Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem o23 services


  • This topic is locked This topic is locked
4 replies to this topic

#1 alpgn

alpgn

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 11 July 2015 - 03:01 AM

Hi!

I've runned hijackthis on my windows 7 64 bits. I know Hijackthis doesn`t work well on 64 bits systems, so I would like to know if I have more malware on my laptop. I've attached the txt from Farbar recovery and DDS.

Is there a way to check my logs by myself?

Thank you very much

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015
Ran by Alessio (administrator) on ABC on 11-07-2015 09:51:15
Running from C:\Users\Alessio\Desktop
Loaded Profiles: Alessio & UpdatusUser (Available Profiles: Alessio & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-23] (NVIDIA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-07] (AVAST Software)
HKU\S-1-5-21-3117554630-2913376281-3184730049-1000\...\MountPoints2: {1de171b5-23c4-11e5-ab0e-002186750aeb} - F:\setup.exe
HKU\S-1-5-21-3117554630-2913376281-3184730049-1000\...\MountPoints2: {c1d8fb7e-26e1-11e5-af04-002186750aeb} - G:\aocsetup.exe /autorun
HKU\S-1-5-21-3117554630-2913376281-3184730049-1000\...\MountPoints2: {c1d8fb83-26e1-11e5-af04-002186750aeb} - H:\aoesetup.exe /autorun
HKU\S-1-5-21-3117554630-2913376281-3184730049-1000\...\MountPoints2: {c1d8fb8b-26e1-11e5-af04-002186750aeb} - I:\aocsetup.exe /autorun
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-08-07] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3117554630-2913376281-3184730049-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-08-07] (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-07] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-12] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2EF3BEF0-951C-4F59-BD50-4B836F74FDEB}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7A5836EE-5F48-4A66-B6BD-9F39528A1581}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\nurxcqv5.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll [2014-06-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll [2014-06-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin HKU\S-1-5-21-3117554630-2913376281-3184730049-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Alessio\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3117554630-2913376281-3184730049-1000: @talk.google.com/O1DPlugin -> C:\Users\Alessio\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3117554630-2913376281-3184730049-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Alessio\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3117554630-2913376281-3184730049-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Alessio\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Alessio\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Alessio\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: HTTPS-Everywhere - C:\Users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\nurxcqv5.default\Extensions\https-everywhere@eff.org [2015-07-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-22]
 
Chrome: 
=======
CHR Profile: C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-22]
CHR Extension: (Google Drive) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-22]
CHR Extension: (YouTube) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-22]
CHR Extension: (Google Search) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-22]
CHR Extension: (Avast Online Security) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-16]
CHR Extension: (Google Wallet) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-22]
CHR Extension: (Gmail) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-07] (AVAST Software)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2014-09-03] () [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-07] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-07-09] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-11 09:51 - 2015-07-11 09:51 - 00014316 _____ C:\Users\Alessio\Desktop\FRST.txt
2015-07-11 09:24 - 2015-07-11 09:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Alessio\Desktop\revosetup.exe
2015-07-11 08:55 - 2015-07-11 08:55 - 00688992 ____R (Swearware) C:\Users\Alessio\Desktop\dds.com
2015-07-11 08:47 - 2015-07-11 09:51 - 00000000 ____D C:\FRST
2015-07-11 08:40 - 2015-07-11 08:41 - 02112512 _____ (Farbar) C:\Users\Alessio\Desktop\FRST64.exe
2015-07-11 08:07 - 2015-07-11 08:07 - 00000608 _____ C:\Windows\PFRO.log
2015-07-11 08:07 - 2015-07-11 08:07 - 00000022 _____ C:\Windows\S.dirmngr
2015-07-11 01:24 - 2015-07-11 01:24 - 00003560 ____N C:\bootsqm.dat
2015-07-10 23:42 - 2015-07-11 08:07 - 00000112 _____ C:\Windows\setupact.log
2015-07-10 23:42 - 2015-07-10 23:42 - 00410416 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-10 23:42 - 2015-07-10 23:42 - 00000000 _____ C:\Windows\setuperr.log
2015-07-10 22:00 - 2015-07-10 22:00 - 00110680 _____ C:\Users\Alessio\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-10 21:48 - 2015-07-11 08:54 - 00000000 ____D C:\Users\Alessio\AppData\Local\Dropbox
2015-07-10 21:48 - 2015-07-10 21:48 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-10 21:11 - 2015-07-10 21:11 - 00000000 ____D C:\Users\Alessio\Desktop\Clases Complutense 1r curso
2015-07-10 19:45 - 2015-07-10 21:15 - 00000000 ____D C:\Users\Alessio\Desktop\Backup USB 10 julio 2015
2015-07-10 19:45 - 2015-04-06 17:17 - 00000151 _____ C:\Users\Alessio\Desktop\Cuenta transferencias piso
2015-07-10 12:43 - 2015-07-10 12:43 - 00000000 ____D C:\Users\Alessio\AppData\Local\Disc_Soft_Ltd
2015-07-10 11:49 - 2015-07-10 11:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2015-07-09 13:17 - 2015-07-09 13:17 - 00000000 ____D C:\ProgramData\Steam
2015-07-09 13:06 - 2015-07-09 13:06 - 00000880 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empires II HD.lnk
2015-07-09 13:06 - 2015-07-09 13:06 - 00000868 _____ C:\Users\Public\Desktop\Age of Empires II HD.lnk
2015-07-09 13:03 - 2015-07-09 13:17 - 00000000 ____D C:\Program Files (x86)\Age of Empires II HD
2015-07-09 12:58 - 2015-07-10 21:35 - 00000000 ____D C:\Users\Alessio\AppData\Roaming\DAEMON Tools Lite
2015-07-09 12:58 - 2015-07-09 13:00 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-07-09 12:58 - 2015-07-09 12:59 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2015-07-09 12:58 - 2015-07-09 12:58 - 00001733 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-07-09 12:58 - 2015-07-09 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-07-09 12:57 - 2015-07-09 12:57 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-07-04 19:59 - 2015-07-10 12:40 - 00000000 ____D C:\Program Files (x86)\WebSite X5 v9 - Smart
2015-06-27 11:27 - 2015-06-27 11:45 - 759031611 ____R C:\Users\Alessio\Downloads\Jose, Carol MILF, Annbeth.mp4
2015-06-24 11:11 - 2015-07-04 22:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-11 09:43 - 2013-12-22 20:56 - 01531724 _____ C:\Windows\WindowsUpdate.log
2015-07-11 09:18 - 2013-12-22 21:26 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-11 09:16 - 2014-01-16 21:39 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3117554630-2913376281-3184730049-1000UA.job
2015-07-11 08:16 - 2014-01-16 21:39 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3117554630-2913376281-3184730049-1000Core.job
2015-07-11 08:15 - 2009-07-14 06:45 - 00031520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-11 08:15 - 2009-07-14 06:45 - 00031520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-11 08:11 - 2015-05-04 02:58 - 00000000 ____D C:\Program Files\MyDefrag v4.3.1
2015-07-11 08:08 - 2013-12-22 21:26 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-11 08:07 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-10 23:44 - 2013-12-22 22:01 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-10 23:41 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\DigitalLocker
2015-07-10 23:40 - 2013-12-22 21:03 - 00000000 ____D C:\Users\Alessio
2015-07-10 23:07 - 2013-12-27 02:36 - 00000000 ____D C:\Users\Alessio\AppData\Roaming\Dropbox
2015-07-10 21:49 - 2014-10-28 02:59 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-10 21:47 - 2014-10-28 02:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-10 21:47 - 2014-10-28 02:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-10 21:14 - 2013-12-29 04:34 - 00000000 ___RD C:\Users\Alessio\Documents\Ale
2015-07-10 20:08 - 2015-04-14 00:01 - 00000000 ____D C:\Users\Alessio\.gimp-2.8
2015-07-10 18:50 - 2009-07-14 11:31 - 00747986 _____ C:\Windows\system32\perfh00A.dat
2015-07-10 18:50 - 2009-07-14 11:31 - 00159426 _____ C:\Windows\system32\perfc00A.dat
2015-07-10 18:50 - 2009-07-14 07:13 - 01678290 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-10 12:09 - 2014-12-11 09:42 - 00000000 ____D C:\Users\Alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-07-10 11:59 - 2013-12-22 21:03 - 00000000 ____D C:\Users\Alessio\AppData\Local\VirtualStore
2015-07-10 00:59 - 2013-12-22 22:26 - 00000000 ____D C:\Users\Alessio\AppData\Local\Spotify
2015-07-09 22:25 - 2013-12-22 22:22 - 00000000 ____D C:\Users\Alessio\AppData\Roaming\Spotify
2015-07-09 11:05 - 2014-06-18 01:53 - 00000000 __SHD C:\Users\Alessio\AppData\Local\EmieUserList
2015-07-09 11:05 - 2014-06-18 01:53 - 00000000 __SHD C:\Users\Alessio\AppData\Local\EmieSiteList
2015-07-07 22:38 - 2013-12-22 21:29 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-06 11:48 - 2014-06-12 21:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-05 01:46 - 2014-12-11 09:39 - 69353866 _____ C:\Users\Alessio\Desktop\Age_of_Empires_rise_of_rome.rar
2015-07-04 22:49 - 2014-06-12 21:32 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-04 22:49 - 2014-06-12 21:32 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-30 09:34 - 2015-05-04 09:30 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-30 09:34 - 2014-06-16 15:08 - 00000000 ____D C:\Users\Alessio\AppData\Roaming\uTorrent
2015-06-30 09:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-06-30 08:40 - 2014-10-24 22:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-30 08:40 - 2014-01-11 22:36 - 00001926 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2015-06-29 13:37 - 2015-03-03 20:26 - 00000071 _____ C:\Users\Alessio\Desktop\contraseña infojobs.txt
2015-06-27 21:11 - 2014-06-16 15:57 - 00000000 ____D C:\Users\Alessio\Downloads\Charles Bradley - Victim of Love (2013) [MP3 320 - Stepherd]
2015-06-27 20:47 - 2014-06-16 15:56 - 00000000 ____D C:\Users\Alessio\Downloads\Charles Bradley - No Time For Dreaming [Dunham] (2011) mp3 320 vtwin88cube
2015-06-27 18:38 - 2014-06-22 10:26 - 00000000 ____D C:\Users\Alessio\Downloads\C2C - Tetra (2012) [MP3 320]
2015-06-23 13:30 - 2013-12-22 21:35 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-22 21:38 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-18 08:41 - 2014-10-28 02:59 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-10-28 02:59 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2014-03-16 22:56 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-15 19:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-12 17:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-12 14:34 - 2013-12-23 04:51 - 00000000 ____D C:\Windows\system32\MRT
2015-06-12 14:25 - 2013-12-23 04:51 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-11 22:19 - 2013-12-27 02:33 - 00001067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-06-11 22:19 - 2013-12-27 02:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
 
==================== Files in the root of some directories =======
 
2014-02-13 04:16 - 2014-02-13 04:16 - 49940480 _____ () C:\Program Files (x86)\GUT36B8.tmp
2013-12-22 21:49 - 2013-12-22 21:49 - 0000000 _____ () C:\Users\Alessio\AppData\Local\AtStart.txt
2013-12-22 21:49 - 2013-12-22 21:49 - 0000000 _____ () C:\Users\Alessio\AppData\Local\DSwitch.txt
2013-12-22 21:49 - 2013-12-22 21:49 - 0000000 _____ () C:\Users\Alessio\AppData\Local\QSwitch.txt
2015-06-08 19:09 - 2015-06-08 19:09 - 0017387 _____ () C:\Users\Alessio\AppData\Local\recently-used.xbel
2014-03-17 03:33 - 2014-03-17 03:33 - 0007597 _____ () C:\Users\Alessio\AppData\Local\Resmon.ResmonCfg
2014-01-29 01:15 - 2014-01-29 01:15 - 0000129 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Some files in TEMP:
====================
C:\Users\Alessio\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp1zb46.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-08 20:49
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 AM

Posted 14 July 2015 - 08:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
CHR Extension: (Avast Online Security) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-23]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-07]
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Nothing suspicious was found this is just a cleanup.

What is the problem with this computer?

#3 alpgn

alpgn
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 14 July 2015 - 11:23 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Alessio at 2015-07-14 18:01:01 Run:1
Running from C:\Users\Alessio\Desktop
Loaded Profiles: Alessio & UpdatusUser (Available Profiles: Alessio & UpdatusUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
start
 
EmptyTemp:
CloseProcesses:
 
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
CHR Extension: (Avast Online Security) - C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-23]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-07]
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]
 
End
*****************
 
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@viewpoint.com/VMP" => key removed successfully
C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll => moved successfully.
C:\Users\Alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
wanatw => Service removed successfully
EmptyTemp: => 543.2 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-14 18:02:54)<=
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx" => Could not move
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 18:02:54 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 AM

Posted 15 July 2015 - 07:31 AM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 AM

Posted 20 July 2015 - 08:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users