Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ESET online scanner shows Threats found# MSIL/FakeTool.PS trojan


  • This topic is locked This topic is locked
12 replies to this topic

#1 rachit18

rachit18

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 31 May 2015 - 06:40 AM

Hello,

 

My computer has been running quite slow for sometime and IE is behaving weird. IE icon on desktop and in start menu shows some chinese characters and every time i open IE, it goes to a chinese website (

 

I ran ESET Online scanner and it says Threats found!

MSIL/FakeTool.PS trojan.

 

Can someone please help me to remove this from my pc.

 

Thanks

Rachit18



BC AdBot (Login to Remove)

 


#2 rachit18

rachit18
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 31 May 2015 - 09:00 AM

Result of ESET online scanner
 
C:\Users\All Users\SweetIM\Messenger\update\sweetimsetup.exe a variant of Win32/SweetIM.L potentially unwanted application
C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VS030VTU.004 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VS440DQO.G94 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VS6NHEJJ.013 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VS6NHEJJ.099 Win32/RiskWare.PEMalform.B application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VS6NHEKC.O2G Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VS6NHEKC.O5C Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VS831MRS.02K Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSAEG650.G17 Win32/RiskWare.PEMalform.B application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSALHJFO.826 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSALHJFO.835 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSALHJFO.83B Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSAM1EKL.G21 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSAM1EKL.G23 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSAM1EKL.G2J Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSENHEJ0.81S Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSENHEJ0.821 Win32/RiskWare.PEMalform.B application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSENHEJ0.8JO Win32/RiskWare.PEMalform.B application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSENHEJR.G1P Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSENHEJR.G35 Win32/RiskWare.PEMalform.B application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSENHEJR.G7F Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSENHEKE.O0Q Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSENHEKE.O91 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSENHEKU.G1I Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSENHEKU.G28 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSENHEKU.G2F Win32/RiskWare.PEMalform.B application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSENHJFG.01P Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSG30HMG.OEC Win32/RiskWare.PEMalform.B application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSG30SQG.OTS a variant of Win32/SweetIM.L potentially unwanted application deleted - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSG30SQG.P2R Win32/RiskWare.PEMalform.B application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSG31EJ2.813 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSG31EJ2.88O Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSG31EJ2.895 Win32/RiskWare.PEMalform.B application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSG31EJ9.G1D Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSG31EJ9.G2B Win32/RiskWare.PEMalform.B application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSG31EJ9.G2F Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSG31EJ9.G58 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSG31EJ9.GFF Win32/RiskWare.PEMalform.B application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSICHMQP.02H Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSJEGVTC.O06 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSJO1EJI.017 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSJO1EJI.01A Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSJO1EJI.02A Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSK41EJS.82G Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSK41EJS.8BJ Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSKAHMR2.033 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSKAHMR2.037 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSKAHMR2.039 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSLFHEIP.80O Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSLFHEIP.80R Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSLFHEIP.80U Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSLFHEIP.891 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSMNG6FE.8P2 a variant of Win32/SweetIM.L potentially unwanted application deleted - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSMNG6FE.90R Win32/RiskWare.PEMalform.B application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSO30UQJ.80B Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSQOHMRJ.O32 Win32/RiskWare.PEMalform.B application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSQOHMRJ.O35 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSRPGRS0.83K Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSRPGRS0.8CT Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSRPGRS0.8KO Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSSG1EJB.G8R Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSSG1EJB.G8U Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSSG1EJB.G95 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VST9HMQG.031 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VST9HMQG.034 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSTCHEK3.0I5 Win32/RiskWare.PEMalform.B application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\OfficeScan Client\Temp\VSTFGHMO.O35 Win32/RiskWare.PEMalform.A application cleaned by deleting - quarantined
C:\ProgramData\SweetIM\Messenger\update\sweetimsetup.exe a variant of Win32/SweetIM.L potentially unwanted application deleted - quarantined
C:\Users\Shubhangi\Downloads\Unconfirmed 54227.crdownload a variant of Win32/Adware.MultiPlug.LP application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LP5UYEE\91[1].js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 PM

Posted 01 June 2015 - 08:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running?
Wait for further instructions.

#4 rachit18

rachit18
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 02 June 2015 - 09:48 AM

Thanks Nasdaq for responding. I have run all the 3 scans and please see the logs you asked posted below:

 

===

1. MBAM

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/6/2015
Scan Time: 12:01:41 AM
Logfile: MBAM Scan log - 2 Jun 2015.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.01.03
Rootkit Database: v2015.05.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: Shubhangi
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374744
Time Elapsed: 1 hr, 4 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 14
PUP.Optional.TNT.A, HKU\S-1-5-21-3137433290-1091954734-1320533106-1005_Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}, Quarantined, [7f082d8893f7a294ccb13823748f19e7], 
PUP.Optional.TNT.A, HKU\S-1-5-21-3137433290-1091954734-1320533106-1005_Classes\TYPELIB\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}, Quarantined, [7f082d8893f7a294ccb13823748f19e7], 
PUP.Optional.TNT.A, HKU\S-1-5-21-3137433290-1091954734-1320533106-1005_Classes\INTERFACE\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}, Quarantined, [7f082d8893f7a294ccb13823748f19e7], 
PUP.Optional.TNT.A, HKU\S-1-5-21-3137433290-1091954734-1320533106-1005_Classes\INTERFACE\{0FEB2313-F89B-4AC6-8153-84025604A06A}, Quarantined, [7f082d8893f7a294ccb13823748f19e7], 
PUP.Optional.TNT.A, HKU\S-1-5-21-3137433290-1091954734-1320533106-1005_Classes\INTERFACE\{30510474-98B5-11CF-BB82-00AA00BDCE0B}, Quarantined, [7f082d8893f7a294ccb13823748f19e7], 
PUP.Optional.TNT.A, HKU\S-1-5-21-3137433290-1091954734-1320533106-1005_Classes\INTERFACE\{52C5395B-1FCD-47FA-A834-FD830701C2D5}, Quarantined, [7f082d8893f7a294ccb13823748f19e7], 
PUP.Optional.TNT.A, HKU\S-1-5-21-3137433290-1091954734-1320533106-1005_Classes\INTERFACE\{762D463B-C45A-456D-A80D-8689C297C91E}, Quarantined, [7f082d8893f7a294ccb13823748f19e7], 
PUP.Optional.TNT.A, HKU\S-1-5-21-3137433290-1091954734-1320533106-1005_Classes\INTERFACE\{7A6BE473-7960-44D0-BD54-D23DA76353DF}, Quarantined, [7f082d8893f7a294ccb13823748f19e7], 
PUP.Optional.TNT.A, HKU\S-1-5-21-3137433290-1091954734-1320533106-1005_Classes\INTERFACE\{803F550E-BAAE-42BB-8917-64BA0006AB17}, Quarantined, [7f082d8893f7a294ccb13823748f19e7], 
PUP.Optional.TNT.A, HKU\S-1-5-21-3137433290-1091954734-1320533106-1005_Classes\INTERFACE\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}, Quarantined, [7f082d8893f7a294ccb13823748f19e7], 
PUP.Optional.TNT.A, HKU\S-1-5-21-3137433290-1091954734-1320533106-1005_Classes\INTERFACE\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}, Quarantined, [7f082d8893f7a294ccb13823748f19e7], 
PUP.Optional.TNT.A, HKU\S-1-5-21-3137433290-1091954734-1320533106-1005_Classes\INTERFACE\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}, Quarantined, [7f082d8893f7a294ccb13823748f19e7], 
PUP.Optional.TNT.A, HKU\S-1-5-21-3137433290-1091954734-1320533106-1005_Classes\INTERFACE\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}, Quarantined, [7f082d8893f7a294ccb13823748f19e7], 
PUP.Optional.TNT.A, HKU\S-1-5-21-3137433290-1091954734-1320533106-1005_Classes\INTERFACE\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}, Quarantined, [7f082d8893f7a294ccb13823748f19e7], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
===


#5 rachit18

rachit18
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 02 June 2015 - 09:50 AM

3. Farbar log
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by Shubhangi (administrator) on SHUBHANGI on 02-06-2015 22:13:04
Running from C:\Users\Shubhangi\Desktop\Farbar
Loaded Profiles: Shubhangi & UpdatusUser (Available Profiles: Shubhangi & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
() C:\ProgramData\DatacardService\DCService.exe
(MyDrivers.com) C:\Program Files\MyDrivers\DriverGenius2013\dgservice.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
(Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo OneKey Theater\OneKeyTheater.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\CarbonitePreinstaller.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe
(Lenovo) C:\Program Files\Lenovo\VeriFace\PManage.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Google Inc.) C:\Users\Shubhangi\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(BitTorrent Inc.) C:\Users\Shubhangi\AppData\Roaming\BitTorrent\BitTorrent.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\Temp\pccntupd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-04-28] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1398056 2008-11-20] (Synaptics, Inc.)
HKLM\...\Run: [OneKey Theater] => C:\Program Files\Lenovo\Lenovo OneKey Theater\OneKeyTheater.exe [860160 2009-01-10] (Lenovo)
HKLM\...\Run: [CarboniteSetupLite] => C:\Program Files\Carbonite\CarbonitePreinstaller.exe [296080 2008-11-04] (Carbonite, Inc.)
HKLM\...\Run: [MDS_Menu] => c:\Program Files\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe [218408 2008-11-15] (CyberLink Corp.)
HKLM\...\Run: [Desktop Navigator] => C:\Program Files\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe [326144 2009-03-03] (Lenovo)
HKLM\...\Run: [VeriFaceManager] => C:\Program Files\Lenovo\VeriFace\PManage.exe [3112960 2009-09-03] (Lenovo)
HKLM\...\Run: [UpdateP2GShortCut] => C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM\...\Run: [Readycomm] => C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe [429696 2008-12-18] (Lenovo Group Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [5330760 2009-07-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8828744 2008-12-20] (Lenovo (Beijing) Limited)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [849192 2010-02-05] (Trend Micro Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1164584 2010-09-01] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\...\Run: [Google Update] => C:\Users\Shubhangi\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-01] (Google Inc.)
HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\...\Run: [BitTorrent] => C:\Users\Shubhangi\AppData\Roaming\BitTorrent\BitTorrent.exe [1696104 2015-05-18] (BitTorrent Inc.)
HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\...\MountPoints2: {04d2855e-93a0-11e2-8da6-00269e1410f8} - F:\AutoRun.exe
HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\...\MountPoints2: {1c4727e8-217a-11df-ad47-00269e1410f8} - F:\DOKTORE///mechka.exe
HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\...\MountPoints2: {a1df094d-909a-11e2-93cd-00269e1410f8} - F:\AutoRun.exe
HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\...\MountPoints2: {a1df094f-909a-11e2-93cd-00269e1410f8} - F:\AutoRun.exe
HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\...\MountPoints2: {a1df096e-909a-11e2-93cd-00269e1410f8} - F:\AutoRun.exe
HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\...\MountPoints2: {b4a28b4d-5c15-11df-a034-00269e1410f8} - F:\AutoRun.exe
HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\...\MountPoints2: {b4a28b6c-5c15-11df-a034-00269e1410f8} - F:\AutoRun.exe
HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\...\MountPoints2: {f13c29a4-9149-11e2-959c-00269e1410f8} - F:\AutoRun.exe
HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2009-09-03]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Shubhangi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-02-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\Shubhangi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shubhangi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shubhangi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shubhangi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shubhangi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shubhangi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shubhangi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shubhangi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shubhangi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll [2009-09-03] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-3137433290-1091954734-1320533106-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/
HKU\S-1-5-21-3137433290-1091954734-1320533106-1006\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3137433290-1091954734-1320533106-1006 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll No File
Toolbar: HKU\S-1-5-21-3137433290-1091954734-1320533106-1005 -> No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKU\S-1-5-21-3137433290-1091954734-1320533106-1005 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webvpn.nus.edu.sg/dana-cached/sc/JuniperSetupClient.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2012-01-26] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-08-25] (DivX,Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-14] (Oracle Corporation)
FF Plugin: @kingsfot.com/npkws -> c:\program files\kingsoft\kingsoft antivirus\npkws.dll No File
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-11-10] (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-3137433290-1091954734-1320533106-1005: @citrixonline.com/appdetectorplugin -> C:\Users\Shubhangi\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-05-19] (Citrix Online)
FF Plugin HKU\S-1-5-21-3137433290-1091954734-1320533106-1005: @talk.google.com/GoogleTalkPlugin -> C:\Users\Shubhangi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3137433290-1091954734-1320533106-1005: @talk.google.com/O1DPlugin -> C:\Users\Shubhangi\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3137433290-1091954734-1320533106-1005: @tools.google.com/Google Update;version=3 -> C:\Users\Shubhangi\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-3137433290-1091954734-1320533106-1005: @tools.google.com/Google Update;version=9 -> C:\Users\Shubhangi\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-30] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Shubhangi\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Shubhangi\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-20]
FF HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\...\Firefox\Extensions: [shabtay@gmail.com] - C:\Program Files\2YourFace\2YourFace.xpi
 
Chrome: 
=======
CHR Profile: C:\Users\Shubhangi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Shubhangi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Shubhangi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (Google Wallet) - C:\Users\Shubhangi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-10]
CHR HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\SHUBHA~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-08-10]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe [555560 2008-11-04] (Broadcom Corporation.)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [File not signed]
R2 DGPNPSEV; C:\Program Files\MyDrivers\DriverGenius2013\DgService.exe [330096 2015-04-25] (MyDrivers.com)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [431472 2009-03-27] (Juniper Networks)
R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [36480 2008-12-18] (Lenovo Group Limited) [File not signed]
R3 IncSvc; C:\Program Files\Lenovo\ReadyComm\IncSvc.dll [463360 2007-06-17] (Lenovo Group Limited) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MSSQL$INSTANCENAME; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [1385768 2010-02-02] (Trend Micro Inc.)
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [270336 2007-04-12] (Lenovo Group Limited) [File not signed]
S2 qwxfpq; C:\Windows\system32\qwxfpq\qwxfpq.dll [125296 2015-02-16] ()
R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [98304 2008-02-15] (Lenovo Group Limited) [File not signed]
R2 RichVideo; c:\Program Files\Cyberlink\Shared files\RichVideo.exe [244904 2008-11-25] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [771456 2015-05-31] (Enigma Software Group USA, LLC.)
R2 System_Repair_UpdateMonitor; C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [430080 2008-09-28] (Lenovo Group Limited) [File not signed]
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345352 2009-12-01] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [1337488 2010-02-02] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [689416 2010-01-07] (Trend Micro Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 kphonesvc; "C:\Program Files\kingsoft\shoujizhushou\kphonesvc.exe" -svc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21008 2009-07-14] (Lenovo Corporation)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [226784 2015-04-27] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [191968 2015-05-07] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [166880 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [213984 2015-05-04] (AVG Technologies CZ, s.r.o.)
R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [1185960 2009-01-09] (Bison Electronics. Inc. )
R2 DgSafe; C:\Windows\system32\drivers\DgSafe.sys [483088 2015-04-25] (MyDrivers.com)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [23552 2009-03-27] (Juniper Networks)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-05-31] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-05-31] ()
R1 funfrm; C:\Windows\system32\Drivers\funfrm.sys [48192 2009-09-03] () [File not signed]
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [23128 2011-11-30] (JMicron Technology Corp.)
R0 kavbootc; C:\Windows\System32\drivers\kavbootc.sys [31592 2015-04-25] (Kingsoft Corporation)
R3 ksapi; C:\Windows\system32\drivers\ksapi.sys [80232 2015-02-16] (Kingsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 sit_bus; C:\Windows\System32\Drivers\sit_bus.sys [22144 2008-07-01] (SUNGIL)
S3 sit_flt; C:\Windows\System32\DRIVERS\sit_flt.sys [4352 2008-07-01] (SUNGIL Corporation)
S3 sit_mdm; C:\Windows\System32\Drivers\sit_mdm.sys [39680 2008-07-01] (SUNGIL)
S3 sit_prt; C:\Windows\System32\Drivers\sit_prt.sys [38656 2008-07-01] (SUNGIL)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [59472 2010-07-19] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [163408 2010-07-19] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [51792 2010-07-19] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [264504 2012-07-17] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36664 2012-07-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90256 2010-01-07] (Trend Micro Inc.)
R3 vhidmini; C:\Windows\System32\DRIVERS\ITEhidCIR.sys [10880 2008-01-25] (ITE Tech. Inc. )
R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1515232 2012-07-17] (Trend Micro Inc.)
R0 Wdkbdmou; C:\Windows\System32\DRIVERS\Wdkbdmou.sys [8832 2008-12-18] ()
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [8832 2008-12-18] (Windows ® Codename Longhorn DDK provider)
S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [81192 2008-01-11] (CyberLink)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [116736 2010-06-01] (Huawei Technologies Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2097-03-14 07:13 - 2015-04-14 17:18 - 00000000 ____D () C:\Users\Shubhangi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2097-03-14 07:11 - 2015-02-16 14:32 - 00000680 _____ () C:\Users\Shubhangi\AppData\Local\d3d9caps.dat
2015-06-02 21:59 - 2015-06-02 22:05 - 00000000 ____D () C:\AdwCleaner
2015-06-02 00:31 - 2015-06-02 22:13 - 00000000 ____D () C:\FRST
2015-06-02 00:29 - 2015-06-02 00:31 - 00000000 ____D () C:\Users\Shubhangi\Desktop\Farbar
2015-06-02 00:09 - 2015-06-02 00:10 - 02231296 _____ () C:\Users\Shubhangi\Desktop\adwcleaner_4.206.exe
2015-05-31 21:57 - 2015-05-31 21:57 - 00009921 _____ () C:\Users\Shubhangi\Desktop\ESET threats.txt
2015-05-31 17:43 - 2015-05-31 17:43 - 00000000 __SHD () C:\found.000
2015-05-31 11:48 - 2015-05-31 11:48 - 03640880 _____ () C:\Users\Shubhangi\Downloads\avg_remover_zbot.exe
2015-05-31 02:48 - 2015-05-31 02:48 - 00001035 _____ () C:\Users\Shubhangi\Desktop\SpyHunter.lnk
2015-05-31 02:48 - 2015-05-31 02:48 - 00000000 ____D () C:\Users\Shubhangi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-05-31 02:48 - 2015-05-31 02:48 - 00000000 ____D () C:\Users\Shubhangi\AppData\Roaming\Enigma Software Group
2015-05-31 02:48 - 2015-05-31 02:48 - 00000000 ____D () C:\sh4ldr
2015-05-31 02:47 - 2015-05-31 02:47 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-05-31 02:47 - 2015-05-31 02:47 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-05-31 02:46 - 2015-05-31 02:46 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Shubhangi\Downloads\SpyHunter-Installer.exe
2015-05-31 02:27 - 2015-05-31 02:27 - 00139000 _____ () C:\Windows\Minidump\Mini053115-01.dmp
2015-05-31 01:33 - 2015-05-31 01:33 - 00000000 ____D () C:\Program Files\ESET
2015-05-31 01:32 - 2015-05-31 01:32 - 02347384 _____ (ESET) C:\Users\Shubhangi\Downloads\esetsmartinstaller_enu.exe
2015-05-30 20:59 - 2015-05-30 20:59 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3137433290-1091954734-1320533106-1005Core1d09ad868ce8855.job
2015-05-14 13:49 - 2015-05-14 13:49 - 00029664 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2015-05-07 13:52 - 2015-05-07 13:52 - 00290272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2015-05-07 13:52 - 2015-05-07 13:52 - 00191968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2015-05-07 13:52 - 2015-05-07 13:52 - 00166880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2015-05-04 14:15 - 2015-05-04 14:15 - 00213984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2097-03-17 16:19 - 2009-09-03 04:56 - 00014560 _____ () C:\Windows\system32\ICAutoUpdate.log.bak
2097-03-14 07:11 - 2009-10-21 21:24 - 00000174 _____ () C:\Windows\hpbafd.ini
2097-03-13 21:13 - 2009-09-03 04:43 - 20000255 _____ () C:\sysiclog.txt.bak
2015-06-02 22:16 - 2011-08-02 18:44 - 00000000 ____D () C:\Users\Shubhangi\AppData\Roaming\BitTorrent
2015-06-02 22:15 - 2015-04-14 13:25 - 00531044 _____ () C:\Windows\WindowsUpdate.log
2015-06-02 22:10 - 2013-09-30 20:22 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-02 22:10 - 2009-09-03 04:28 - 00000000 ____D () C:\ProgramData\VeriFace
2015-06-02 22:08 - 2015-04-14 13:13 - 00155912 _____ () C:\Windows\PFRO.log
2015-06-02 22:08 - 2009-09-03 04:43 - 00000056 ___SH () C:\_PartitionInfo
2015-06-02 22:08 - 2006-11-02 21:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-02 22:08 - 2006-11-02 20:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-02 22:08 - 2006-11-02 20:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-02 22:07 - 2015-04-14 13:11 - 00000990 _____ () C:\Windows\TMFilter.log
2015-06-02 22:07 - 2006-11-02 21:01 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-02 22:05 - 2009-10-20 17:53 - 00000000 ____D () C:\Users\Shubhangi
2015-06-02 21:47 - 2015-04-14 16:09 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-02 21:21 - 2013-11-05 14:55 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-31 17:55 - 2009-10-20 17:53 - 00000949 _____ () C:\Users\Shubhangi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-31 11:57 - 2014-07-05 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-31 02:27 - 2015-04-14 16:04 - 202919576 _____ () C:\Windows\MEMORY.DMP
2015-05-31 02:27 - 2010-02-19 19:14 - 00000000 ____D () C:\Windows\Minidump
2015-05-31 02:11 - 2009-09-03 03:25 - 00001076 _____ () C:\Windows\bthservsdp.dat
2015-05-31 00:57 - 2009-09-03 04:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-30 20:59 - 2015-02-11 22:19 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3137433290-1091954734-1320533106-1005Core1d04605c729b320.job
2015-05-30 20:54 - 2014-05-19 21:58 - 00000586 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3137433290-1091954734-1320533106-1005.job
 
==================== Files in the root of some directories =======
 
2015-04-14 13:16 - 2015-04-14 13:19 - 0000021 _____ () C:\Users\Shubhangi\AppData\Roaming\fixcfg.ini
2013-10-19 08:58 - 2013-10-19 08:58 - 0024206 _____ () C:\Users\Shubhangi\AppData\Roaming\UserTile.png
2097-03-14 07:11 - 2015-02-16 14:32 - 0000680 _____ () C:\Users\Shubhangi\AppData\Local\d3d9caps.dat
2009-10-20 21:39 - 2015-03-21 17:04 - 0155136 _____ () C:\Users\Shubhangi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-11-17 13:22 - 2009-11-17 13:22 - 0004096 ____H () C:\Users\Shubhangi\AppData\Local\keyfile3.drm
2015-04-25 18:30 - 2015-04-26 00:56 - 0000125 _____ () C:\ProgramData\dgdevinfo.dat
2015-04-26 00:56 - 2015-04-26 00:56 - 0000335 _____ () C:\ProgramData\DgUnkDevTag.dat
2010-01-18 06:18 - 2010-01-18 06:18 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-09-03 03:51 - 2015-01-10 10:47 - 0231049 _____ () C:\ProgramData\nvModes.001
2009-09-03 03:51 - 2015-01-10 10:47 - 0231049 _____ () C:\ProgramData\nvModes.dat
 
Files to move or delete:
====================
C:\ProgramData\dgdevinfo.dat
C:\ProgramData\DgUnkDevTag.dat
 
 
Some files in TEMP:
====================
C:\Users\Shubhangi\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Shubhangi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprg8fbt.dll
C:\Users\Shubhangi\AppData\Local\Temp\GURE713.exe
C:\Users\Shubhangi\AppData\Local\Temp\Quarantine.exe
C:\Users\Shubhangi\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-02 22:16
 
==================== End of log ============================
 
 
===
 
4. Also attached herewith is the Addition.txt created with Farbar scan.
===
 
Computer is working better now. Do you see any issues with the logs above?
 
Regards
Rachit


#6 rachit18

rachit18
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 02 June 2015 - 09:53 AM

Attached File  Addition.txt   48.43KB   1 downloads

 



#7 rachit18

rachit18
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 02 June 2015 - 09:57 AM

Not sure why but I keep gettign an error message " You do not have permission to post this" upon hitting post after I copy paste AdwCleaner log. So attaching that file herewith.
 
Attached File  AdwCleanerR0 log_2Jun2015.txt   16.83KB   0 downloads

 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 PM

Posted 02 June 2015 - 10:03 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll No File
Toolbar: HKU\S-1-5-21-3137433290-1091954734-1320533106-1005 -> No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKU\S-1-5-21-3137433290-1091954734-1320533106-1005 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF Plugin: @kingsfot.com/npkws -> c:\program files\kingsoft\kingsoft antivirus\npkws.dll No File
FF HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\...\Firefox\Extensions: [shabtay@gmail.com] - C:\Program Files\2YourFace\2YourFace.xpi
S2 kphonesvc; "C:\Program Files\kingsoft\shoujizhushou\kphonesvc.exe" -svc [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Program Files\2YourFace
C:\Users\Shubhangi\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Shubhangi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprg8fbt.dll
C:\Users\Shubhangi\AppData\Local\Temp\GURE713.exe.

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

#9 rachit18

rachit18
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 02 June 2015 - 10:31 AM

Fix result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Shubhangi at 2015-06-02 23:24:21 Run:1
Running from C:\Users\Shubhangi\Desktop\Farbar
Loaded Profiles: Shubhangi & UpdatusUser (Available Profiles: Shubhangi & UpdatusUser)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
 
CloseProcesses:
 
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll No File
Toolbar: HKU\S-1-5-21-3137433290-1091954734-1320533106-1005 -> No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKU\S-1-5-21-3137433290-1091954734-1320533106-1005 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF Plugin: @kingsfot.com/npkws -> c:\program files\kingsoft\kingsoft antivirus\npkws.dll No File
FF HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\...\Firefox\Extensions: [shabtay@gmail.com] - C:\Program Files\2YourFace\2YourFace.xpi
S2 kphonesvc; "C:\Program Files\kingsoft\shoujizhushou\kphonesvc.exe" -svc [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Program Files\2YourFace
C:\Users\Shubhangi\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Shubhangi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprg8fbt.dll
C:\Users\Shubhangi\AppData\Local\Temp\GURE713.exe.
 
End
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key Removed successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => key Removed successfully.
"HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => key Removed successfully.
HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => value Removed successfully.
HKCR\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => key not found. 
HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value Removed successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found. 
"HKLM\Software\MozillaPlugins\@kingsfot.com/npkws" => key Removed successfully.
HKU\S-1-5-21-3137433290-1091954734-1320533106-1005\Software\Mozilla\Firefox\Extensions\\shabtay@gmail.com => value Removed successfully.
kphonesvc => Service Removed successfully.
IpInIp => Service Removed successfully.
NwlnkFlt => Service Removed successfully.
NwlnkFwd => Service Removed successfully.
"C:\Program Files\2YourFace" => File/Folder not found.
C:\Users\Shubhangi\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Shubhangi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprg8fbt.dll => Moved successfully.
C:\Users\Shubhangi\AppData\Local\Temp\GURE713.exe. => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 23:24:32 ====


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 PM

Posted 02 June 2015 - 12:10 PM

How is the computer running now?

#11 rachit18

rachit18
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 07 June 2015 - 11:01 AM

Hey Nasdaq,

Many thanks for your help. I've been using my computer for a week now and it is running just as fine as before.

Your suggestions are greatly appreciated. Just so that I know could you see any Trojans on my machine as eset scan had shown or just adware/malware a?

Thanks
Rachit18

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 PM

Posted 08 June 2015 - 06:34 AM

Nothing malicious was found just some Adware etc...

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 PM

Posted 14 June 2015 - 07:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users