Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random website pops up whenever i start PC.


  • This topic is locked This topic is locked
10 replies to this topic

#1 Haruka

Haruka

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 22 April 2015 - 01:14 PM

Hi.

 

Whenever I start my computer a weird website pops up. Can you please help me? Here are my FRST logs.

 

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015
Ran by Poyan (administrator) on KYOU on 22-04-2015 20:09:31
Running from C:\Users\Poyan\Documents\FRST\FRST
Loaded Profiles: Poyan (Available profiles: Poyan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-10] (Avast Software s.r.o.)
HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\...\Run: [CMD] => cmd.exe /c start http://zenigameblinger.org && exit <===== ATTENTION
HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\...\MountPoints2: {de43d2e8-dd6e-11e2-8a7f-d43d7e942789} - E:\autorun.exe
IFEO\avz.exe: [Debugger] svchost.exe
IFEO\CCleaner.exe: [Debugger] svchost.exe
IFEO\CCleaner64.exe: [Debugger] svchost.exe
IFEO\regedit.exe: [Debugger] svchost.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-10] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-10] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] ()
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-10] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-2486235572-1616634865-2212172251-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
DPF: HKLM-x32 {F0320816-41D9-49DD-B2F3-8E7B0AE32796} http://afupd1.afreeca.com:9091/AFC/AFCStarter.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()
Tcpip\Parameters: [DhcpNameServer] 46.239.89.102

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.0.1.5 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2014-05-12] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: application/AFCStarter -> C:\Windows\Downloaded Program Files\npAFCStarter.dll [2013-05-15] (© AfreecaTV)
FF Plugin HKU\S-1-5-21-2486235572-1616634865-2212172251-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-20]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-14]
CHR Extension: (Google Drive) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-14]
CHR Extension: (YouTube) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-14]
CHR Extension: (Adblock Plus) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-15]
CHR Extension: (Google Search) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-14]
CHR Extension: (Google Wallet) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-14]
CHR Extension: (Gmail) - C:\Users\Poyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-10] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-17] (Avast Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-23] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-10] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-10] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-10] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-10] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-10] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-10] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-25] (DT Soft Ltd)
S3 IAMTVE; C:\Windows\system32\drivers\IAMTVE.sys [43416 2010-11-30] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\drivers\IAMTXPE.sys [51096 2010-11-30] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-12-02] (Intel Corporation)
S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-03-14] ()
S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-05-14] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-23] (Todos Data System AB)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-17] (Avast Software)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 20:09 - 2015-04-22 20:09 - 00000000 ____D () C:\FRST
2015-04-18 00:35 - 2015-04-22 07:17 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-18 00:35 - 2015-04-22 07:17 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-18 00:34 - 2015-04-18 00:34 - 00000000 ____D () C:\Users\Poyan\AppData\Local\Rockstar Games
2015-04-18 00:33 - 2015-04-19 20:41 - 00000080 _____ () C:\Users\Poyan\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-18 00:33 - 2015-04-18 00:34 - 00000000 ____D () C:\Users\Poyan\Documents\Rockstar Games
2015-04-10 09:07 - 2015-04-10 09:07 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-10 09:07 - 2015-04-10 09:07 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-22 20:08 - 2014-10-20 08:32 - 00000000 ____D () C:\Users\Poyan\Documents\FRST
2015-04-22 20:07 - 2013-09-03 20:56 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-22 20:07 - 2009-07-14 06:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-22 20:07 - 2009-07-14 06:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-22 20:05 - 2010-11-21 13:38 - 00663074 _____ () C:\Windows\system32\perfh01D.dat
2015-04-22 20:05 - 2010-11-21 13:38 - 00141874 _____ () C:\Windows\system32\perfc01D.dat
2015-04-22 20:05 - 2009-07-14 07:13 - 01578190 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-22 20:03 - 2013-06-20 15:59 - 01614681 _____ () C:\Windows\WindowsUpdate.log
2015-04-22 19:59 - 2013-09-03 20:56 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-22 19:59 - 2013-06-20 21:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-22 19:59 - 2013-06-18 14:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-22 19:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-22 19:59 - 2009-07-14 06:51 - 00181400 _____ () C:\Windows\setupact.log
2015-04-22 19:50 - 2009-07-14 07:08 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-20 23:01 - 2013-06-21 18:39 - 00000000 ____D () C:\Users\Poyan\AppData\Roaming\Synthesia
2015-04-20 06:46 - 2014-06-17 23:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-04-20 06:46 - 2014-06-17 23:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-04-19 20:50 - 2014-06-17 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-18 19:10 - 2014-08-10 20:41 - 00000000 ____D () C:\Program Files (x86)\osu!
2015-04-18 00:26 - 2013-06-20 22:21 - 00000000 ____D () C:\Users\Poyan\AppData\Roaming\uTorrent
2015-04-17 09:18 - 2014-03-31 23:57 - 00002158 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-16 06:37 - 2013-06-20 21:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-13 23:31 - 2013-10-26 20:55 - 00000000 ____D () C:\Users\Poyan\AppData\Local\Battle.net
2015-04-13 23:03 - 2013-10-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-10 20:45 - 2010-11-21 05:47 - 00600574 _____ () C:\Windows\PFRO.log
2015-04-10 09:07 - 2014-04-25 06:01 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-10 09:07 - 2013-12-27 06:39 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-10 09:07 - 2013-06-20 21:18 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-10 09:07 - 2013-06-20 21:18 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-10 09:07 - 2013-06-20 21:18 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-10 09:07 - 2013-06-20 21:18 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-10 09:07 - 2013-06-20 21:18 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-10 09:07 - 2013-06-20 21:18 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-05 12:59 - 2014-05-18 20:34 - 00000000 ____D () C:\Users\Poyan\AppData\Roaming\TS3Client
2015-04-03 16:02 - 2013-10-26 20:57 - 00000000 ____D () C:\Program Files (x86)\Hearthstone

==================== Files in the root of some directories =======

2013-06-20 21:18 - 2013-06-20 21:30 - 4096000 _____ () C:\Program Files (x86)\GUTD4BD.tmp

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-18 18:39

 

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2015
Ran by Poyan at 2015-04-22 20:10:12
Running from C:\Users\Poyan\Documents\FRST\FRST
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
µTorrent (HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\...\uTorrent) (Version: 3.4.2.34024 - BitTorrent Inc.)
¾ÆÇÁ¸®Ä«TV streamer Á¦°Å (HKLM-x32\...\afreecastreamer) (Version:  - )
Adblock Plus för IE (32-bitars och 64-bitars) (HKLM\...\{789FA9EC-180F-44C6-97AC-E99A8997A6E7}) (Version: 1.4 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple-programstöd (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2215 - AVAST Software)
BankID säkerhetsprogram (HKLM-x32\...\{4B2557F9-8C03-4BE7-9984-4DE525076580}) (Version: 6.0.1.5 - Finansiell ID-Teknik BID AB)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Combined Community Codec Pack 2011-07-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve )
DreadOut (HKLM-x32\...\DreadOut_is1) (Version:  - )
Everlasting Summer (HKLM-x32\...\Steam App 331470) (Version:  - Soviet Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Ikaruga Demo (HKLM-x32\...\Steam App 287440) (Version:  - Treasure)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{9085041D-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
NVIDIA 3D Vision drivrutin 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA 3D Vision drivrutin för styrenhet 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafikdrivrutin 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD audiodrivrutin 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
osu! (HKLM-x32\...\{8062912b-1893-451f-bb93-6aa29197fbf9}) (Version: latest - ppy Pty Ltd)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Prince of Persia - The Two Thrones (HKLM-x32\...\Prince of Persia - The Two Thrones_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Starship Troopers (HKLM-x32\...\Starship Troopers_is1) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Street Fighter IV: Arcade Edition (HKLM-x32\...\Steam App 45760) (Version:  - Capcom)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Warcraft II Battle.NET Edition 2.02 (HKLM-x32\...\Warcraft II Battle.NET Edition) (Version: 2.02 - Blizzard Entertainment)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

03-01-2015 21:08:32 Schemalagd kontrollpunkt
10-01-2015 21:58:06 Schemalagd kontrollpunkt
18-01-2015 19:27:16 Schemalagd kontrollpunkt
26-01-2015 08:21:32 Schemalagd kontrollpunkt
09-02-2015 08:08:59 Schemalagd kontrollpunkt
16-02-2015 08:28:38 Schemalagd kontrollpunkt
25-02-2015 19:31:51 Schemalagd kontrollpunkt
26-02-2015 06:52:05 Installed Adblock Plus for IE (32-bit and 64-bit)
09-03-2015 09:40:23 Schemalagd kontrollpunkt
16-03-2015 10:02:08 Schemalagd kontrollpunkt
17-03-2015 22:27:08 avast! antivirus system restore point
30-03-2015 20:49:52 Schemalagd kontrollpunkt
10-04-2015 09:06:42 avast! antivirus system restore point
18-04-2015 18:46:22 Schemalagd kontrollpunkt
19-04-2015 20:48:49 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0363741F-3FBB-4842-9A23-330CAFBA6B82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {103C8AB9-866C-4241-B82E-1406ED8E176A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {12A984FA-F99E-4FC4-9E8B-21DAA8E79E95} - System32\Tasks\{C360528F-27DC-4FC2-A00D-75BEC79BED2A} => pcalua.exe -a "F:\1\New Folder (3)\Thief_Master_Thief_Edition\setup.exe" -d "F:\1\New Folder (3)\Thief_Master_Thief_Edition"
Task: {2B6BFF8D-0C81-4A91-81A9-6C3D259EE940} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-10] (Avast Software s.r.o.)
Task: {54337BC2-D972-41EF-8CC4-09E13298A5ED} - System32\Tasks\{201A5556-AC39-4C65-9EBA-CB1ED553A9DC} => pcalua.exe -a "C:\Users\Poyan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RYIS9TN\AdobeAIRInstaller (1).exe" -d C:\Users\Poyan\Desktop
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-06-18 14:45 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-11-09 20:08 - 2013-11-23 01:10 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-04-10 09:07 - 2015-04-10 09:07 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-10 09:07 - 2015-04-10 09:07 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-22 19:51 - 2015-04-22 19:51 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15042202\algo.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-06 17:05 - 2015-03-10 08:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-21 06:42 - 2014-12-02 02:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-21 06:42 - 2014-12-02 02:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-21 06:42 - 2014-12-02 02:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-22 05:40 - 2015-04-14 01:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-28 22:13 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 22:13 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 22:13 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 22:13 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-28 22:13 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-06-06 14:06 - 2015-04-14 01:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-03-17 22:29 - 2015-03-17 22:29 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-03-26 16:16 - 2015-02-25 03:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-09-02 15:40 - 2013-09-02 15:40 - 01430488 _____ () C:\Program Files (x86)\WOT\WOT.dll
2015-04-22 19:59 - 2015-04-22 19:59 - 00098816 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32api.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00110080 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\pywintypes27.dll
2015-04-22 19:59 - 2015-04-22 19:59 - 00364544 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\pythoncom27.dll
2015-04-22 19:59 - 2015-04-22 19:59 - 00045568 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_socket.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 01161216 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_ssl.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00320512 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32com.shell.shell.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00713216 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_hashlib.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 01175040 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._core_.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00805888 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._gdi_.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00811008 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._windows_.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 01062400 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._controls_.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00735232 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._misc_.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00682496 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\pysqlite2._sqlite.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00128512 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_elementtree.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00127488 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\pyexpat.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00087552 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_ctypes.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00119808 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32file.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00108544 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32security.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00007168 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\hashobjs_ext.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00167936 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32gui.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00018432 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32event.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00038912 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32inet.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00011264 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32crypt.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00070656 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._html2.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00027136 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_multiprocessing.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00020480 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_yappi.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00035840 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32process.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00686080 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\unicodedata.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00122368 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._wizard.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00024064 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32pipe.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00010240 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\select.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00025600 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32pdh.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00525640 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\windows._lib_cacheinvalidation.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00017408 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32profile.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00022528 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32ts.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00078336 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._animate.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2486235572-1616634865-2212172251-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Poyan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 46.239.89.102

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administratör (S-1-5-21-2486235572-1616634865-2212172251-500 - Administrator - Disabled)
Gäst (S-1-5-21-2486235572-1616634865-2212172251-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2486235572-1616634865-2212172251-1003 - Limited - Enabled)
Poyan (S-1-5-21-2486235572-1616634865-2212172251-1001 - Administrator - Enabled) => C:\Users\Poyan

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2015 08:08:21 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Det gick inte att skapa aktiveringskontext för 1. Det finns ett fel i manifest- eller principfilen 2 på rad 3.
Felaktig XML-syntax.

Error: (04/22/2015 08:08:17 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Det gick inte att skapa aktiveringskontext för 1. Det finns ett fel i manifest- eller principfilen 2 på rad 3.
Felaktig XML-syntax.

Error: (04/22/2015 07:59:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2015 07:51:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2015 07:16:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2015 07:16:07 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (04/22/2015 07:16:07 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (04/22/2015 07:16:07 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (04/21/2015 07:49:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2015 07:19:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (04/20/2015 07:05:24 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Plattformens inbyggda programvara har skadat minne över det tidigare systemenergilägesbytet. Sök efter uppdaterad programvara för datorn.

Error: (04/19/2015 04:51:21 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Plattformens inbyggda programvara har skadat minne över det tidigare systemenergilägesbytet. Sök efter uppdaterad programvara för datorn.

Error: (04/18/2015 09:34:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten Steam Client Service kunde inte startas på grund av följande fel:
%%1053

Error: (04/18/2015 09:34:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Steam Client Service skulle ansluta.

Error: (04/12/2015 11:53:33 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Plattformens inbyggda programvara har skadat minne över det tidigare systemenergilägesbytet. Sök efter uppdaterad programvara för datorn.

Error: (04/11/2015 09:09:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten Netman.

Error: (04/11/2015 06:21:52 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Plattformens inbyggda programvara har skadat minne över det tidigare systemenergilägesbytet. Sök efter uppdaterad programvara för datorn.

Error: (04/09/2015 11:00:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten Steam Client Service kunde inte startas på grund av följande fel:
%%1053

Error: (04/09/2015 11:00:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Steam Client Service skulle ansluta.

Error: (04/09/2015 08:49:25 AM) (Source: Disk) (EventID: 11) (User: )
Description: Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk1\DR1.

Microsoft Office Sessions:
=========================
Error: (04/22/2015 08:08:21 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Poyan\Documents\FRST\FRST-OlderVersion\FRST64.exeC:\Users\Poyan\Documents\FRST\FRST-OlderVersion\FRST64.exe0

Error: (04/22/2015 08:08:17 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Poyan\Documents\FRST\FRST-OlderVersion\FRST64.exeC:\Users\Poyan\Documents\FRST\FRST-OlderVersion\FRST64.exe0

Error: (04/22/2015 07:59:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2015 07:51:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2015 07:16:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2015 07:16:07 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (04/22/2015 07:16:07 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (04/22/2015 07:16:07 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (04/21/2015 07:49:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2015 07:19:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: AMD FX™-8320 Eight-Core Processor
Percentage of memory in use: 28%
Total physical RAM: 8141.47 MB
Available physical RAM: 5780.89 MB
Total Pagefile: 16281.13 MB
Available Pagefile: 13742.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:931.51 GB) (Free:576.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (POP_DVD1) (CDROM) (Total:4.23 GB) (Free:0 GB) CDFS
Drive f: (Elements) (Fixed) (Total:1863.01 GB) (Free:108.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DDD7F975)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 001C09CC)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

 

 

 

Regards.



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 22 April 2015 - 06:13 PM

Hello Haruka and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
Are you still with us?

 

:hello:
 
Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Haruka

Haruka
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 23 April 2015 - 01:30 AM

Thanks for taking your time and helping me!



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 23 April 2015 - 01:40 PM

Hi Haruka,

¾ÆÇÁ¸®Ä«TV streamer Á¦°Å (HKLM-x32\...\afreecastreamer) (Version:  - )

Do you recognise this programme?

------------------------------------------------------------------------------
Step 1:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:

Please be sure to run our tools with administrator rights.
 
ComboFix run:
 
* IMPORTANT : 1   Place ComboFix.exe on your Desktop
* IMPORTANT : 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.
 
Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Haruka

Haruka
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 23 April 2015 - 03:05 PM

Hi.

 

Yes I recognise that program "¾ÆÇÁ¸®Ä«TV streamer Á¦°Å (HKLM-x32\...\afreecastreamer) (Version:  - )" It is used to Watch stream on a korean website.

 

Here is the log from malwarebyte Anti-malware: 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-04-23
Scan Time: 20:48:46
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.04.23.05
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Poyan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372452
Time Elapsed: 22 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVZ.EXE, Quarantined, [b58573fc414935019336f39cc44002fe],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER.EXE, Quarantined, [01391e510b7f2115da48b4dc43c132ce],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\REGEDIT.EXE, Quarantined, [62d8d19e6c1eeb4ba14db7dcc93b6f91],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVZ.EXE, Quarantined, [31091b5418726fc706c36629d232768a],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER.EXE, Quarantined, [1c1ed9966327251129f95739e51f728e],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\REGEDIT.EXE, Quarantined, [56e470ff4c3ed85e3eb02f6411f36997],

Registry Values: 7
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVZ.EXE|Debugger, svchost.exe, Quarantined, [b58573fc414935019336f39cc44002fe]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER.EXE|Debugger, svchost.exe, Quarantined, [01391e510b7f2115da48b4dc43c132ce]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\REGEDIT.EXE|Debugger, svchost.exe, Quarantined, [62d8d19e6c1eeb4ba14db7dcc93b6f91]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVZ.EXE|Debugger, svchost.exe, Quarantined, [31091b5418726fc706c36629d232768a]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER.EXE|Debugger, svchost.exe, Quarantined, [1c1ed9966327251129f95739e51f728e]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\REGEDIT.EXE|Debugger, svchost.exe, Quarantined, [56e470ff4c3ed85e3eb02f6411f36997]
PUP.Optional.StartPage.A, HKU\S-1-5-21-2486235572-1616634865-2212172251-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CMD, cmd.exe /c start http://zenigameblinger.org && exit, Quarantined, [42f8bab5a0eabc7a0191b99fec19f907]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.TehSnab, C:\Users\Poyan\Downloads\adobe_flash_setup.exe, Quarantined, [0634175832589b9b8b42df07ac5901ff],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

And here is the Combofix log:

 

ComboFix 15-04-19.01 - Poyan 2015-04-23  21:41:11.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.46.1053.18.8141.6235 [GMT 2:00]
Körs från: c:\users\Poyan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Poyan\AppData\Local\Temp\_MEI39123\_ctypes.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\_elementtree.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\_hashlib.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\_multiprocessing.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\_socket.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\_ssl.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\_yappi.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\hashobjs_ext.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\pyexpat.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\pysqlite2._sqlite.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\python27.dll
c:\users\Poyan\AppData\Local\Temp\_MEI39123\pythoncom27.dll
c:\users\Poyan\AppData\Local\Temp\_MEI39123\PyWinTypes27.dll
c:\users\Poyan\AppData\Local\Temp\_MEI39123\select.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\unicodedata.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\win32api.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\win32com.shell.shell.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\win32crypt.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\win32event.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\win32file.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\win32gui.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\win32inet.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\win32pdh.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\win32pipe.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\win32process.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\win32profile.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\win32security.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\win32ts.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\windows._lib_cacheinvalidation.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\wx._animate.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\wx._controls_.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\wx._core_.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\wx._gdi_.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\wx._html2.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\wx._misc_.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\wx._windows_.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\wx._wizard.pyd
c:\users\Poyan\AppData\Local\Temp\_MEI39123\wxbase294u_net_vc90.dll
c:\users\Poyan\AppData\Local\Temp\_MEI39123\wxbase294u_vc90.dll
c:\users\Poyan\AppData\Local\Temp\_MEI39123\wxmsw294u_adv_vc90.dll
c:\users\Poyan\AppData\Local\Temp\_MEI39123\wxmsw294u_core_vc90.dll
c:\users\Poyan\AppData\Local\Temp\_MEI39123\wxmsw294u_html_vc90.dll
c:\users\Poyan\AppData\Local\Temp\_MEI39123\wxmsw294u_webview_vc90.dll
F:\autorun.inf
.
.
((((((((((((((((((((((((   Filer skapade från 2015-03-23 till 2015-04-23  ))))))))))))))))))))))))))))))
.
.
2015-04-23 19:50 . 2015-04-23 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-22 18:09 . 2015-04-22 18:10 -------- d-----w- C:\FRST
2015-04-17 22:35 . 2015-04-22 05:17 -------- d-----w- c:\program files (x86)\Rockstar Games
2015-04-17 22:35 . 2015-04-22 05:17 -------- d-----w- c:\program files\Rockstar Games
2015-04-17 22:34 . 2015-04-17 22:34 -------- d-----w- c:\users\Poyan\AppData\Local\Rockstar Games
2015-04-10 07:07 . 2015-04-10 07:07 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-10 07:07 . 2015-04-10 07:07 43112 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-23 18:47 . 2014-10-24 19:55 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-10 07:07 . 2014-04-25 04:01 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-10 07:07 . 2013-12-27 04:39 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-10 07:07 . 2013-06-20 19:18 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-10 07:07 . 2013-06-20 19:18 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-10 07:07 . 2013-06-20 19:18 271200 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-10 07:07 . 2013-06-20 19:18 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-10 07:07 . 2013-06-20 19:18 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-10 07:07 . 2013-06-20 19:18 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-20 19:30 . 2013-06-20 19:18 4096000 ----a-w- c:\program files (x86)\GUTD4BD.tmp
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-04-13 2889408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-02-19 26232152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-04-10 5512912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
R3 IAMTVE;Drivrutin för Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTVE.sys;c:\windows\SYSNATIVE\drivers\IAMTVE.sys [x]
R3 IAMTXPE;Drivrutin för Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXPE.sys;c:\windows\SYSNATIVE\drivers\IAMTXPE.sys [x]
R3 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\drivers\ISCTD64.sys;c:\windows\SYSNATIVE\drivers\ISCTD64.sys [x]
R3 iusb3hub;Drivrutin för Intel® USB 3.0 Nav;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
R3 iusb3xhc;Drivrutin för Intel® USB 3.0 Utbyggbar värdstyrenhet;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\DRIVERS\shbecr.sys;c:\windows\SYSNATIVE\DRIVERS\shbecr.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-17 07:10 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2015-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-03 19:50]
.
2015-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-03 19:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-10 07:07 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 13:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 13:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 13:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 13:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 13:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-03-29 7174728]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 46.239.89.102
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andra processer som körs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Sluttid: 2015-04-23  21:55:04 - datorn startades om.
ComboFix-quarantined-files.txt  2015-04-23 19:55
.
Före genomsökningen: 615 999 406 080 byte ledigt
Efter genomsökningen: 619 656 531 968 byte ledigt
.
- - End Of File - - 21E5E6D39800013760FE34A0CD98C9D0
A36C5E4F47E84449FF07ED3517B43A31
 



#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 23 April 2015 - 04:29 PM

Thanks Haruka.
 
Step 1:
FRST Script:
Please download this attached txt.gif  fixlist.txt   4.29KB  0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Regards.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 27 April 2015 - 05:54 PM

Hello,

 

4 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 02 May 2015 - 05:27 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 06 May 2015 - 04:59 PM

This topic has been re-opened at the request of the person who originally posted.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 Haruka

Haruka
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 10 May 2015 - 04:46 PM

Hi, here is the fixlog.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
Ran by Poyan at 2015-05-10 18:46:10 Run:1
Running from C:\Users\Poyan\Documents\FRST\FRST
Loaded Profiles: Poyan (Available profiles: Poyan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
2015-04-22 19:59 - 2015-04-22 19:59 - 00098816 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32api.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00110080 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\pywintypes27.dll
2015-04-22 19:59 - 2015-04-22 19:59 - 00364544 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\pythoncom27.dll
2015-04-22 19:59 - 2015-04-22 19:59 - 00045568 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_socket.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 01161216 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_ssl.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00320512 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32com.shell.shell.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00713216 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_hashlib.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 01175040 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._core_.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00805888 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._gdi_.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00811008 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._windows_.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 01062400 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._controls_.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00735232 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._misc_.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00682496 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\pysqlite2._sqlite.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00128512 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_elementtree.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00127488 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\pyexpat.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00087552 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_ctypes.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00119808 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32file.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00108544 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32security.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00007168 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\hashobjs_ext.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00167936 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32gui.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00018432 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32event.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00038912 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32inet.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00011264 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32crypt.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00070656 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._html2.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00027136 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_multiprocessing.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00020480 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_yappi.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00035840 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32process.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00686080 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\unicodedata.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00122368 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._wizard.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00024064 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32pipe.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00010240 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\select.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00025600 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32pdh.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00525640 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\windows._lib_cacheinvalidation.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00017408 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32profile.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00022528 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32ts.pyd
2015-04-22 19:59 - 2015-04-22 19:59 - 00078336 _____ () C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._animate.pyd
c:\program files (x86)\GUTD4BD.tmp
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32api.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\pywintypes27.dll" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\pythoncom27.dll" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_socket.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_ssl.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32com.shell.shell.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_hashlib.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._core_.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._gdi_.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._windows_.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._controls_.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._misc_.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\pysqlite2._sqlite.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_elementtree.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\pyexpat.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_ctypes.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32file.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32security.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\hashobjs_ext.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32gui.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32event.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32inet.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32crypt.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._html2.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_multiprocessing.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\_yappi.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32process.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\unicodedata.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._wizard.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32pipe.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\select.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32pdh.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\windows._lib_cacheinvalidation.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32profile.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\win32ts.pyd" => File/Directory not found.
"C:\Users\Poyan\AppData\Local\Temp\_MEI36442\wx._animate.pyd" => File/Directory not found.
c:\program files (x86)\GUTD4BD.tmp => Moved successfully.

=========  ipconfig /flushdns =========

IP-konfiguration f�r Windows

DNS-matcharens cacheminne har rensats.

========= End of CMD: =========

=========  netsh winsock reset all =========

Winsock-katalogen har nollst�llts.
Du m�ste starta om datorn f�r att slutf�ra nollst�llningen.

========= End of CMD: =========

=========  netsh int ipv4 reset =========

�terst�llning av Gr�nssnitt, OK!
Slutf�r �tg�rden genom att starta om datorn.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

�terst�llning av Gr�nssnitt, OK!
Slutf�r �tg�rden genom att starta om datorn.

========= End of CMD: =========

EmptyTemp: => Removed 2.3 GB temporary data.

The system needed a reboot.

==== End of Fixlog 18:49:04 ====

 

Here is the ADWcleaner log:

 

# AdwCleaner v4.203 - Logfile created 10/05/2015 at 23:28:09
# Updated 30/04/2015 by Xplode
# Database : 2015-05-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Poyan - KYOU
# Running from : C:\Users\Poyan\Desktop\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\plarium.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.16618

-\\ Google Chrome v42.0.2311.135

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [1268 bytes] - [10/05/2015 23:26:54]
AdwCleaner[S0].txt - [1205 bytes] - [10/05/2015 23:28:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1264  bytes] ##########

 

here is the JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.0 (05.09.2015:1)
OS: Windows 7 Home Premium x64
Ran by Poyan on 2015-05-10 at 23:33:52,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{71576546-354D-41C9-AAE8-31F2EC22BF0D}

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-05-10 at 23:36:33,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Thanks for the help! : )



#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 14 September 2015 - 04:33 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users