21 05:00 - 2015-02-21 05:01 - 00000000 ____D () C:\ProgramData\Malwarebytes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 23:04 - 2015-02-08 19:48 - 00000000 ____D () C:\Users\Meles Meles\AppData\Roaming\uTorrent
2015-03-12 22:51 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-12 22:51 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-12 22:48 - 2011-04-12 11:42 - 00681942 _____ () C:\Windows\system32\perfh00E.dat
2015-03-12 22:48 - 2011-04-12 11:42 - 00169972 _____ () C:\Windows\system32\perfc00E.dat
2015-03-12 22:48 - 2009-07-14 06:13 - 01623538 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-12 22:47 - 2015-02-02 15:22 - 00187914 _____ () C:\Windows\WindowsUpdate.log
2015-03-12 22:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-12 22:44 - 2009-07-14 05:51 - 00031947 _____ () C:\Windows\setupact.log
2015-03-12 14:13 - 2015-02-02 16:33 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-12 08:48 - 2015-02-02 16:27 - 00000000 ____D () C:\Windows\AutoKMS
2015-03-12 05:37 - 2015-02-08 18:43 - 00000000 ____D () C:\Users\Meles Meles\AppData\Roaming\WTablet
2015-03-12 05:10 - 2015-02-08 18:42 - 00000000 ____D () C:\Windows\system32\WTablet
2015-03-12 05:10 - 2015-02-02 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-12 05:10 - 2015-02-02 16:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-12 05:10 - 2015-02-02 16:03 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-03-12 05:10 - 2015-02-02 15:39 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-12 05:10 - 2015-02-02 15:34 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
2015-03-12 05:10 - 2015-02-02 15:28 - 00000000 ____D () C:\Program Files\7-Zip
2015-03-12 05:10 - 2015-02-02 15:21 - 00000000 ____D () C:\Users\Meles Meles
2015-03-12 05:10 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-03-12 05:10 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-12 05:10 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-03-12 05:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Speech
2015-03-12 05:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-03-12 05:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-12 05:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-12 01:49 - 2010-11-21 04:47 - 00150122 _____ () C:\Windows\PFRO.log
2015-03-10 23:56 - 2015-02-02 15:21 - 00000000 ____D () C:\Users\Meles Meles\AppData\Local\VirtualStore
2015-03-09 15:35 - 2015-02-08 18:59 - 00000000 ____D () C:\Users\Meles Meles\AppData\Local\Adobe
2015-03-03 09:20 - 2015-02-02 16:34 - 00000000 ____D () C:\ProgramData\AVG2015
2015-03-01 05:56 - 2015-02-08 19:02 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-01 05:55 - 2015-02-08 18:59 - 00000000 ____D () C:\Users\Meles Meles\AppData\Roaming\Adobe
2015-03-01 05:54 - 2015-02-08 19:03 - 00000000 ____D () C:\Program Files (x86)\Adobe

Some content of TEMP:
====================
C:\Users\Meles Meles\AppData\Local\Temp\ose00000.exe
C:\Users\Meles Meles\AppData\Local\Temp\Quarantine.exe
C:\Users\Meles Meles\AppData\Local\Temp\sqlite3.dll
C:\Users\Meles Meles\AppData\Local\Temp\utt9B84.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 05:20

==================== End Of Log ============================

 

----------------------------------------------------------------------------------------------------------

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Meles Meles at 2015-03-12 23:04:44
Running from C:\Users\Meles Meles\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
FW: AVG Internet Security 2015 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2164468382-3904358654-1612140977-1000\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABC Amber LIT Converter (HKLM-x32\...\ABC Amber LIT Converter) (Version:  - )
ABC Amber Palm Converter (HKLM-x32\...\ABC Amber Palm Converter) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{3EB745BA-194F-4475-9164-B20BB2172395}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Hungarian (HKLM-x32\...\{AC76BA86-7AD7-1038-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Ashampoo Burning Studio 15 v.15.0.0 (HKLM-x32\...\{91B33C97-5B38-0A92-D04A-A0F26F3F87D4}_is1) (Version: 15.0.0 - Ashampoo GmbH & Co. KG)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4306 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{64973F6A-8754-43D1-BDD0-FC6F0546347B}) (Version: 14.4.6.2 - Broadcom Corporation)
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Corel Painter 13 - IPM (Version: 13.1 - Corel Corporation) Hidden
Corel Painter 13 - IPM Content (Version: 13.1 - Corel Corporation) Hidden
Corel Painter X3 (HKLM\...\_{EF449371-6B69-49C8-B789-76A0B0E3446B}) (Version: 13.0.1.920 - Corel Corporation)
Dell System Detect (HKU\S-1-5-21-2164468382-3904358654-1612140977-1000\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Geometer (HKLM-x32\...\Geometer) (Version:  - )
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version:  - HDS)
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
K-Lite Mega Codec Pack 10.8.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.0 - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET-keretrendszer 4.5 HUN nyelvi csomag (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1038) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 hu) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 hu)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Painter 13 - Contentx64 (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - Core (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - Corex64 (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - DE (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - EN (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - FR (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - Setup Files (Version: 13.1 - Corel Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
SeaMonkey (2.6) (HKLM-x32\...\SeaMonkey (2.6)) (Version: 2.6 (hu) - Mozilla)
Sweet Home 3D version 4.5 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
TL-WN321G Wireless Utility (HKLM-x32\...\{1FF78023-EFA4-491F-9F5A-284DE97AA326}) (Version: 1.0.3.0 - TP-LINK)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom Tablet (HKLM-x32\...\Wacom Tablet Driver) (Version:  - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.4 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.3 - Wacom Technology Corp.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
ZoneAlarm Firewall (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.3.209.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar  (HKU\S-1-5-21-2164468382-3904358654-1612140977-1000\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

18-02-2015 02:37:05 Ütemezett ellenőrzési pont
25-02-2015 23:03:59 Ütemezett ellenőrzési pont
10-03-2015 17:56:01 Ütemezett ellenőrzési pont
12-03-2015 05:01:08 Helyreállítási művelet

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1E4BCC1B-6364-43CD-A36E-F57F8D766DEF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {33350DA6-328A-4BE9-8D91-DD682B3BDAD8} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Meles_20Meles => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [2010-11-04] (H.D.S. Hungary)
Task: {89AC7227-79E2-4E31-A5D2-49E7CBCC9955} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B5D793A2-01FB-4E85-A608-0ACF8FB259F4} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {E530FBE9-B59E-4F65-98FB-53A96D81C914} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {EF58C69D-3246-47F0-98A3-DB2CB598E7F2} - System32\Tasks\AdobeAAMUpdater-1.0-MelesMeles-PC-Meles Meles => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {F58D160D-68F2-406F-AC54-7D4E5DA2BBF2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) ==============

2015-02-08 18:29 - 2009-05-04 11:45 - 01785856 _____ () C:\Program Files (x86)\TP-LINK\TL-WN321G\COMMON\TWCU.exe
2015-02-19 04:56 - 2015-02-19 04:56 - 02622464 _____ () C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll
2015-03-12 22:50 - 2015-03-12 22:50 - 02165760 _____ () C:\ProgramData\Microsoft\Security\Client\SecurityHelper.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2164468382-3904358654-1612140977-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Meles Meles\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Meles Meles (S-1-5-21-2164468382-3904358654-1612140977-1000 - Administrator - Enabled) => C:\Users\Meles Meles
Rendszergazda (S-1-5-21-2164468382-3904358654-1612140977-500 - Administrator - Disabled)
Vendég (S-1-5-21-2164468382-3904358654-1612140977-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 36%
Total physical RAM: 3995.65 MB
Available physical RAM: 2556.83 MB
Total Pagefile: 7989.5 MB
Available Pagefile: 6305.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:107.73 GB) (Free:77.29 GB) NTFS
Drive d: () (Fixed) (Total:125 GB) (Free:114.61 GB) NTFS
Drive h: () (Fixed) (Total:97.65 GB) (Free:97.53 GB) NTFS
Drive i: (1_2TB) (Fixed) (Total:1299.6 GB) (Free:1299.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 00000080)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=125 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 00028D02)
Partition 1: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1299.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by Catinhat, 12 March 2015 - 05:22 PM.


#6 Jo*

Jo*

  • Malware Response Team
  • 3,453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:51 AM

Posted 13 March 2015 - 07:07 AM

Hello Catinhat,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
EmptyTemp:
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
c:/ProgramData/Microsoft/Security/Client/SecurityHelper.dll
U3 a75ihujo; C:\Windows\System32\Drivers\a75ihujo.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.



***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 Catinhat

Catinhat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 13 March 2015 - 07:48 AM

Hello,

I think it was a success! :D

After FRST rebooted my pc, the trojan didn't appear! Thank you very much! Is there anything else I need to do?

Oh, and here are the logs:

 

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Meles Meles at 2015-03-13 13:32:03 Run:1
Running from C:\Users\Meles Meles\Desktop
Loaded Profiles: Meles Meles (Available profiles: Meles Meles)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
EmptyTemp:
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
c:/ProgramData/Microsoft/Security/Client/SecurityHelper.dll
U3 a75ihujo; C:\Windows\System32\Drivers\a75ihujo.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
end
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider" => Key deleted successfully.
"HKCR\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637}" => Key deleted successfully.
c:/ProgramData/Microsoft/Security/Client/SecurityHelper.dll => Error: No automatic fix found for this entry.
a75ihujo => Service not found.
VGPU => Service deleted successfully.
EmptyTemp: => Removed 767.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:36:42 ====

 

-----------------------------------------------------------------------------------------------

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Meles Meles (administrator) on MELESMELES-PC on 13-03-2015 13:40:11
Running from C:\Users\Meles Meles\Desktop
Loaded Profiles: Meles Meles (Available profiles: Meles Meles)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: magyar (Magyarország)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
(BitTorrent Inc.) C:\Users\Meles Meles\AppData\Roaming\uTorrent\uTorrent.exe
(Dell) C:\Users\Meles Meles\AppData\Local\Apps\2.0\4L0A4PPJ.6H5\7O0Z5MK8.04D\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe
() C:\Program Files (x86)\TP-LINK\TL-WN321G\COMMON\TWCU.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-2164468382-3904358654-1612140977-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [691656 2009-04-23] (DT Soft Ltd)
HKU\S-1-5-21-2164468382-3904358654-1612140977-1000\...\Run: [uTorrent] => C:\Users\Meles Meles\AppData\Roaming\uTorrent\uTorrent.exe [1742928 2015-03-04] (BitTorrent Inc.)
HKU\S-1-5-21-2164468382-3904358654-1612140977-1000\...\Run: [DellSystemDetect] => C:\Users\Meles Meles\AppData\Local\Apps\2.0\4L0A4PPJ.6H5\7O0Z5MK8.04D\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2015-02-02] (Dell)
HKU\S-1-5-21-2164468382-3904358654-1612140977-1000\...\MountPoints2: {720d2e08-aaf1-11e4-9b05-acf07e2f6c26} - H:\setup_vmb_lite.exe /checkApplicationPresence
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TL-WN321G Wireless Utility.lnk
ShortcutTarget: TL-WN321G Wireless Utility.lnk -> C:\Program Files (x86)\TP-LINK\TL-WN321G\COMMON\TWCU.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2164468382-3904358654-1612140977-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Meles Meles\AppData\Roaming\Mozilla\Firefox\Profiles\iqyoinwe.default
FF SearchEngineOrder.1: Search By ZoneAlarm
FF SelectedSearchEngine: Search By ZoneAlarm
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-09] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-09] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2009-09-25] (Wacom, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sztaki-en-hu.xml [2014-11-26]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\vatera.xml [2014-11-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 RalinkRegistryWriter; C:\Program Files (x86)\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe [69632 2009-01-05] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [270816 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-01-16] (AVG Technologies CZ, s.r.o.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2015-02-02] () [File not signed]
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)
U3 aqmxl9t1; C:\Windows\System32\Drivers\aqmxl9t1.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 22:52 - 2015-03-12 22:52 - 00000629 _____ () C:\Users\Meles Meles\Desktop\JRT.txt
2015-03-12 22:46 - 2015-03-12 22:47 - 01388333 _____ (Thisisu) C:\Users\Meles Meles\Desktop\JRT.exe
2015-03-12 22:45 - 2015-03-12 22:45 - 00005052 _____ () C:\Users\Meles Meles\Desktop\AdwCleaner[S0].txt
2015-03-12 22:01 - 2015-03-12 22:01 - 00005032 _____ () C:\Users\Meles Meles\Desktop\AdwCleaner[R0].txt
2015-03-12 21:57 - 2015-03-12 22:42 - 00000000 ____D () C:\AdwCleaner
2015-03-12 21:43 - 2015-03-12 21:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-12 21:43 - 2015-03-12 21:43 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-12 21:42 - 2015-03-12 21:55 - 00000000 ____D () C:\Users\Meles Meles\Desktop\mbar
2015-03-12 21:42 - 2015-03-12 21:42 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-12 21:39 - 2015-03-12 21:39 - 00000833 _____ () C:\Users\Meles Meles\Desktop\checkup.txt
2015-03-12 21:35 - 2015-03-12 21:35 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Meles Meles\Desktop\mbar-1.09.1.1004.exe
2015-03-12 21:35 - 2015-03-12 21:35 - 02171392 _____ () C:\Users\Meles Meles\Desktop\AdwCleaner.exe
2015-03-12 21:34 - 2015-03-12 21:34 - 00852604 _____ () C:\Users\Meles Meles\Desktop\SecurityCheck.exe
2015-03-12 19:34 - 2015-03-13 13:41 - 00011270 _____ () C:\Users\Meles Meles\Desktop\FRST.txt
2015-03-12 19:34 - 2015-03-12 23:04 - 00012685 _____ () C:\Users\Meles Meles\Desktop\Addition.txt
2015-03-12 19:33 - 2015-03-13 13:40 - 00000000 ____D () C:\FRST
2015-03-12 19:22 - 2015-03-12 19:22 - 02095616 _____ (Farbar) C:\Users\Meles Meles\Desktop\FRST64.exe
2015-03-12 06:39 - 2015-03-12 08:48 - 00000000 ____D () C:\Users\Meles Meles\Desktop\Scanner_Portable
2015-03-12 02:16 - 2015-03-12 02:16 - 00000000 _____ () C:\autoexec.bat
2015-03-10 23:57 - 2015-03-12 05:10 - 00000000 ____D () C:\Program Files (x86)\ABC Amber Palm Converter
2015-03-10 23:57 - 2015-03-10 23:57 - 00001062 _____ () C:\Users\Meles Meles\Desktop\ABC Amber Palm Converter.lnk
2015-03-10 23:56 - 2015-03-12 05:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProcessText Group
2015-03-10 23:56 - 2015-03-12 05:10 - 00000000 ____D () C:\Program Files (x86)\ABC Amber LIT Converter
2015-03-10 23:56 - 2015-03-10 23:56 - 00001052 _____ () C:\Users\Meles Meles\Desktop\ABC Amber LIT Converter.lnk
2015-03-10 23:56 - 2015-03-10 23:56 - 00000000 ____D () C:\Users\Meles Meles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProcessText Group
2015-03-10 12:59 - 2015-03-12 05:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-03-10 12:59 - 2015-03-10 12:59 - 00431395 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2015-03-10 12:59 - 2015-03-10 12:59 - 00000762 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2015-03-10 12:57 - 2015-03-10 12:59 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2015-03-10 12:56 - 2015-03-10 12:56 - 00000000 ____D () C:\ProgramData\CheckPoint
2015-03-10 12:17 - 2015-03-10 12:17 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-03-10 12:17 - 2015-03-10 12:17 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-03-09 15:35 - 2015-03-12 05:10 - 00000000 ____D () C:\Windows\system32\Macromed
2015-03-09 15:35 - 2015-03-09 15:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-09 15:35 - 2015-03-09 15:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-09 15:35 - 2015-03-09 15:35 - 00000000 ____D () C:\Users\Meles Meles\AppData\Local\Macromedia
2015-03-06 08:27 - 2015-03-12 05:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-01 05:54 - 2015-03-01 06:44 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-01 05:54 - 2015-03-01 05:54 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-02-25 05:17 - 2015-03-12 01:51 - 00000000 ____D () C:\Users\Meles Meles\AppData\Local\Idsoft
2015-02-25 05:16 - 2015-03-12 01:56 - 00000000 ____D () C:\Users\Meles Meles\AppData\Local\Icsoft
2015-02-21 05:00 - 2015-03-10 12:43 - 00000000 ____D () C:\Users\Meles Meles\AppData\Roaming\Malwarebytes
2015-02-21 05:00 - 2015-02-21 05:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-19 21:26 - 2015-02-19 21:26 - 00270816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 13:40 - 2015-02-08 19:48 - 00000000 ____D () C:\Users\Meles Meles\AppData\Roaming\uTorrent
2015-03-13 13:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-13 13:37 - 2015-02-02 15:22 - 00200009 _____ () C:\Windows\WindowsUpdate.log
2015-03-13 13:37 - 2010-11-21 04:47 - 00150428 _____ () C:\Windows\PFRO.log
2015-03-13 13:37 - 2009-07-14 05:51 - 00032171 _____ () C:\Windows\setupact.log
2015-03-13 12:16 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-13 12:16 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-13 12:14 - 2011-04-12 11:42 - 00681942 _____ () C:\Windows\system32\perfh00E.dat
2015-03-13 12:14 - 2011-04-12 11:42 - 00169972 _____ () C:\Windows\system32\perfc00E.dat
2015-03-13 12:14 - 2009-07-14 06:13 - 01623538 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-13 12:06 - 2015-02-02 16:33 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-13 12:03 - 2015-02-02 16:35 - 00000977 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-03-13 12:03 - 2015-02-02 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-12 08:48 - 2015-02-02 16:27 - 00000000 ____D () C:\Windows\AutoKMS
2015-03-12 05:37 - 2015-02-08 18:43 - 00000000 ____D () C:\Users\Meles Meles\AppData\Roaming\WTablet
2015-03-12 05:10 - 2015-02-08 18:42 - 00000000 ____D () C:\Windows\system32\WTablet
2015-03-12 05:10 - 2015-02-02 16:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-12 05:10 - 2015-02-02 16:03 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-03-12 05:10 - 2015-02-02 15:39 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-12 05:10 - 2015-02-02 15:34 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
2015-03-12 05:10 - 2015-02-02 15:28 - 00000000 ____D () C:\Program Files\7-Zip
2015-03-12 05:10 - 2015-02-02 15:21 - 00000000 ____D () C:\Users\Meles Meles
2015-03-12 05:10 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-03-12 05:10 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-12 05:10 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-03-12 05:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Speech
2015-03-12 05:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-03-12 05:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-12 05:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-10 23:56 - 2015-02-02 15:21 - 00000000 ____D () C:\Users\Meles Meles\AppData\Local\VirtualStore
2015-03-09 15:35 - 2015-02-08 18:59 - 00000000 ____D () C:\Users\Meles Meles\AppData\Local\Adobe
2015-03-03 09:20 - 2015-02-02 16:34 - 00000000 ____D () C:\ProgramData\AVG2015
2015-03-01 05:56 - 2015-02-08 19:02 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-01 05:55 - 2015-02-08 18:59 - 00000000 ____D () C:\Users\Meles Meles\AppData\Roaming\Adobe
2015-03-01 05:54 - 2015-02-08 19:03 - 00000000 ____D () C:\Program Files (x86)\Adobe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 05:20

==================== End Of Log ============================

 

--------------------------------------------------------------------------------------------------------

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Meles Meles at 2015-03-13 13:41:14
Running from C:\Users\Meles Meles\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2164468382-3904358654-1612140977-1000\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABC Amber LIT Converter (HKLM-x32\...\ABC Amber LIT Converter) (Version:  - )
ABC Amber Palm Converter (HKLM-x32\...\ABC Amber Palm Converter) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{3EB745BA-194F-4475-9164-B20BB2172395}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Hungarian (HKLM-x32\...\{AC76BA86-7AD7-1038-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Ashampoo Burning Studio 15 v.15.0.0 (HKLM-x32\...\{91B33C97-5B38-0A92-D04A-A0F26F3F87D4}_is1) (Version: 15.0.0 - Ashampoo GmbH & Co. KG)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
AVG 2015 (Version: 15.0.4306 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{64973F6A-8754-43D1-BDD0-FC6F0546347B}) (Version: 14.4.6.2 - Broadcom Corporation)
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Corel Painter 13 - IPM (Version: 13.1 - Corel Corporation) Hidden
Corel Painter 13 - IPM Content (Version: 13.1 - Corel Corporation) Hidden
Corel Painter X3 (HKLM\...\_{EF449371-6B69-49C8-B789-76A0B0E3446B}) (Version: 13.0.1.920 - Corel Corporation)
Dell System Detect (HKU\S-1-5-21-2164468382-3904358654-1612140977-1000\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Geometer (HKLM-x32\...\Geometer) (Version:  - )
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version:  - HDS)
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
K-Lite Mega Codec Pack 10.8.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.0 - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET-keretrendszer 4.5 HUN nyelvi csomag (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1038) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 hu) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 hu)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Painter 13 - Contentx64 (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - Core (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - Corex64 (Version: 13.0 - Corel Corporation) Hidden
Painter 13 - DE (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - EN (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - FR (Version: 13.1 - Corel Corporation) Hidden
Painter 13 - Setup Files (Version: 13.1 - Corel Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
SeaMonkey (2.6) (HKLM-x32\...\SeaMonkey (2.6)) (Version: 2.6 (hu) - Mozilla)
Sweet Home 3D version 4.5 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
TL-WN321G Wireless Utility (HKLM-x32\...\{1FF78023-EFA4-491F-9F5A-284DE97AA326}) (Version: 1.0.3.0 - TP-LINK)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom Tablet (HKLM-x32\...\Wacom Tablet Driver) (Version:  - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.4 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.3 - Wacom Technology Corp.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
ZoneAlarm Firewall (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.3.209.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar  (HKU\S-1-5-21-2164468382-3904358654-1612140977-1000\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

18-02-2015 02:37:05 Ütemezett ellenőrzési pont
25-02-2015 23:03:59 Ütemezett ellenőrzési pont
10-03-2015 17:56:01 Ütemezett ellenőrzési pont
12-03-2015 05:01:08 Helyreállítási művelet

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1E4BCC1B-6364-43CD-A36E-F57F8D766DEF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {33350DA6-328A-4BE9-8D91-DD682B3BDAD8} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Meles_20Meles => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [2010-11-04] (H.D.S. Hungary)
Task: {89AC7227-79E2-4E31-A5D2-49E7CBCC9955} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B5D793A2-01FB-4E85-A608-0ACF8FB259F4} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {E530FBE9-B59E-4F65-98FB-53A96D81C914} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {EF58C69D-3246-47F0-98A3-DB2CB598E7F2} - System32\Tasks\AdobeAAMUpdater-1.0-MelesMeles-PC-Meles Meles => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {F58D160D-68F2-406F-AC54-7D4E5DA2BBF2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) ==============

2015-02-08 18:29 - 2009-01-05 16:15 - 00069632 _____ () C:\Program Files (x86)\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe
2015-02-08 18:29 - 2009-05-04 11:45 - 01785856 _____ () C:\Program Files (x86)\TP-LINK\TL-WN321G\COMMON\TWCU.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2164468382-3904358654-1612140977-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Meles Meles\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Meles Meles (S-1-5-21-2164468382-3904358654-1612140977-1000 - Administrator - Enabled) => C:\Users\Meles Meles
Rendszergazda (S-1-5-21-2164468382-3904358654-1612140977-500 - Administrator - Disabled)
Vendég (S-1-5-21-2164468382-3904358654-1612140977-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2015 01:38:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2015 00:09:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2015 11:56:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2015 11:07:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/13/2015 01:37:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/13/2015 00:06:21 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: A szolgáltatás (AVGIDSAgent) leállt a következő szolgáltatásspecifikus hibával: %%-536753635

Error: (03/13/2015 00:06:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: A szolgáltatás (AVGIDSAgent) leállt a következő szolgáltatásspecifikus hibával: %%-536753635

Error: (03/13/2015 00:06:10 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: A szolgáltatás (AVGIDSAgent) leállt a következő szolgáltatásspecifikus hibával: %%-536753635

Error: (03/13/2015 00:06:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: A szolgáltatás (AVGIDSAgent) leállt a következő szolgáltatásspecifikus hibával: %%-536753635

Error: (03/13/2015 00:06:08 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: A szolgáltatás (AVGIDSAgent) leállt a következő szolgáltatásspecifikus hibával: %%-536753635

Error: (03/13/2015 00:06:07 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: A szolgáltatás (AVGIDSAgent) leállt a következő szolgáltatásspecifikus hibával: %%-536753635

Error: (03/13/2015 00:06:06 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: A szolgáltatás (AVGIDSAgent) leállt a következő szolgáltatásspecifikus hibával: %%-536753635

Error: (03/13/2015 00:06:05 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: A szolgáltatás (AVGIDSAgent) leállt a következő szolgáltatásspecifikus hibával: %%-536753635

Error: (03/13/2015 00:06:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: A szolgáltatás (AVGIDSAgent) leállt a következő szolgáltatásspecifikus hibával: %%-536753635


Microsoft Office Sessions:
=========================
Error: (03/13/2015 01:38:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2015 00:09:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2015 11:56:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2015 11:07:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 38%
Total physical RAM: 3995.65 MB
Available physical RAM: 2469.18 MB
Total Pagefile: 7989.5 MB
Available Pagefile: 6380.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:107.73 GB) (Free:77.83 GB) NTFS
Drive d: () (Fixed) (Total:125 GB) (Free:114.61 GB) NTFS
Drive h: () (Fixed) (Total:97.65 GB) (Free:97.53 GB) NTFS
Drive i: (1_2TB) (Fixed) (Total:1299.6 GB) (Free:1299.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 00000080)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=125 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 00028D02)
Partition 1: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1299.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 Jo*

Jo*

  • Malware Response Team
  • 3,453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:51 AM

Posted 13 March 2015 - 08:01 AM

Hello Catinhat,
 

---


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Catinhat

Catinhat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 13 March 2015 - 10:09 AM

Hey Jo,

the pc seems to be running perfectly, and none of the scans found anything malicious, except for a few potentially unwanted apps! :D

Below are the results.

Also, may I delete the stuff I was required to download during our discussion now?

 

Malwarebytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Vizsgálat dátuma: 2015.03.13.
Vizsgálat ideje: 14:15:04
Naplófájl: Mbam scan.txt
Rendszergazda: Igen

Verzió: 2.00.4.1028
Malware adatbázis: v2015.03.13.05
Rootkit adatbázis: v2015.02.25.01
Licenc: Free
Malware védelem: Letiltva
Rosszindulatú webhelyek elleni védelem: Letiltva
Önvédelmi: Letiltva

OS: Windows 7 Service Pack 1
CPU: x64
Fájlrendszer: NTFS
Felhasználó: Meles Meles

Vizsgálati típus: Mélyvizsgálat
Eredmény: Kész
Átvizsgált objektum: 336001
Eltelt idő: 11 p., 45 mp

Memória: Engedélyezve
Indítópult: Engedélyezve
Fájlrendszer: Engedélyezve
Archívumok: Engedélyezve
Rootkitek: Letiltva
Heurisztikus: Engedélyezve
PUP: Figyelmeztetés
PUM: Engedélyezve

Folyamat: 0
(Nem észleltem rosszindulatú elemeket)

Modulok: 0
(Nem észleltem rosszindulatú elemeket)

Beállításkulcs: 0
(Nem észleltem rosszindulatú elemeket)

Beállításazonosító: 0
(Nem észleltem rosszindulatú elemeket)

Beállításjegyzék adatok: 0
(Nem észleltem rosszindulatú elemeket)

Mappa: 0
(Nem észleltem rosszindulatú elemeket)

Fájl: 0
(Nem észleltem rosszindulatú elemeket)

Fizikai szektorok: 0
(Nem észleltem rosszindulatú elemeket)


(end)

 

-----------------------------------------------------------------------

 

ESET

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmEng.dll.vir    a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exe.vir    a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Meles Meles\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe.vir    Win32/Toolbar.Montiera.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Meles Meles\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe.vir    Win32/Toolbar.Montiera.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Meles Meles\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe.vir    Win32/Toolbar.Montiera.E potentially unwanted application
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Program Files (x86)\CheckPoint\Install\zatb.exe    Win32/Toolbar.Montiera.I potentially unwanted application
D:\$RECYCLE.BIN\S-1-5-21-2164468382-3904358654-1612140977-1000\$RIEF4AK.exe    a variant of Win32/Toolbar.Conduit.AI potentially unwanted application
D:\Progs\bsplayer261.1065.exe    Win32/Toolbar.Conduit potentially unwanted application
D:\Progs\installer.exe    a variant of Win32/4Shared.T potentially unwanted application
D:\Progs\slicesetup.exe    a variant of Win32/Toolbar.Conduit.I potentially unwanted application
D:\Progs\zafwSetupWeb_133_209_000.exe    Win32/Toolbar.Conduit potentially unwanted application
D:\Progs\Zone Alarm new ver\zafwSetupWeb_110_768_000.exe    Win32/Toolbar.Conduit potentially unwanted application
 



#10 Jo*

Jo*

  • Malware Response Team
  • 3,453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:51 AM

Posted 13 March 2015 - 10:19 AM

Hello Catinhat,

well done. :)

It Appears That Your Pc Is Now Clean!
 

***


Clean up:


***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
 
start
EmptyTemp:
DeleteQuarantine:
end

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.
 

***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***


Here are some Preventive tips to reduce the potential for spyware infection in the future:

1. Browse more secure2. Enable Protected Mode in Internet Explorer. This helps Windows Vista, 7 / 8 users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Make sure you keep your Windows OS current.
  • Windows XP is no longer supported from MS.
    This is a security risk anyway.
  • Windows Vista / 7 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
4. Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
5. Use only one anti-virus software and keep it up-to-date.

6. Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

7. Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

8. Use Strong passwords!

9. Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
https://secunia.com/vulnerability_scanning/personal/


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 Catinhat

Catinhat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 13 March 2015 - 10:38 AM

Hey Jo,

thank you very much for your help! I cannot believe you guys offer this kind of service for free, but I am very grateful! I will certainly sing praises of bleepingcomputer to anyone I come across from now on! XD

Thanks again!



#12 Catinhat

Catinhat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 13 March 2015 - 10:52 AM

Oh, sorry, but I just noticed ZoneAlarm and AVG icons disappeared from my desktop tray (right side). Can I get them back somehow? Are they still running normally? They seem to be, but just make sure...

 

Edit: Problem solved, sorry for the trouble! ^^'


Edited by Catinhat, 13 March 2015 - 11:07 AM.


#13 Jo*

Jo*

  • Malware Response Team
  • 3,453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:51 AM

Posted 13 March 2015 - 11:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users