Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Isass


  • This topic is locked This topic is locked
17 replies to this topic

#1 JoanaMOC

JoanaMOC

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:56 PM

Posted 01 December 2015 - 03:47 PM

Hi! My mouse start to move by itself and strange songs are made randomly, moreover my computer is extremely slow when I'm at the internet even Facebook !! So I ran the HijackThis and the Isass appeared... Please help me! I already already follow the inicial guidelines. ​

From DDS -> FRST.tx

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by  (administrator) on  (01-12-2015 16:45:36)
Running from C:\Users\xxx\Downloads
Loaded Profiles: xxxx (Available Profiles: xxxxxxxxxxxx)
Platform: Windows 10 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dropbox, Inc.) C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Trend Micro Inc.) C:\Users\xxxxxx\Desktop\HijackThis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-08-18] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco)
HKU\S-1-5-21-1288901626-699231163-3170635746-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-1288901626-699231163-3170635746-1001\...\Run: [Dropbox Update] => C:\Users\xxxx\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-12] (Dropbox, Inc.)
HKU\S-1-5-21-1288901626-699231163-3170635746-1001\...\RunOnce: [Uninstall C:\Users\xxxxxxxxxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxxxxxxxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
HKU\S-1-5-21-1288901626-699231163-3170635746-1001\...\RunOnce: [Uninstall C:\Users\xxxxxxxxxxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxxxxxxxxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1"
HKU\S-1-5-21-1288901626-699231163-3170635746-1001\...\RunOnce: [Uninstall C:\Users\xxxxxxxx\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxxxxxxxx\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-1288901626-699231163-3170635746-1001\...\RunOnce: [Uninstall C:\Users\xxxxxxxxxx\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxxxxxxxxx\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\xxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-02-10]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2015-08-23]
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\Users\xxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\xxxxxxxxxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\xxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-11-23]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2014-06-06] (National Instruments Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2014-06-06] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 189.7.144.37 189.7.144.15 189.7.144.16
Tcpip\..\Interfaces\{3d804573-e0b2-4aff-81e7-cf6e797d311b}: [DhcpNameServer] 189.7.144.37 189.7.144.15 189.7.144.16
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1288901626-699231163-3170635746-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-24] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-24] (Google Inc.)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-1288901626-699231163-3170635746-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-24] (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
 
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1288901626-699231163-3170635746-1001 -> hxxp://www.google.com/
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1288901626-699231163-3170635746-1001: gastecnologia.com.br/sf/uni -> C:\Users\xxxxxxxxxxxx\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-1288901626-699231163-3170635746-1001: SkypePlugin -> C:\Users\xxxxxxxxxxxx\AppData\Local\SkypePlugin\7.6.0.291\npGatewayNpapi.dll [2015-08-25] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1288901626-699231163-3170635746-1001: SkypePlugin64 -> C:\Users\xxxxxxxxxxxx\AppData\Local\SkypePlugin\7.6.0.291\npGatewayNpapi-x64.dll [2015-08-25] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-05-21] (Microsoft Corporation)
 
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\xxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\xxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-20]
CHR Extension: (Rapport) - C:\Users\xxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-07-03]
CHR Extension: (YouTube) - C:\Users\xxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Adblock Plus) - C:\Users\xxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-30]
CHR Extension: (Google Search) - C:\Users\xxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-01]
CHR Extension: (TeX equation editor) - C:\Users\xxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggdddnmjoomglnkjhcpcnjbieiojini [2015-01-20]
CHR Extension: (Google Docs Offline) - C:\Users\xxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\xxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\xxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp [2015-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\xxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR Extension: (TypingClub) - C:\Users\xxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah [2015-10-16]
CHR Extension: (Gmail) - C:\Users\xxxxxxxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR HKU\S-1-5-21-1288901626-699231163-3170635746-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\xxxxxxxxxxxx\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-10-07]
CHR HKU\S-1-5-21-1288901626-699231163-3170635746-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1288901626-699231163-3170635746-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)
R2 LkCitadelServer; C:\WINDOWS\SysWOW64\lkcitdl.exe [695136 2014-12-02] (National Instruments, Inc.)
R2 lkClassAds; C:\WINDOWS\SysWOW64\lkads.exe [53032 2014-06-09] (National Instruments Corporation)
R2 lkTimeSync; C:\WINDOWS\SysWOW64\lktsrv.exe [63280 2014-06-09] (National Instruments Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-05] (Hewlett-Packard) [File not signed]
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57184 2014-11-21] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [80736 2014-11-21] (National Instruments Corporation)
R2 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [569152 2014-10-23] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [394544 2014-06-09] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [320368 2014-06-06] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [89928 2014-06-06] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57168 2014-11-21] (National Instruments Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-05] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-11-12] (IBM Corp.)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-08-18] (GAS Tecnologia LTDA)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-07-29] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [271272 2015-07-29] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-07-29] (BitDefender)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-29] (Disc Soft Ltd)
S3 HPx9G+; no ImagePath
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-07] (Intel Corporation)
S3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-07] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-29] (Intel Corporation)
R3 mrvlpcie8897; C:\Windows\System32\drivers\mrvlpcie8897.sys [1055232 2015-09-29] (Marvell Semiconductors Inc.)
R1 RapportCerberus_1507076; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507076.sys [959416 2015-11-21] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-11-12] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-11-12] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-11-12] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489272 2015-11-12] (IBM Corp.)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [423144 2015-09-17] (Realsil Semiconductor Corporation)
S3 ssudcdf; C:\Windows\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\Windows\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\Windows\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudrmnet; C:\Windows\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU Co., LTD.)
S3 ssudserd; C:\Windows\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU Co., LTD.)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-05-29] (Microsoft Corporation)
R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [44152 2014-11-26] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-05-02] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [63000 2015-09-29] (Microsoft Corporation)
R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\System32\drivers\SurfacePenDriver.sys [76424 2015-03-31] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [36048 2015-04-09] (Microsoft Corporation)
S3 SurfaceTypeCoverV3Integration; C:\Windows\System32\drivers\SurfaceTypeCoverV3Integration.sys [52760 2015-10-28] (Microsoft Corporation)
R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 WiFiClass; C:\Windows\System32\drivers\wificlass.sys [420352 2015-06-10] (Microsoft Corporation)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-05-20] (Basil)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-01 16:45 - 2015-12-01 16:45 - 00024701 _____ C:\Users\xxxxxxxxxxxx\Downloads\FRST.txt
2015-12-01 16:45 - 2015-12-01 16:45 - 00000000 ____D C:\FRST
2015-12-01 16:43 - 2015-12-01 16:44 - 02350080 _____ (Farbar) C:\Users\xxxxxxxxxxxx\Downloads\FRST64.exe
2015-12-01 16:19 - 2015-12-01 16:19 - 00036425 _____ C:\Users\xxxxxxxxxxxx\Desktop\dds.txt
2015-12-01 16:19 - 2015-12-01 16:19 - 00021675 _____ C:\Users\xxxxxxxxxxxx\Desktop\attach.txt
2015-12-01 16:17 - 2015-12-01 16:17 - 00688992 ____R (Swearware) C:\Users\xxxxxxxxxxxx\Downloads\dds.com
2015-12-01 16:02 - 2015-12-01 16:02 - 00016148 _____ C:\WINDOWS\system32\JOANA_xxxxxxxxxxxx_HistoryPrediction.bin
2015-12-01 16:02 - 2015-12-01 16:02 - 00000000 ___HD C:\OneDriveTemp
2015-11-30 16:06 - 2015-11-30 23:41 - 00000000 ____D C:\Users\xxxxxxxxxxxx\Desktop\backups
2015-11-30 13:36 - 2015-11-30 13:36 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-11-30 12:02 - 2015-11-30 12:02 - 02012464 _____ C:\Users\xxxxxxxxxxxx\Downloads\Adaware_Installer.exe
2015-11-30 11:55 - 2015-11-30 11:55 - 00000000 ____D C:\Users\xxxxxxxxxxxx\Downloads\backups
2015-11-30 11:39 - 2015-11-30 11:40 - 00388608 _____ (Trend Micro Inc.) C:\Users\xxxxxxxxxxxx\Desktop\HijackThis.exe
2015-11-20 21:46 - 2015-11-20 21:45 - 00253963 _____ C:\Users\xxxxxxxxxxxx\Desktop\Lifemed - Relatório de Inspeção 10001453 - Semana 01.pdf
2015-11-12 11:18 - 2015-11-12 11:18 - 00000000 ____D C:\Users\xxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-11 17:31 - 2015-11-05 03:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 17:31 - 2015-11-05 03:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-11 17:31 - 2015-11-05 03:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-11 17:31 - 2015-11-05 03:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 17:31 - 2015-11-05 03:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-11 17:31 - 2015-11-05 03:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 17:31 - 2015-11-05 03:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-11 17:31 - 2015-11-05 03:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-11 17:31 - 2015-11-05 02:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-11 17:31 - 2015-11-05 02:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 17:31 - 2015-11-05 02:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-11 17:31 - 2015-11-05 02:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-11 17:31 - 2015-11-05 02:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 17:31 - 2015-11-05 02:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-11 17:31 - 2015-11-05 02:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-11 17:31 - 2015-11-05 02:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-11 17:31 - 2015-11-05 02:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 17:31 - 2015-11-05 02:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-11 17:31 - 2015-11-05 02:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-11 17:31 - 2015-11-05 02:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-11 17:31 - 2015-11-05 02:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-11 17:31 - 2015-11-05 02:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-11 17:31 - 2015-11-05 02:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 17:31 - 2015-11-05 02:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-11 17:31 - 2015-11-05 02:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-11 17:31 - 2015-11-05 02:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-11 17:31 - 2015-11-05 02:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 17:31 - 2015-11-05 02:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 17:31 - 2015-11-05 02:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-11 17:31 - 2015-11-05 02:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-11 17:31 - 2015-11-05 02:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 17:31 - 2015-11-05 02:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-11 17:31 - 2015-11-05 02:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-11 17:31 - 2015-11-05 01:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-11 17:31 - 2015-11-05 01:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-11 17:31 - 2015-11-05 01:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-11 17:31 - 2015-11-05 01:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-11 17:31 - 2015-11-05 01:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-11 17:31 - 2015-11-05 01:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-11 17:31 - 2015-11-05 01:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-11 17:31 - 2015-11-05 01:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 17:31 - 2015-11-05 01:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-11 17:31 - 2015-11-05 01:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-11 17:31 - 2015-11-05 01:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-11 17:31 - 2015-11-05 01:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-11 17:31 - 2015-11-05 01:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-11 17:31 - 2015-11-05 01:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 17:31 - 2015-11-05 01:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 17:31 - 2015-11-05 01:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 17:31 - 2015-11-05 01:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 17:31 - 2015-11-05 01:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-11 17:31 - 2015-11-05 01:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-11 17:31 - 2015-11-05 01:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-04 17:48 - 2015-11-18 18:29 - 00004061 _____ C:\Users\xxxxxxxxxxxx\AppData\Roaming\LTspiceIV.ini
2015-11-04 17:38 - 2015-11-04 17:38 - 00001251 _____ C:\Users\xxxxxxxxxxxx\Desktop\LTspice IV.lnk
2015-11-04 17:35 - 2015-11-04 17:35 - 00000000 ____D C:\Program Files (x86)\LTC
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-01 16:45 - 2015-07-10 07:05 - 00000000 ____D C:\Windows
2015-12-01 16:40 - 2015-06-12 17:30 - 00000954 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1288901626-699231163-3170635746-1001UA.job
2015-12-01 16:40 - 2015-06-12 17:30 - 00000902 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1288901626-699231163-3170635746-1001Core.job
2015-12-01 16:13 - 2014-08-31 05:19 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-01 16:06 - 2015-08-18 11:57 - 01810446 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-01 16:06 - 2015-08-18 08:40 - 00795478 _____ C:\WINDOWS\system32\prfh0416.dat
2015-12-01 16:06 - 2015-08-18 08:40 - 00157234 _____ C:\WINDOWS\system32\prfc0416.dat
2015-12-01 16:06 - 2015-07-10 09:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-01 16:04 - 2014-08-28 07:01 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E03D8F0F-F233-47AE-AFFA-7AFCB09471A7}
2015-12-01 16:02 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-01 16:02 - 2014-09-01 07:09 - 00000000 ___RD C:\Users\xxxxxxxxxxxx\Google Drive
2015-12-01 16:02 - 2014-08-31 05:19 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-01 16:02 - 2014-08-28 21:08 - 00000000 ___RD C:\Users\xxxxxxxxxxxx\Dropbox
2015-12-01 16:02 - 2014-08-28 21:04 - 00000000 ____D C:\Users\xxxxxxxxxxxx\AppData\Roaming\Dropbox
2015-12-01 16:02 - 2014-08-28 09:54 - 00000000 __RDO C:\Users\xxxxxxxxxxxx\OneDrive
2015-12-01 16:01 - 2015-07-10 10:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-30 23:43 - 2015-07-10 07:05 - 35913728 ___SH C:\WINDOWS\system32\config\BBI
2015-11-30 23:22 - 2015-07-10 09:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-30 16:19 - 2015-08-11 15:34 - 00005212 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for JOANA-xxxxxxxxxxxx Joana
2015-11-30 14:17 - 2015-08-18 11:45 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-11-30 11:40 - 2014-08-28 06:49 - 00000000 ____D C:\Users\xxxxxxxxxxxx\AppData\Local\VirtualStore
2015-11-28 23:16 - 2014-09-01 07:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-26 15:20 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-23 16:46 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-11-23 15:54 - 2014-09-01 02:55 - 00000000 ____D C:\ProgramData\Oracle
2015-11-23 15:48 - 2014-10-19 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-23 15:48 - 2014-10-19 21:11 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-23 15:47 - 2015-09-10 16:00 - 00000000 ____D C:\Users\xxxxxxxxxxxx\.oracle_jre_usage
2015-11-23 15:47 - 2014-10-19 21:11 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-11-21 15:39 - 2015-05-02 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-11-20 21:46 - 2014-10-23 02:28 - 00000000 ____D C:\Users\xxxxxxxxxxxx\AppData\Local\CutePDF Writer
2015-11-20 14:24 - 2014-08-28 06:49 - 00000000 ____D C:\Users\xxxxxxxxxxxx\AppData\Local\Packages
2015-11-16 13:20 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-14 21:00 - 2014-08-31 23:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-14 20:49 - 2014-08-31 23:37 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-14 20:24 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-11-14 20:24 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-11-14 20:24 - 2015-07-10 09:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-12 01:32 - 2015-05-02 17:01 - 00394584 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2015-11-12 01:32 - 2015-05-02 17:01 - 00139896 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2015-11-12 00:39 - 2015-07-10 08:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 11:01 - 2015-09-30 15:10 - 00000000 ____D C:\Users\xxxxxxxxxxxx\AppData\Local\Windows Live
2015-11-08 20:15 - 2015-07-04 13:42 - 00000000 ____D C:\Users\xxxxxxxxxxxx\Scan
2015-11-05 16:26 - 2015-03-05 11:48 - 00000000 ____D C:\ProgramData\GbPlugin
2015-11-05 16:13 - 2015-04-01 21:00 - 00000000 ____D C:\Users\xxxxxxxxxxxx\Desktop\Imprimir
2015-11-04 17:38 - 2014-08-31 05:08 - 00001275 _____ C:\Users\xxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\LTspice IV.lnk
2015-11-04 17:36 - 2014-08-31 03:33 - 00000000 ____D C:\Users\xxxxxxxxxxxx\Documents\Drivers & Softwares
2015-11-04 10:45 - 2015-08-18 12:13 - 00002359 _____ C:\Users\xxxxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-03 16:20 - 2015-07-10 09:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 16:20 - 2015-07-10 09:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-11-04 17:48 - 2015-11-18 18:29 - 0004061 _____ () C:\Users\xxxxxxxxxxxx\AppData\Roaming\LTspiceIV.ini
2015-03-05 11:48 - 2015-03-05 11:48 - 0015945 _____ () C:\Users\xxxxxxxxxxxx\AppData\Roaming\unins000.dat
2015-08-18 11:46 - 2015-08-18 11:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-10 08:39 - 2015-08-23 16:23 - 0001814 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\xxxxxxxxxxxx\AppData\Local\Temp\ACLMInstaller.exe
C:\Users\xxxxxxxxxxxx\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpziuuf0.dll
C:\Users\xxxxxxxxxxxx\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\xxxxxxxxxxxx\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\xxxxxxxxxxxx\AppData\Local\Temp\UNINSTALL.EXE
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2015-11-30 12:17
 
==================== End of FRST.txt ============================

Attached File  Addition.txt   56.42KB   4 downloadst

 

 

 

 



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 PM

Posted 02 December 2015 - 08:28 AM

Hello JoanaMOC and Welcome to the BleepingComputer. :welcome: 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
     
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
=====================================================

Please do the following,

 

RogueKiller by Tigzy

  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply

===================================================

Run TDSSKiller by Kaspersky

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.

-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".
===================================================
aswMBR

 

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 PM

Posted 02 December 2015 - 09:32 AM

C:\Users\xxxxxxxxxxxx\Downloads\Adaware_Installer.exe

 

Please not make arrangements in reports. The process may fail. Also it violates  our the rules.

===============================================================================

 

Please uninstall BitDefender

To be sure everything is removed properly, we also recommend using our dedicated uninstall tool. Download it from this location and then run it on your system:

http://www.bitdefender.com/files/KnowledgeBase/file/The_New_Bitdefender_UninstallTool.exe

 

==================================================================================

Going over your logs I noticed that you have Bittorent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Bittorent, however that choice is up to you. If you choose to remove these programs, you can do so viaStart > Control Panel > Add/Remove Programs.

Bittorent


Edited by olgun52, 02 December 2015 - 09:40 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 JoanaMOC

JoanaMOC
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:56 PM

Posted 02 December 2015 - 01:00 PM

Hi Yılmaz!

 

Thank you very much for your help. I just changed my name  for xxxxx because I was afraid.

Ok, I had already uninstall Bitdefender and Bittorrent. :wink:

==============================================================

Now, beginning with  RogueKiller by Tigzy report:

 

RogueKiller V11.0.0.0 [Nov 27 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
 
Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : JoanaMarini [Administrator]
Started from : C:\Users\JoanaMarini\Desktop\RogueKiller.exe
Mode : Scan -- Date : 12/02/2015 14:54:25
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 9 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\AVG Secure Search -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1288901626-699231163-3170635746-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1288901626-699231163-3170635746-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 200.19.252.57 200.19.252.35 172.17.0.1 ([BRAZIL (BR)][BRAZIL (BR)][(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 200.19.252.57 200.19.252.35 172.17.0.1 ([BRAZIL (BR)][BRAZIL (BR)][(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3d804573-e0b2-4aff-81e7-cf6e797d311b} | DhcpNameServer : 200.19.252.57 200.19.252.35 172.17.0.1 ([BRAZIL (BR)][BRAZIL (BR)][(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3d804573-e0b2-4aff-81e7-cf6e797d311b} | DhcpNameServer : 200.19.252.57 200.19.252.35 172.17.0.1 ([BRAZIL (BR)][BRAZIL (BR)][(Private Address) (XX)])  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\ProgramData\{ECA9D0D4-7782-4B7F-96E2-FDB0CF0A57D5} -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZMTE256HMHP-000MV +++++
--- User ---
[MBR] 1323f73c131a1d51d95cd0e611defc90
[BSP] 227decd433527e2963a1aaf92a3e4e31 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 390 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 800768 | Size:1 200 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1210368 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1472512 | Size: 238029 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 488955904 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 489877504 | Size: 5000 MB
User = LL1 ... OK
User = LL2 ... OK
 
================================================================================================
Run TDSSKiller by Kaspersky
 

15:01:56.0116 0x1ec4 TDSS rootkit removing tool 3.1.0.7 Nov 29 2015 22:37:04

15:01:56.0116 0x1ec4 UEFI system

15:02:09.0527 0x1ec4 ============================================================

15:02:09.0527 0x1ec4 Current date / time: 2015/12/02 15:02:09.0527

15:02:09.0527 0x1ec4 SystemInfo:

15:02:09.0527 0x1ec4

15:02:09.0527 0x1ec4 OS Version: 10.0.10240 ServicePack: 0.0

15:02:09.0527 0x1ec4 Product type: Workstation

15:02:09.0527 0x1ec4 ComputerName: JOANA

15:02:09.0527 0x1ec4 UserName: JoanaMarini

15:02:09.0527 0x1ec4 Windows directory: C:\WINDOWS

15:02:09.0527 0x1ec4 System windows directory: C:\WINDOWS

15:02:09.0531 0x1ec4 Running under WOW64

15:02:09.0532 0x1ec4 Processor architecture: Intel x64

15:02:09.0532 0x1ec4 Number of processors: 4

15:02:09.0532 0x1ec4 Page size: 0x1000

15:02:09.0532 0x1ec4 Boot type: Normal boot

15:02:09.0532 0x1ec4 ============================================================

15:02:09.0807 0x1ec4 KLMD registered as C:\WINDOWS\system32\drivers\74614489.sys

15:02:09.0913 0x1ec4 System UUID: {97F5810A-9BC0-EEB7-F129-CB0DD38E554B}

15:02:10.0287 0x1ec4 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:02:10.0293 0x1ec4 ============================================================

15:02:10.0293 0x1ec4 \Device\Harddisk0\DR0:

15:02:10.0294 0x1ec4 GPT partitions:

15:02:10.0294 0x1ec4 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {DC5826B0-80AD-4171-996B-9270EBEF3BAA}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC3000

15:02:10.0294 0x1ec4 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {F73DCC1B-8F42-4F53-8841-F9150873756E}, Name: EFI system partition, StartLBA 0xC3800, BlocksNum 0x64000

15:02:10.0295 0x1ec4 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {30050AC9-FBED-45AC-BAB9-3B7D855D4C5F}, Name: Microsoft reserved partition, StartLBA 0x127800, BlocksNum 0x40000

15:02:10.0295 0x1ec4 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {81DFD979-F66B-470C-A403-80DC74C2AD63}, Name: Basic data partition, StartLBA 0x167800, BlocksNum 0x1D0E6800

15:02:10.0295 0x1ec4 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {0BCAE4FE-13BA-4F58-A615-341E1139FB44}, Name: , StartLBA 0x1D24E000, BlocksNum 0xE1000

15:02:10.0295 0x1ec4 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {0A13A012-65D9-4936-8D26-E6446568224F}, Name: Basic data partition, StartLBA 0x1D32F000, BlocksNum 0x9C4000

15:02:10.0296 0x1ec4 MBR partitions:

15:02:10.0296 0x1ec4 ============================================================

15:02:10.0296 0x1ec4 Initialize success

15:02:10.0296 0x1ec4 ============================================================

15:02:20.0578 0x0db8 ============================================================

15:02:20.0578 0x0db8 Scan started

15:02:20.0578 0x0db8 Mode: Manual;

15:02:20.0578 0x0db8 ============================================================

15:02:20.0578 0x0db8 KSN ping started

15:02:22.0618 0x0db8 KSN ping finished: true

15:02:23.0528 0x0db8 ================ Scan system memory ========================

15:02:23.0538 0x0db8 System memory - ok

15:02:23.0538 0x0db8 ================ Scan services =============================

15:02:23.0568 0x0db8 1394ohci - ok

15:02:23.0568 0x0db8 3ware - ok

15:02:23.0578 0x0db8 ACPI - ok

15:02:23.0588 0x0db8 acpiex - ok

15:02:23.0588 0x0db8 acpipagr - ok

15:02:23.0598 0x0db8 AcpiPmi - ok

15:02:23.0598 0x0db8 acpitime - ok

15:02:23.0608 0x0db8 ADP80XX - ok

15:02:23.0618 0x0db8 AFD - ok

15:02:23.0628 0x0db8 agp440 - ok

15:02:23.0628 0x0db8 ahcache - ok

15:02:23.0628 0x0db8 AJRouter - ok

15:02:23.0638 0x0db8 ALG - ok

15:02:23.0638 0x0db8 AmdK8 - ok

15:02:23.0638 0x0db8 AmdPPM - ok

15:02:23.0648 0x0db8 amdsata - ok

15:02:23.0648 0x0db8 amdsbs - ok

15:02:23.0648 0x0db8 amdxata - ok

15:02:23.0648 0x0db8 AppID - ok

15:02:23.0658 0x0db8 AppIDSvc - ok

15:02:23.0658 0x0db8 Appinfo - ok

15:02:23.0658 0x0db8 AppMgmt - ok

15:02:23.0668 0x0db8 AppReadiness - ok

15:02:23.0668 0x0db8 AppXSvc - ok

15:02:23.0668 0x0db8 arcsas - ok

15:02:23.0678 0x0db8 AsyncMac - ok

15:02:23.0678 0x0db8 atapi - ok

15:02:23.0678 0x0db8 AudioEndpointBuilder - ok

15:02:23.0688 0x0db8 Audiosrv - ok

15:02:23.0688 0x0db8 AxInstSV - ok

15:02:23.0688 0x0db8 b06bdrv - ok

15:02:23.0688 0x0db8 BasicDisplay - ok

15:02:23.0698 0x0db8 BasicRender - ok

15:02:23.0698 0x0db8 bcmfn2 - ok

15:02:23.0698 0x0db8 BDESVC - ok

15:02:23.0708 0x0db8 Beep - ok

15:02:23.0708 0x0db8 BFE - ok

15:02:23.0708 0x0db8 BITS - ok

15:02:23.0718 0x0db8 bowser - ok

15:02:23.0718 0x0db8 BrokerInfrastructure - ok

15:02:23.0718 0x0db8 Browser - ok

15:02:23.0718 0x0db8 BthAvrcpTg - ok

15:02:23.0728 0x0db8 BthEnum - ok

15:02:23.0728 0x0db8 BthHFEnum - ok

15:02:23.0728 0x0db8 bthhfhid - ok

15:02:23.0738 0x0db8 BthHFSrv - ok

15:02:23.0738 0x0db8 BthLEEnum - ok

15:02:23.0738 0x0db8 BTHMODEM - ok

15:02:23.0748 0x0db8 BthPan - ok

15:02:23.0748 0x0db8 BTHPORT - ok

15:02:23.0748 0x0db8 bthserv - ok

15:02:23.0758 0x0db8 BTHUSB - ok

15:02:23.0758 0x0db8 buttonconverter - ok

15:02:23.0758 0x0db8 CapImg - ok

15:02:23.0758 0x0db8 cdfs - ok

15:02:23.0768 0x0db8 CDPSvc - ok

15:02:23.0768 0x0db8 cdrom - ok

15:02:23.0768 0x0db8 CertPropSvc - ok

15:02:23.0778 0x0db8 circlass - ok

15:02:23.0778 0x0db8 CLFS - ok

15:02:23.0778 0x0db8 ClipSVC - ok

15:02:23.0788 0x0db8 CmBatt - ok

15:02:23.0788 0x0db8 CNG - ok

15:02:23.0798 0x0db8 cnghwassist - ok

15:02:23.0798 0x0db8 CompositeBus - ok

15:02:23.0808 0x0db8 COMSysApp - ok

15:02:23.0808 0x0db8 condrv - ok

15:02:23.0818 0x0db8 CoreMessagingRegistrar - ok

15:02:23.0822 0x0db8 cphs - ok

15:02:23.0827 0x0db8 CryptSvc - ok

15:02:23.0831 0x0db8 CSC - ok

15:02:23.0834 0x0db8 CscService - ok

15:02:23.0837 0x0db8 dam - ok

15:02:23.0841 0x0db8 DcomLaunch - ok

15:02:23.0844 0x0db8 DcpSvc - ok

15:02:23.0847 0x0db8 defragsvc - ok

15:02:23.0851 0x0db8 DeviceAssociationService - ok

15:02:23.0854 0x0db8 DeviceInstall - ok

15:02:23.0857 0x0db8 DevQueryBroker - ok

15:02:23.0860 0x0db8 Dfsc - ok

15:02:23.0865 0x0db8 dg_ssudbus - ok

15:02:23.0868 0x0db8 Dhcp - ok

15:02:23.0871 0x0db8 diagnosticshub.standardcollector.service - ok

15:02:23.0874 0x0db8 DiagTrack - ok

15:02:23.0877 0x0db8 disk - ok

15:02:23.0880 0x0db8 DmEnrollmentSvc - ok

15:02:23.0885 0x0db8 dmvsc - ok

15:02:23.0888 0x0db8 dmwappushservice - ok

15:02:23.0891 0x0db8 Dnscache - ok

15:02:23.0896 0x0db8 dot3svc - ok

15:02:23.0899 0x0db8 DPS - ok

15:02:23.0903 0x0db8 drmkaud - ok

15:02:23.0905 0x0db8 DsmSvc - ok

15:02:23.0909 0x0db8 DsSvc - ok

15:02:23.0913 0x0db8 dtlitescsibus - ok

15:02:23.0916 0x0db8 DXGKrnl - ok

15:02:23.0919 0x0db8 Eaphost - ok

15:02:23.0923 0x0db8 ebdrv - ok

15:02:23.0927 0x0db8 EFS - ok

15:02:23.0930 0x0db8 EhStorClass - ok

15:02:23.0934 0x0db8 EhStorTcgDrv - ok

15:02:23.0937 0x0db8 embeddedmode - ok

15:02:23.0940 0x0db8 EntAppSvc - ok

15:02:23.0944 0x0db8 ErrDev - ok

15:02:23.0950 0x0db8 EventSystem - ok

15:02:23.0953 0x0db8 exfat - ok

15:02:23.0956 0x0db8 fastfat - ok

15:02:23.0960 0x0db8 Fax - ok

15:02:23.0963 0x0db8 fcvsc - ok

15:02:23.0966 0x0db8 fdc - ok

15:02:23.0970 0x0db8 fdPHost - ok

15:02:23.0972 0x0db8 FDResPub - ok

15:02:23.0975 0x0db8 fhsvc - ok

15:02:23.0978 0x0db8 FileCrypt - ok

15:02:23.0979 0x0db8 FileInfo - ok

15:02:23.0979 0x0db8 Filetrace - ok

15:02:23.0979 0x0db8 flpydisk - ok

15:02:23.0989 0x0db8 FltMgr - ok

15:02:23.0989 0x0db8 FontCache - ok

15:02:23.0999 0x0db8 FontCache3.0.0.0 - ok

15:02:23.0999 0x0db8 FsDepends - ok

15:02:23.0999 0x0db8 Fs_Rec - ok

15:02:23.0999 0x0db8 fvevol - ok

15:02:24.0009 0x0db8 gagp30kx - ok

15:02:24.0009 0x0db8 GbpSv - ok

15:02:24.0019 0x0db8 gencounter - ok

15:02:24.0019 0x0db8 genericusbfn - ok

15:02:24.0019 0x0db8 GPIOClx0101 - ok

15:02:24.0029 0x0db8 gpsvc - ok

15:02:24.0029 0x0db8 GpuEnergyDrv - ok

15:02:24.0029 0x0db8 gupdate - ok

15:02:24.0029 0x0db8 gupdatem - ok

15:02:24.0039 0x0db8 gusvc - ok

15:02:24.0039 0x0db8 HDAudBus - ok

15:02:24.0039 0x0db8 HidBatt - ok

15:02:24.0049 0x0db8 HidBth - ok

15:02:24.0049 0x0db8 hidi2c - ok

15:02:24.0049 0x0db8 hidinterrupt - ok

15:02:24.0059 0x0db8 HidIr - ok

15:02:24.0059 0x0db8 hidserv - ok

15:02:24.0059 0x0db8 HidUsb - ok

15:02:24.0069 0x0db8 HomeGroupListener - ok

15:02:24.0069 0x0db8 HomeGroupProvider - ok

15:02:24.0069 0x0db8 hpqcxs08 - ok

15:02:24.0069 0x0db8 hpqddsvc - ok

15:02:24.0079 0x0db8 HpSAMD - ok

15:02:24.0079 0x0db8 HPx9G+ - ok

15:02:24.0079 0x0db8 HTTP - ok

15:02:24.0089 0x0db8 hwpolicy - ok

15:02:24.0089 0x0db8 hyperkbd - ok

15:02:24.0089 0x0db8 HyperVideo - ok

15:02:24.0099 0x0db8 i8042prt - ok

15:02:24.0099 0x0db8 iaLPSSi_GPIO - ok

15:02:24.0099 0x0db8 iaLPSSi_I2C - ok

15:02:24.0109 0x0db8 iaLPSS_GPIO - ok

15:02:24.0109 0x0db8 iaLPSS_I2C - ok

15:02:24.0109 0x0db8 iaStorAV - ok

15:02:24.0119 0x0db8 iaStorV - ok

15:02:24.0119 0x0db8 ibbus - ok

15:02:24.0119 0x0db8 icssvc - ok

15:02:24.0119 0x0db8 IEEtwCollectorService - ok

15:02:24.0129 0x0db8 igfx - ok

15:02:24.0129 0x0db8 IKEEXT - ok

15:02:24.0139 0x0db8 IntcAzAudAddService - ok

15:02:24.0139 0x0db8 IntcDAud - ok

15:02:24.0139 0x0db8 intelide - ok

15:02:24.0139 0x0db8 intelpep - ok

15:02:24.0149 0x0db8 intelppm - ok

15:02:24.0149 0x0db8 IoQos - ok

15:02:24.0149 0x0db8 IpFilterDriver - ok

15:02:24.0159 0x0db8 iphlpsvc - ok

15:02:24.0159 0x0db8 IPMIDRV - ok

15:02:24.0159 0x0db8 IPNAT - ok

15:02:24.0169 0x0db8 IRENUM - ok

15:02:24.0169 0x0db8 isapnp - ok

15:02:24.0169 0x0db8 iScsiPrt - ok

15:02:24.0169 0x0db8 iwdbus - ok

15:02:24.0179 0x0db8 kbdclass - ok

15:02:24.0179 0x0db8 kbdhid - ok

15:02:24.0179 0x0db8 kdnic - ok

15:02:24.0189 0x0db8 KeyIso - ok

15:02:24.0189 0x0db8 KSecDD - ok

15:02:24.0189 0x0db8 KSecPkg - ok

15:02:24.0199 0x0db8 ksthunk - ok

15:02:24.0199 0x0db8 KtmRm - ok

15:02:24.0199 0x0db8 LanmanServer - ok

15:02:24.0199 0x0db8 LanmanWorkstation - ok

15:02:24.0209 0x0db8 lfsvc - ok

15:02:24.0209 0x0db8 LicenseManager - ok

15:02:24.0219 0x0db8 LkCitadelServer - ok

15:02:24.0219 0x0db8 lkClassAds - ok

15:02:24.0219 0x0db8 lkTimeSync - ok

15:02:24.0229 0x0db8 lltdio - ok

15:02:24.0229 0x0db8 lltdsvc - ok

15:02:24.0229 0x0db8 lmhosts - ok

15:02:24.0239 0x0db8 LSI_SAS - ok

15:02:24.0239 0x0db8 LSI_SAS2i - ok

15:02:24.0249 0x0db8 LSI_SAS3i - ok

15:02:24.0249 0x0db8 LSI_SSS - ok

15:02:24.0249 0x0db8 LSM - ok

15:02:24.0259 0x0db8 luafv - ok

15:02:24.0259 0x0db8 MapsBroker - ok

15:02:24.0259 0x0db8 megasas - ok

15:02:24.0259 0x0db8 megasr - ok

15:02:24.0269 0x0db8 MEIx64 - ok

15:02:24.0269 0x0db8 mlx4_bus - ok

15:02:24.0269 0x0db8 MMCSS - ok

15:02:24.0279 0x0db8 Modem - ok

15:02:24.0279 0x0db8 monitor - ok

15:02:24.0279 0x0db8 mouclass - ok

15:02:24.0289 0x0db8 mouhid - ok

15:02:24.0289 0x0db8 mountmgr - ok

15:02:24.0289 0x0db8 mpsdrv - ok

15:02:24.0299 0x0db8 MpsSvc - ok

15:02:24.0299 0x0db8 mrvlpcie8897 - ok

15:02:24.0309 0x0db8 MRxDAV - ok

15:02:24.0309 0x0db8 mrxsmb - ok

15:02:24.0309 0x0db8 mrxsmb10 - ok

15:02:24.0319 0x0db8 mrxsmb20 - ok

15:02:24.0319 0x0db8 MsBridge - ok

15:02:24.0319 0x0db8 MSDTC - ok

15:02:24.0329 0x0db8 Msfs - ok

15:02:24.0329 0x0db8 msgpiowin32 - ok

15:02:24.0329 0x0db8 mshidkmdf - ok

15:02:24.0339 0x0db8 mshidumdf - ok

15:02:24.0339 0x0db8 msisadrv - ok

15:02:24.0339 0x0db8 MSiSCSI - ok

15:02:24.0349 0x0db8 msiserver - ok

15:02:24.0349 0x0db8 MSKSSRV - ok

15:02:24.0359 0x0db8 MsLldp - ok

15:02:24.0359 0x0db8 MSPCLOCK - ok

15:02:24.0359 0x0db8 MSPQM - ok

15:02:24.0359 0x0db8 MsRPC - ok

15:02:24.0369 0x0db8 mssmbios - ok

15:02:24.0369 0x0db8 MSTEE - ok

15:02:24.0369 0x0db8 MTConfig - ok

15:02:24.0379 0x0db8 Mup - ok

15:02:24.0379 0x0db8 mvumis - ok

15:02:24.0389 0x0db8 NativeWifiP - ok

15:02:24.0389 0x0db8 NcaSvc - ok

15:02:24.0389 0x0db8 NcbService - ok

15:02:24.0389 0x0db8 NcdAutoSetup - ok

15:02:24.0399 0x0db8 ndfltr - ok

15:02:24.0399 0x0db8 NDIS - ok

15:02:24.0399 0x0db8 NdisCap - ok

15:02:24.0409 0x0db8 NdisImPlatform - ok

15:02:24.0409 0x0db8 NdisTapi - ok

15:02:24.0409 0x0db8 Ndisuio - ok

15:02:24.0419 0x0db8 NdisVirtualBus - ok

15:02:24.0419 0x0db8 NdisWan - ok

15:02:24.0419 0x0db8 ndiswanlegacy - ok

15:02:24.0419 0x0db8 ndproxy - ok

15:02:24.0429 0x0db8 Ndu - ok

15:02:24.0429 0x0db8 Net Driver HPZ12 - ok

15:02:24.0429 0x0db8 NetBIOS - ok

15:02:24.0439 0x0db8 NetBT - ok

15:02:24.0439 0x0db8 Netlogon - ok

15:02:24.0449 0x0db8 Netman - ok

15:02:24.0449 0x0db8 netprofm - ok

15:02:24.0449 0x0db8 NetSetupSvc - ok

15:02:24.0449 0x0db8 NetTcpPortSharing - ok

15:02:24.0459 0x0db8 netvsc - ok

15:02:24.0469 0x0db8 NgcCtnrSvc - ok

15:02:24.0469 0x0db8 NgcSvc - ok

15:02:24.0469 0x0db8 NIApplicationWebServer - ok

15:02:24.0469 0x0db8 NIApplicationWebServer64 - ok

15:02:24.0479 0x0db8 niauth - ok

15:02:24.0479 0x0db8 NIDomainService - ok

15:02:24.0479 0x0db8 NILM License Manager - ok

15:02:24.0489 0x0db8 nimDNSResponder - ok

15:02:24.0489 0x0db8 NiSvcLoc - ok

15:02:24.0489 0x0db8 NISystemWebServer - ok

15:02:24.0499 0x0db8 NlaSvc - ok

15:02:24.0499 0x0db8 Npfs - ok

15:02:24.0499 0x0db8 npsvctrig - ok

15:02:24.0509 0x0db8 nsi - ok

15:02:24.0509 0x0db8 nsiproxy - ok

15:02:24.0509 0x0db8 NTFS - ok

15:02:24.0519 0x0db8 Null - ok

15:02:24.0519 0x0db8 nvraid - ok

15:02:24.0519 0x0db8 nvstor - ok

15:02:24.0529 0x0db8 nv_agp - ok

15:02:24.0529 0x0db8 OneSyncSvc - ok

15:02:24.0539 0x0db8 ose64 - ok

15:02:24.0539 0x0db8 p2pimsvc - ok

15:02:24.0549 0x0db8 p2psvc - ok

15:02:24.0549 0x0db8 Parport - ok

15:02:24.0549 0x0db8 partmgr - ok

15:02:24.0549 0x0db8 PcaSvc - ok

15:02:24.0559 0x0db8 pci - ok

15:02:24.0559 0x0db8 pciide - ok

15:02:24.0559 0x0db8 pcmcia - ok

15:02:24.0569 0x0db8 pcw - ok

15:02:24.0569 0x0db8 pdc - ok

15:02:24.0569 0x0db8 PEAUTH - ok

15:02:24.0579 0x0db8 PeerDistSvc - ok

15:02:24.0579 0x0db8 percsas2i - ok

15:02:24.0589 0x0db8 percsas3i - ok

15:02:24.0589 0x0db8 PerfHost - ok

15:02:24.0599 0x0db8 PimIndexMaintenanceSvc - ok

15:02:24.0599 0x0db8 pla - ok

15:02:24.0609 0x0db8 PlugPlay - ok

15:02:24.0609 0x0db8 Pml Driver HPZ12 - ok

15:02:24.0609 0x0db8 PNRPAutoReg - ok

15:02:24.0619 0x0db8 PNRPsvc - ok

15:02:24.0619 0x0db8 PolicyAgent - ok

15:02:24.0629 0x0db8 Power - ok

15:02:24.0629 0x0db8 PptpMiniport - ok

15:02:24.0629 0x0db8 PrintNotify - ok

15:02:24.0629 0x0db8 Processor - ok

15:02:24.0639 0x0db8 ProfSvc - ok

15:02:24.0639 0x0db8 Psched - ok

15:02:24.0639 0x0db8 QWAVE - ok

15:02:24.0649 0x0db8 QWAVEdrv - ok

15:02:24.0649 0x0db8 RapportCerberus_1507076 - ok

15:02:24.0649 0x0db8 RapportEI64 - ok

15:02:24.0659 0x0db8 RapportHades64 - ok

15:02:24.0659 0x0db8 RapportKE64 - ok

15:02:24.0670 0x0db8 RapportMgmtService - ok

15:02:24.0673 0x0db8 RapportPG64 - ok

15:02:24.0676 0x0db8 RasAcd - ok

15:02:24.0680 0x0db8 RasAgileVpn - ok

15:02:24.0687 0x0db8 RasAuto - ok

15:02:24.0691 0x0db8 Rasl2tp - ok

15:02:24.0694 0x0db8 RasMan - ok

15:02:24.0698 0x0db8 RasPppoe - ok

15:02:24.0702 0x0db8 RasSstp - ok

15:02:24.0706 0x0db8 rdbss - ok

15:02:24.0711 0x0db8 rdpbus - ok

15:02:24.0714 0x0db8 RDPDR - ok

15:02:24.0721 0x0db8 RdpVideoMiniport - ok

15:02:24.0724 0x0db8 rdyboost - ok

15:02:24.0727 0x0db8 ReFSv1 - ok

15:02:24.0733 0x0db8 RemoteAccess - ok

15:02:24.0736 0x0db8 RemoteRegistry - ok

15:02:24.0740 0x0db8 RetailDemo - ok

15:02:24.0743 0x0db8 RFCOMM - ok

15:02:24.0747 0x0db8 RpcEptMapper - ok

15:02:24.0751 0x0db8 RpcLocator - ok

15:02:24.0754 0x0db8 RpcSs - ok

15:02:24.0757 0x0db8 rspndr - ok

15:02:24.0760 0x0db8 RSUSBSTOR - ok

15:02:24.0764 0x0db8 RTSUER - ok

15:02:24.0767 0x0db8 s3cap - ok

15:02:24.0771 0x0db8 SamSs - ok

15:02:24.0774 0x0db8 sbp2port - ok

15:02:24.0777 0x0db8 SCardSvr - ok

15:02:24.0784 0x0db8 ScDeviceEnum - ok

15:02:24.0790 0x0db8 scfilter - ok

15:02:24.0794 0x0db8 Schedule - ok

15:02:24.0799 0x0db8 SCPolicySvc - ok

15:02:24.0802 0x0db8 sdbus - ok

15:02:24.0806 0x0db8 SDRSVC - ok

15:02:24.0808 0x0db8 sdstor - ok

15:02:24.0812 0x0db8 seclogon - ok

15:02:24.0815 0x0db8 SENS - ok

15:02:24.0819 0x0db8 SensorDataService - ok

15:02:24.0822 0x0db8 SensorService - ok

15:02:24.0825 0x0db8 SensorsHIDClassDriver - ok

15:02:24.0829 0x0db8 SensrSvc - ok

15:02:24.0833 0x0db8 SerCx - ok

15:02:24.0835 0x0db8 SerCx2 - ok

15:02:24.0835 0x0db8 Serenum - ok

15:02:24.0835 0x0db8 Serial - ok

15:02:24.0845 0x0db8 sermouse - ok

15:02:24.0845 0x0db8 SessionEnv - ok

15:02:24.0855 0x0db8 sfloppy - ok

15:02:24.0855 0x0db8 SharedAccess - ok

15:02:24.0865 0x0db8 ShellHWDetection - ok

15:02:24.0865 0x0db8 SiSRaid2 - ok

15:02:24.0865 0x0db8 SiSRaid4 - ok

15:02:24.0875 0x0db8 smphost - ok

15:02:24.0875 0x0db8 SmsRouter - ok

15:02:24.0885 0x0db8 SNMPTRAP - ok

15:02:24.0885 0x0db8 spaceport - ok

15:02:24.0885 0x0db8 SpbCx - ok

15:02:24.0895 0x0db8 Spooler - ok

15:02:24.0895 0x0db8 sppsvc - ok

15:02:24.0895 0x0db8 srv - ok

15:02:24.0905 0x0db8 srv2 - ok

15:02:24.0905 0x0db8 srvnet - ok

15:02:24.0905 0x0db8 SSDPSRV - ok

15:02:24.0915 0x0db8 SstpSvc - ok

15:02:24.0915 0x0db8 ssudcdf - ok

15:02:24.0915 0x0db8 ssuddmgr - ok

15:02:24.0925 0x0db8 ssudmdm - ok

15:02:24.0925 0x0db8 ssudobex - ok

15:02:24.0925 0x0db8 ssudrmnet - ok

15:02:24.0935 0x0db8 ssudserd - ok

15:02:24.0935 0x0db8 ss_conn_usb_driver - ok

15:02:24.0935 0x0db8 StateRepository - ok

15:02:24.0945 0x0db8 stexstor - ok

15:02:24.0945 0x0db8 stisvc - ok

15:02:24.0955 0x0db8 storahci - ok

15:02:24.0955 0x0db8 storflt - ok

15:02:24.0955 0x0db8 stornvme - ok

15:02:24.0955 0x0db8 storqosflt - ok

15:02:24.0965 0x0db8 StorSvc - ok

15:02:24.0965 0x0db8 storufs - ok

15:02:24.0965 0x0db8 storvsc - ok

15:02:24.0975 0x0db8 SurfaceAccessoryDevice - ok

15:02:24.0975 0x0db8 SurfaceCapacitiveHomeButton - ok

15:02:24.0985 0x0db8 SurfaceDisplayCalibration - ok

15:02:24.0985 0x0db8 SurfaceIntegrationDriver - ok

15:02:24.0985 0x0db8 SurfacePciController - ok

15:02:24.0995 0x0db8 SurfacePenDriver - ok

15:02:24.0995 0x0db8 SurfaceTypeCover - ok

15:02:24.0995 0x0db8 SurfaceTypeCoverV3Integration - ok

15:02:25.0005 0x0db8 svsvc - ok

15:02:25.0005 0x0db8 swenum - ok

15:02:25.0005 0x0db8 swprv - ok

15:02:25.0015 0x0db8 Synth3dVsc - ok

15:02:25.0015 0x0db8 SysMain - ok

15:02:25.0015 0x0db8 SystemEventsBroker - ok

15:02:25.0025 0x0db8 TabletInputService - ok

15:02:25.0025 0x0db8 TapiSrv - ok

15:02:25.0037 0x0db8 Tcpip - ok

15:02:25.0040 0x0db8 Tcpip6 - ok

15:02:25.0045 0x0db8 tcpipreg - ok

15:02:25.0051 0x0db8 tdx - ok

15:02:25.0054 0x0db8 terminpt - ok

15:02:25.0058 0x0db8 TermService - ok

15:02:25.0061 0x0db8 Themes - ok

15:02:25.0065 0x0db8 tiledatamodelsvc - ok

15:02:25.0069 0x0db8 TimeBroker - ok

15:02:25.0072 0x0db8 TPM - ok

15:02:25.0076 0x0db8 TrkWks - ok

15:02:25.0079 0x0db8 TrueColor - ok

15:02:25.0086 0x0db8 TrueSight - ok

15:02:25.0090 0x0db8 TrustedInstaller - ok

15:02:25.0095 0x0db8 TsUsbFlt - ok

15:02:25.0098 0x0db8 TsUsbGD - ok

15:02:25.0103 0x0db8 tunnel - ok

15:02:25.0107 0x0db8 uagp35 - ok

15:02:25.0110 0x0db8 UASPStor - ok

15:02:25.0113 0x0db8 UcmCx0101 - ok

15:02:25.0119 0x0db8 UcmUcsi - ok

15:02:25.0122 0x0db8 Ucx01000 - ok

15:02:25.0125 0x0db8 UdeCx - ok

15:02:25.0129 0x0db8 udfs - ok

15:02:25.0132 0x0db8 UEFI - ok

15:02:25.0136 0x0db8 Ufx01000 - ok

15:02:25.0140 0x0db8 UfxChipidea - ok

15:02:25.0143 0x0db8 ufxsynopsys - ok

15:02:25.0152 0x0db8 UI0Detect - ok

15:02:25.0156 0x0db8 uliagpkx - ok

15:02:25.0159 0x0db8 umbus - ok

15:02:25.0162 0x0db8 UmPass - ok

15:02:25.0165 0x0db8 UmRdpService - ok

15:02:25.0170 0x0db8 UnistoreSvc - ok

15:02:25.0176 0x0db8 upnphost - ok

15:02:25.0179 0x0db8 UrsChipidea - ok

15:02:25.0183 0x0db8 UrsCx01000 - ok

15:02:25.0187 0x0db8 UrsSynopsys - ok

15:02:25.0191 0x0db8 usbccgp - ok

15:02:25.0194 0x0db8 usbcir - ok

15:02:25.0198 0x0db8 usbehci - ok

15:02:25.0199 0x0db8 usbhub - ok

15:02:25.0199 0x0db8 USBHUB3 - ok

15:02:25.0199 0x0db8 usbohci - ok

15:02:25.0209 0x0db8 usbprint - ok

15:02:25.0209 0x0db8 usbscan - ok

15:02:25.0219 0x0db8 usbser - ok

15:02:25.0219 0x0db8 USBSTOR - ok

15:02:25.0219 0x0db8 usbuhci - ok

15:02:25.0219 0x0db8 usbvideo - ok

15:02:25.0229 0x0db8 USBXHCI - ok

15:02:25.0229 0x0db8 UserDataSvc - ok

15:02:25.0239 0x0db8 UserManager - ok

15:02:25.0249 0x0db8 UsoSvc - ok

15:02:25.0249 0x0db8 VaultSvc - ok

15:02:25.0249 0x0db8 vdrvroot - ok

15:02:25.0259 0x0db8 vds - ok

15:02:25.0259 0x0db8 VerifierExt - ok

15:02:25.0259 0x0db8 vhdmp - ok

15:02:25.0269 0x0db8 vhf - ok

15:02:25.0269 0x0db8 vmbus - ok

15:02:25.0269 0x0db8 VMBusHID - ok

15:02:25.0279 0x0db8 vmicguestinterface - ok

15:02:25.0279 0x0db8 vmicheartbeat - ok

15:02:25.0289 0x0db8 vmickvpexchange - ok

15:02:25.0289 0x0db8 vmicrdv - ok

15:02:25.0299 0x0db8 vmicshutdown - ok

15:02:25.0299 0x0db8 vmictimesync - ok

15:02:25.0299 0x0db8 vmicvmsession - ok

15:02:25.0309 0x0db8 vmicvss - ok

15:02:25.0309 0x0db8 volmgr - ok

15:02:25.0309 0x0db8 volmgrx - ok

15:02:25.0319 0x0db8 volsnap - ok

15:02:25.0319 0x0db8 vpci - ok

15:02:25.0329 0x0db8 vsmraid - ok

15:02:25.0329 0x0db8 VSS - ok

15:02:25.0329 0x0db8 VSTXRAID - ok

15:02:25.0339 0x0db8 vwifibus - ok

15:02:25.0339 0x0db8 vwififlt - ok

15:02:25.0339 0x0db8 vwifimp - ok

15:02:25.0349 0x0db8 W32Time - ok

15:02:25.0359 0x0db8 WacomPen - ok

15:02:25.0359 0x0db8 WalletService - ok

15:02:25.0369 0x0db8 wanarp - ok

15:02:25.0369 0x0db8 wanarpv6 - ok

15:02:25.0369 0x0db8 Warsaw Technology - ok

15:02:25.0379 0x0db8 wbengine - ok

15:02:25.0379 0x0db8 WbioSrvc - ok

15:02:25.0389 0x0db8 Wcmsvc - ok

15:02:25.0389 0x0db8 wcncsvc - ok

15:02:25.0399 0x0db8 WcsPlugInService - ok

15:02:25.0399 0x0db8 WdBoot - ok

15:02:25.0399 0x0db8 Wdf01000 - ok

15:02:25.0409 0x0db8 WdFilter - ok

15:02:25.0409 0x0db8 WdiServiceHost - ok

15:02:25.0419 0x0db8 WdiSystemHost - ok

15:02:25.0419 0x0db8 wdiwifi - ok

15:02:25.0419 0x0db8 WdNisDrv - ok

15:02:25.0429 0x0db8 WdNisSvc - ok

15:02:25.0429 0x0db8 WebClient - ok

15:02:25.0429 0x0db8 Wecsvc - ok

15:02:25.0439 0x0db8 WEPHOSTSVC - ok

15:02:25.0439 0x0db8 wercplsupport - ok

15:02:25.0449 0x0db8 WerSvc - ok

15:02:25.0449 0x0db8 wfpcapture - ok

15:02:25.0449 0x0db8 WFPLWFS - ok

15:02:25.0459 0x0db8 WiaRpc - ok

15:02:25.0459 0x0db8 WiFiClass - ok

15:02:25.0459 0x0db8 WIMMount - ok

15:02:25.0469 0x0db8 WinDefend - ok

15:02:25.0469 0x0db8 WinDivert1.1 - ok

15:02:25.0479 0x0db8 WindowsTrustedRT - ok

15:02:25.0489 0x0db8 WindowsTrustedRTProxy - ok

15:02:25.0489 0x0db8 WinHttpAutoProxySvc - ok

15:02:25.0489 0x0db8 WinMad - ok

15:02:25.0499 0x0db8 Winmgmt - ok

15:02:25.0499 0x0db8 WinRM - ok

15:02:25.0509 0x0db8 WINUSB - ok

15:02:25.0509 0x0db8 WinVerbs - ok

15:02:25.0519 0x0db8 WlanSvc - ok

15:02:25.0519 0x0db8 wlidsvc - ok

15:02:25.0529 0x0db8 WmiAcpi - ok

15:02:25.0529 0x0db8 wmiApSrv - ok

15:02:25.0539 0x0db8 WMPNetworkSvc - ok

15:02:25.0539 0x0db8 Wof - ok

15:02:25.0549 0x0db8 workfolderssvc - ok

15:02:25.0549 0x0db8 wpcfltr - ok

15:02:25.0549 0x0db8 WPDBusEnum - ok

15:02:25.0559 0x0db8 WpdUpFltr - ok

15:02:25.0559 0x0db8 WpnService - ok

15:02:25.0569 0x0db8 ws2ifsl - ok

15:02:25.0569 0x0db8 wscsvc - ok

15:02:25.0569 0x0db8 WSearch - ok

15:02:25.0579 0x0db8 WSService - ok

15:02:25.0579 0x0db8 wuauserv - ok

15:02:25.0589 0x0db8 WudfPf - ok

15:02:25.0589 0x0db8 WUDFRd - ok

15:02:25.0599 0x0db8 wudfsvc - ok

15:02:25.0599 0x0db8 WUDFWpdFs - ok

15:02:25.0599 0x0db8 WUDFWpdMtp - ok

15:02:25.0609 0x0db8 WwanSvc - ok

15:02:25.0609 0x0db8 XblAuthManager - ok

15:02:25.0619 0x0db8 XblGameSave - ok

15:02:25.0619 0x0db8 xboxgip - ok

15:02:25.0619 0x0db8 XboxNetApiSvc - ok

15:02:25.0629 0x0db8 xinputhid - ok

15:02:25.0629 0x0db8 ================ Scan global ===============================

15:02:25.0639 0x0db8 [ Global ] - ok

15:02:25.0639 0x0db8 ================ Scan MBR ==================================

15:02:25.0639 0x0db8 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0

15:02:25.0649 0x0db8 \Device\Harddisk0\DR0 - ok

15:02:25.0649 0x0db8 ================ Scan VBR ==================================

15:02:25.0649 0x0db8 [ 8B1EC6A10804D6396BBB3415ABF5844C ] \Device\Harddisk0\DR0\Partition1

15:02:25.0649 0x0db8 \Device\Harddisk0\DR0\Partition1 - ok

15:02:25.0649 0x0db8 [ 495FC6A5B2D660A2CC9DF4D7793D51E1 ] \Device\Harddisk0\DR0\Partition2

15:02:25.0649 0x0db8 \Device\Harddisk0\DR0\Partition2 - ok

15:02:25.0659 0x0db8 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3

15:02:25.0659 0x0db8 \Device\Harddisk0\DR0\Partition3 - ok

15:02:25.0659 0x0db8 [ 395BFE4D9037B175F135629E0A77F85F ] \Device\Harddisk0\DR0\Partition4

15:02:25.0659 0x0db8 \Device\Harddisk0\DR0\Partition4 - ok

15:02:25.0659 0x0db8 [ 34746BD2227959EB3ED4E24F962C8295 ] \Device\Harddisk0\DR0\Partition5

15:02:25.0659 0x0db8 \Device\Harddisk0\DR0\Partition5 - ok

15:02:25.0669 0x0db8 [ 677327A99D0D1F8C3631775F2136F67F ] \Device\Harddisk0\DR0\Partition6

15:02:25.0669 0x0db8 \Device\Harddisk0\DR0\Partition6 - ok

15:02:25.0669 0x0db8 ================ Scan generic autorun ======================

15:02:25.0669 0x0db8 Diebold - Warsaw - ok

15:02:25.0669 0x0db8 SunJavaUpdateSched - ok

15:02:25.0669 0x0db8 OneDriveSetup - ok

15:02:25.0669 0x0db8 OneDriveSetup - ok

15:02:25.0669 0x0db8 GoogleDriveSync - ok

15:02:25.0669 0x0db8 Dropbox Update - ok

15:02:25.0679 0x0db8 OneDrive - ok

15:02:25.0679 0x0db8 Uninstall C:\Users\JoanaMarini\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64 - ok

15:02:25.0679 0x0db8 Uninstall C:\Users\JoanaMarini\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1 - ok

15:02:25.0679 0x0db8 Uninstall C:\Users\JoanaMarini\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64 - ok

15:02:25.0679 0x0db8 Uninstall C:\Users\JoanaMarini\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64 - ok

15:02:25.0709 0x0db8 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.10240.16384 ), 0x62100 ( disabled : updated )

15:02:25.0719 0x0db8 Win FW state via NFP2: enabled ( trusted )

15:02:30.0129 0x0db8 ============================================================

15:02:30.0129 0x0db8 Scan finished

15:02:30.0129 0x0db8 ============================================================

15:02:30.0149 0x1bb8 Detected object count: 0

15:02:30.0149 0x1bb8 Actual detected object count: 0

 

aswMBR

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-12-02 15:07:02
-----------------------------
15:07:02.530    OS Version: Windows x64 6.2.9200
15:07:02.530    Number of processors: 4 586 0x4501
15:07:02.530    ComputerName: JOANA  UserName:
15:07:03.060    Initialize success
15:07:03.140    VM: initialized successfully
15:07:03.140    VM: Intel CPU supported
15:07:16.151    VM: disk I/O storahci.sys
15:53:41.408    AVAST engine defs: 15120201
15:55:32.437    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000035
15:55:32.447    Disk 0 Vendor: SAMSUNG_MZMTE256HMHP-000MV EXT41M0Q Size: 244198MB BusType: 11
15:55:32.467    Disk 0 MBR read successfully
15:55:32.467    Disk 0 MBR scan
15:55:32.497    Disk 0 unknown MBR code
15:55:32.507    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
15:55:32.537    Disk 0 scanning C:\WINDOWS\system32\drivers
15:55:32.547    Service scanning
15:55:47.805    Modules scanning
15:55:47.815    Disk 0 trace - called modules:
15:55:47.845    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll storahci.sys
15:55:47.855    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001e41c9380]
15:55:47.865    3 CLASSPNP.SYS[fffff800593646c5] -> nt!IofCallDriver -> [0xffffe001e3f91040]
15:55:47.875    5 ACPI.sys[fffff80058381361] -> nt!IofCallDriver -> [0xffffe001e3f8c390]
15:55:47.885    7 ACPI.sys[fffff80058381361] -> nt!IofCallDriver -> \Device\00000035[0xffffe001e3f8d060]
15:55:48.315    AVAST engine scan C:\WINDOWS
15:55:48.325    AVAST engine scan C:\WINDOWS\system32
15:55:48.335    AVAST engine scan C:\WINDOWS\system32\drivers
15:55:48.355    AVAST engine scan C:\Users\JoanaMarini
15:55:48.372    AVAST engine scan C:\ProgramData
15:55:48.384    Disk 0 statistics 210/0/0 @ 6.41 MB/s
15:55:48.396    Scan finished successfully
15:56:04.143    Disk 0 MBR has been saved successfully to "C:\Users\JoanaMarini\Desktop\MBR.dat"
15:56:04.153    The log file has been saved successfully to "C:\Users\JoanaMarini\Desktop\aswMBR.txt"
 
I will send another post with the MBR file.
 
 
 
 
 

 



#5 JoanaMOC

JoanaMOC
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:56 PM

Posted 02 December 2015 - 01:06 PM

Attached File  MBR.zip   143bytes   3 downloads

Thanks ... I hope I did all like you expected...

I'm waiting for your answer.

 

There is any problem? Someone is using my computer?

 

Best Regards,

Joana


Edited by JoanaMOC, 02 December 2015 - 01:09 PM.


#6 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 PM

Posted 02 December 2015 - 06:48 PM

Hi JoanaMOC, Thank you,
 
Please do the following for me
 
Please Uninstall:AVG Secure Search
 
===================
Step 1:
Please download SystemLook from one of the links below and save it to your Desktop.
Download 1
Download 2

  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8 users, right-click > Run as Administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
:filefind
lsass.exe

:regfind
lsass.exe
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan.
  • Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
 
Step 2:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.09.1.1004.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 JoanaMOC

JoanaMOC
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:56 PM

Posted 03 December 2015 - 09:04 AM

Hi Yılmaz!

AVG Secure Search​ is not installed... I did a search at my C: and I found several AVG files... I tried to delete then but I'm not sure if I could get rid of it. Please let me know if there is another way to uninstall it.

================================

Step 1:

SystemLook 30.07.11 by jpshortstuff
Log created at 11:30 on 03/12/2015 by JoanaMarini
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "lsass.exe"
C:\Windows\System32\lsass.exe --a---- 56344 bytes [11:00 10/07/2015] [11:00 10/07/2015] 9A83FA0EC9B0DCED2CBC49DD05901920
C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.10240.16384_none_456c134c2cfbb1c3\lsass.exe --a---- 56344 bytes [11:00 10/07/2015] [11:00 10/07/2015] 9A83FA0EC9B0DCED2CBC49DD05901920
 
========== regfind ==========
 
Searching for "lsass.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FTH]
"ExclusionList"="smss.exe csrss.exe wininit.exe services.exe lsass.exe lsm.exe svchost.exe winlogon.exe SLsvc.exe spoolsv.exe taskhost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unse
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon]
"ImagePath"="%systemroot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NgcSvc]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Netlogon-TCP-RPC-In"="v2.24|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"CoreNet-GP-LSASS-Out-TCP"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Netlogon-TCP-RPC-In"="v2.24|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"CoreNet-GP-LSASS-Out-TCP"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VaultSvc]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AppId_Catalog\343305C9]
"AppFullPath"="C:\Windows\System32\lsass.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon]
"ImagePath"="%systemroot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NgcSvc]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"Netlogon-TCP-RPC-In"="v2.24|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"CoreNet-GP-LSASS-Out-TCP"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"Netlogon-TCP-RPC-In"="v2.24|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"CoreNet-GP-LSASS-Out-TCP"="v2.24|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VaultSvc]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\343305C9]
"AppFullPath"="C:\Windows\System32\lsass.exe"
 
-= EOF =-
 
===================================================

Step 2:

Attached File  system-log.zip   4.91KB   1 downloads



#8 JoanaMOC

JoanaMOC
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:56 PM

Posted 03 December 2015 - 09:33 AM

So, I there anything wrong?

 

Best Regards,

Joana



#9 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 PM

Posted 03 December 2015 - 04:16 PM

So, I there anything wrong?

There is any problem? Someone is using my computer?

No wrong and your computer does not use anybody.

====================================================

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   10.71KB   4 downloads and save it in the same directory as FRST

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 5:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   19 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Step 6:

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 JoanaMOC

JoanaMOC
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:56 PM

Posted 04 December 2015 - 10:36 AM

Hey Yılmaz!

 

Thank you very much!

 

The reports that t you asked for area below:

=========================================================================

Step 1:

Fix result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by JoanaMarini (2015-12-04 09:46:56) Run:1
Running from C:\Users\JoanaMarini\Downloads
Loaded Profiles: JoanaMarini (Available Profiles: JoanaMarini)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {2CB54706-101E-4FF7-A824-CF3199FACF38} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6D2D1B16-1503-40EC-ACB0-EAAC6C4D2059} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7D61F870-1435-4B69-B483-AA8FC3FDEC41} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {88CC4FDB-4819-4061-B7CE-D1E17C4FA281} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8CA70896-ECE0-4288-B05D-18D5DAA19564} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A8491C64-A097-46B6-923B-97E119A42A7D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A92CCE61-2180-4AC8-B96F-B7D2C96DE453} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AA176200-6CB2-482A-B74F-F9CBE0F9DFA1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B004FE77-5CE9-4C0F-9A75-B0FFDAC23B27} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DD8FC5DA-ECE2-46AD-AB8A-4755C35E277D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F5CDC067-0396-4B63-92CB-1D8BADE0CE34} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\www.askvg.com\http_80\[Tip] Add Secret “Purge Memory” Button in Google Chrome Task Manager - AskVG.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.askvg.com/tip-add-secret-purge-memory-button-in-google-chromes-task-manager/ <==== ATTENTION
2015-12-01 16:02 - 2015-12-01 16:02 - 00098816 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32api.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00110080 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\pywintypes27.dll
2015-12-01 16:02 - 2015-12-01 16:02 - 00364544 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\pythoncom27.dll
2015-12-01 16:02 - 2015-12-01 16:02 - 00046080 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\_socket.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 01208320 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\_ssl.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00320512 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32com.shell.shell.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00776704 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\_hashlib.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 01176576 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\wx._core_.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00806400 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\wx._gdi_.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00816128 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\wx._windows_.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 01067008 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\wx._controls_.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00733184 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\wx._misc_.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00682496 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\pysqlite2._sqlite.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00088064 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\_ctypes.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00119808 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32file.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00108544 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32security.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00007168 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\hashobjs_ext.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00017920 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\thumbnails_ext.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00079360 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\usb_ext.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00167936 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32gui.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00018432 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32event.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00128512 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\_elementtree.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00127488 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\pyexpat.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00013824 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\common.time34.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00036864 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\_psutil_windows.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00038912 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32inet.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00525640 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\windows._lib_cacheinvalidation.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00011264 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32crypt.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00077312 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\wx._html2.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00027136 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\_multiprocessing.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00020480 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\_yappi.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00035840 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32process.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00686080 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\unicodedata.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00123392 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\wx._wizard.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00024064 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32pipe.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00010240 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\select.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00025600 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32pdh.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00017408 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32profile.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00022528 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32ts.pyd
2015-12-01 16:02 - 2015-12-01 16:02 - 00078848 _____ () C:\Users\Admin\AppData\Local\Temp\_MEI37122\wx._animate.pyd
AlternateDataStreams: C:\Users\Admin\Desktop\220558812-John-Grainger-Author-Jr-William-Stevenson-Author-Power-System-Analysis-Solution-Manual.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Admin\Downloads\Porcelana.pdf:com.dropbox.attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\"NI Error Reporting.lnk"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder/NI Error Reporting.lnk
FirewallRules: [{A4F137D3-CB05-4953-9F52-DA5D325DF38E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{956E6D04-3F39-497C-A736-7872A4A85C09}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{BC6A853A-4B67-4BBE-9438-98C1B3465A84}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{908DE856-FD5D-4F3E-A4C9-8E9FDE5DA30B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{F1FA4E06-E2E4-4B30-B9AE-FBE273139790}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{1F84121B-7C6E-4541-B606-310BEE9ACA33}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [UDP Query User{352516F5-5552-488C-9057-75686DDF722F}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{EC1A0032-263F-4CBD-A8EB-509CF44BAE2B}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{34A7115B-90A4-4E03-808D-B55C8B1F4EAF}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{A372F882-F5E3-40E4-AFB5-B71C337BD87F}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{4A13272F-DDFA-4442-A43C-3220148CE172}] => (Allow) C:\Users\Admin\Downloads\Adaware_Installer.exe
FirewallRules: [{33592921-16A5-40C8-A71B-DD3F4D511DFB}] => (Allow) C:\Users\Admin\Downloads\Adaware_Installer.exe
FirewallRules: [{2F128299-FC54-4799-8CFE-D0929B2DC52D}] => (Allow) C:\Users\Admin\Downloads\Adaware_Installer.exe
FirewallRules: [{2AFAA9FD-E4D3-481F-A7E6-4BACC92E9236}] => (Allow) C:\Users\Admin\Downloads\Adaware_Installer.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
SearchScopes: HKU\S-1-5-21-1288901626-699231163-3170635746-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
CHR HKU\S-1-5-21-1288901626-699231163-3170635746-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\xxxxxxxxxxxx\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx
CHR HKU\S-1-5-21-1288901626-699231163-3170635746-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1288901626-699231163-3170635746-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
S3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-07-29] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [271272 2015-07-29] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-07-29] (BitDefender)
S3 HPx9G+; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
C:\Users\JOANA-Admin Joana\Downloads\Adaware_Installer.exe
C:\Users\JOANA-Admin Joana\AppData\Roaming\LTspiceIV.ini
C:\Users\JOANA-Admin Joana\AppData\Local\Packages
C:\Users\JOANA-Admin Joana\Scan
2015-11-04 17:48 - 2015-11-18 18:29 - 0004061 _____ () C:\Users\JOANA-Admin Joana\AppData\Roaming\LTspiceIV.ini
2015-03-05 11:48 - 2015-03-05 11:48 - 0015945 _____ () C:\Users\JOANA-Admin Joana\AppData\Roaming\unins000.dat
2015-08-18 11:46 - 2015-08-18 11:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
HKEY_LOCAL_MACHINE\Software\AVG Secure Search
HKEY_LOCAL_MACHINE\Software\Partner
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
C:\ProgramData\{ECA9D0D4-7782-4B7F-96E2-FDB0CF0A57D5}
cmd: netsh winsock reset
Shortcut:
EmptyTemp:
 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CB54706-101E-4FF7-A824-CF3199FACF38}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CB54706-101E-4FF7-A824-CF3199FACF38}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D2D1B16-1503-40EC-ACB0-EAAC6C4D2059}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D2D1B16-1503-40EC-ACB0-EAAC6C4D2059}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D61F870-1435-4B69-B483-AA8FC3FDEC41}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D61F870-1435-4B69-B483-AA8FC3FDEC41}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88CC4FDB-4819-4061-B7CE-D1E17C4FA281}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88CC4FDB-4819-4061-B7CE-D1E17C4FA281}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8CA70896-ECE0-4288-B05D-18D5DAA19564}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CA70896-ECE0-4288-B05D-18D5DAA19564}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8491C64-A097-46B6-923B-97E119A42A7D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8491C64-A097-46B6-923B-97E119A42A7D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A92CCE61-2180-4AC8-B96F-B7D2C96DE453}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A92CCE61-2180-4AC8-B96F-B7D2C96DE453}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA176200-6CB2-482A-B74F-F9CBE0F9DFA1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA176200-6CB2-482A-B74F-F9CBE0F9DFA1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B004FE77-5CE9-4C0F-9A75-B0FFDAC23B27}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B004FE77-5CE9-4C0F-9A75-B0FFDAC23B27}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DD8FC5DA-ECE2-46AD-AB8A-4755C35E277D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD8FC5DA-ECE2-46AD-AB8A-4755C35E277D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5CDC067-0396-4B63-92CB-1D8BADE0CE34}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5CDC067-0396-4B63-92CB-1D8BADE0CE34}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\www.askvg.com\http_80\[Tip] Add Secret “Purge Memory” Button in Google Chrome Task Manager - AskVG.lnk => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32api.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\pywintypes27.dll" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\pythoncom27.dll" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\_socket.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\_ssl.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32com.shell.shell.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\_hashlib.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\wx._core_.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\wx._gdi_.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\wx._windows_.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\wx._controls_.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\wx._misc_.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\pysqlite2._sqlite.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\_ctypes.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32file.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32security.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\hashobjs_ext.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\thumbnails_ext.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\usb_ext.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32gui.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32event.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\_elementtree.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\pyexpat.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\common.time34.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\_psutil_windows.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32inet.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\windows._lib_cacheinvalidation.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32crypt.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\wx._html2.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\_multiprocessing.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\_yappi.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32process.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\unicodedata.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\wx._wizard.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32pipe.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\select.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32pdh.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32profile.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\win32ts.pyd" => not found.
"C:\Users\Admin\AppData\Local\Temp\_MEI37122\wx._animate.pyd" => not found.
"C:\Users\Admin\Desktop\220558812-John-Grainger-Author-Jr-William-Stevenson-Author-Power-System-Analysis-Solution-Manual.pdf" => ":com.dropbox.attributes" ADS not found.
"C:\Users\Admin\Downloads\Porcelana.pdf" => ":com.dropbox.attributes" ADS not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\"NI Error Reporting.lnk" => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder/NI Error Reporting.lnk => Error: No automatic fix found for this entry.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4F137D3-CB05-4953-9F52-DA5D325DF38E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{956E6D04-3F39-497C-A736-7872A4A85C09} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC6A853A-4B67-4BBE-9438-98C1B3465A84} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{908DE856-FD5D-4F3E-A4C9-8E9FDE5DA30B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F1FA4E06-E2E4-4B30-B9AE-FBE273139790} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1F84121B-7C6E-4541-B606-310BEE9ACA33} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{352516F5-5552-488C-9057-75686DDF722F}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EC1A0032-263F-4CBD-A8EB-509CF44BAE2B}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{34A7115B-90A4-4E03-808D-B55C8B1F4EAF}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A372F882-F5E3-40E4-AFB5-B71C337BD87F}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A13272F-DDFA-4442-A43C-3220148CE172} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33592921-16A5-40C8-A71B-DD3F4D511DFB} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2F128299-FC54-4799-8CFE-D0929B2DC52D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2AFAA9FD-E4D3-481F-A7E6-4BACC92E9236} => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKU\S-1-5-21-1288901626-699231163-3170635746-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
"HKU\S-1-5-21-1288901626-699231163-3170635746-1001\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => key removed successfully
"HKU\S-1-5-21-1288901626-699231163-3170635746-1001\SOFTWARE\Google\Chrome\Extensions\bbjllphbppobebmjpjcijfbakobcheof" => key removed successfully
"HKU\S-1-5-21-1288901626-699231163-3170635746-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
avc3 => service not found.
avchv => service not found.
avckf => service not found.
HPx9G+ => service removed successfully
wfpcapture => service removed successfully
"C:\Users\JOANA-Admin Joana\Downloads\Adaware_Installer.exe" => not found.
"C:\Users\JOANA-Admin Joana\AppData\Roaming\LTspiceIV.ini" => not found.
"C:\Users\JOANA-Admin Joana\AppData\Local\Packages" => not found.
"C:\Users\JOANA-Admin Joana\Scan" => not found.
"C:\Users\JOANA-Admin Joana\AppData\Roaming\LTspiceIV.ini" => not found.
"C:\Users\JOANA-Admin Joana\AppData\Roaming\unins000.dat" => not found.
C:\ProgramData\DP45977C.lfl => moved successfully
HKEY_LOCAL_MACHINE\Software\AVG Secure Search => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\Software\Partner => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Error: No automatic fix found for this entry.
"C:\ProgramData\{ECA9D0D4-7782-4B7F-96E2-FDB0CF0A57D5}" => not found.
 
=========  netsh winsock reset =========
 

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 

========= End of CMD: =========
 
Shortcut: => Error: No automatic fix found for this entry.
EmptyTemp: => 932.8 MB temporary data Removed.
 

The system needed a reboot.
 
==== End of Fixlog 09:51:25 ====
Step 2:
# AdwCleaner v5.023 - Logfile created 04/12/2015 at 09:59:47
# Updated 30/11/2015 by Xplode
# Database : 2015-12-03.1 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : JoanaMarini - JOANA
# Running from : C:\Users\JoanaMarini\Desktop\adwcleaner_5.023.exe
# Option : Scan
# Support : http://toolslib.net/forum
 
***** [ Services ] *****
 

***** [ Folders ] *****
 

***** [ Files ] *****
 
File Found : C:\WINDOWS\SysNative\WinDivert64.sys
 
***** [ DLL ] *****
 

***** [ Shortcuts ] *****
 

***** [ Scheduled tasks ] *****
 

***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ad-aware-pro-security.softonic.com.br
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com.br
Key Found : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ad-aware-pro-security.softonic.com.br
Key Found : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com.br
 
***** [ Web browsers ] *****
 
[C:\Users\JoanaMarini\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ni.com
[C:\Users\JoanaMarini\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : mkv-to-mp4-converter.en.softonic.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3011 bytes] ##########​
 
Step 3:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Pro x64
Ran by JoanaMarini (Administrator) on 04/12/2015 at 10:14:31.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 

File System: 0
 
 
 

Registry: 0
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/12/2015 at 10:16:47.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Step 4:

 

~ ZHPCleaner v2015.12.2.390 by Nicolas Coolman (2015/12/02)
~ Run by JoanaMarini (Administrator)  (04/12/2015 10:25:18)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\JoanaMarini\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\JoanaMarini\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 10240)
 

---\\  Services (0)
~ No malicious or unnecessary items found.
 

---\\  Browser internet (0)
~ No malicious or unnecessary items found.
 

---\\  Hosts file (1)
~ The hosts file is legitimate (20)
 

---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 

---\\  Explorer ( File, Folder) (13)
MOVED folder: C:\Users\JoanaMarini\AppData\Local\Google\Chrome\User Data\Default\File System\008  =>PUP.Optional.DomaIQ
MOVED folder: C:\WINDOWS\Installer\MSI1437.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI15FE.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI31E6.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI337D.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI548.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIC610.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSICF19.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID16C.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID313.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID4BA.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID641.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIF06.tmp-  =>Empty
 

---\\  Registry ( Key, Value, Data) (3)
DELETED key*: HKEY_USERS\.DEFAULT\Software\AVG Web TuneUp []  =>Toolbar.AVGSafeGuard
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\soundcloud.com []  =>PUP.Optional.Multiplug
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.olark.com [13234]  =>PUP.Optional.Generic
 

---\\  Summary of the elements found (4)
http://www.nicolascoolman.fr/?p=679  =>PUP.Optional.DomaIQ
http://www.nicolascoolman.fr/?p=4664  =>Toolbar.AVGSafeGuard
http://www.nicolascoolman.fr/?p=1402  =>PUP.Optional.Multiplug
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Generic
 

---\\  Other deletions. (10)
~ Registry Keys Tracing deleted (10)
~ Remove the old reports ZHPCleaner. (0)
 

---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
 

---\\ Statistics
~ Items scanned : 244
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 16
 

~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-04122015-10_25_24.txt
ZHPCleaner-[S]-04122015-10_24_25.txt
 
Step 5 and 6:

 

 

Attached Files



#11 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 PM

Posted 04 December 2015 - 01:35 PM

Thank you,joanaMOC.

 

Please run again and press DELETE button.

===================================================

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

=========================================================================

How is the machine running now and any issues ? Please let me know.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 JoanaMOC

JoanaMOC
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:56 PM

Posted 04 December 2015 - 01:53 PM

Sorry, but each one I should run again?

 

:)



#13 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 PM

Posted 04 December 2015 - 04:24 PM

Sorry, but each one I should run again?

 

:)

Sorry :o

No no, just Adwcleaner.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 JoanaMOC

JoanaMOC
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:56 PM

Posted 04 December 2015 - 04:48 PM

No worries... :)

 

As you ask:

 

===========================================

ADWCleaner

 

# AdwCleaner v5.023 - Logfile created 04/12/2015 at 19:36:05
# Updated 30/11/2015 by Xplode
# Database : 2015-11-30.1 [Local]
# Operating system : Windows 10 Pro  (x64)
# Username : JoanaMarini - JOANA
# Running from : C:\Users\JoanaMarini\Desktop\adwcleaner_5.023 - Copy.exe
# Option : Scan
# Support : http://toolslib.net/forum
 
***** [ Services ] *****
 

***** [ Folders ] *****
 

***** [ Files ] *****
 

***** [ DLL ] *****
 

***** [ Shortcuts ] *****
 

***** [ Scheduled tasks ] *****
 

***** [ Registry ] *****
 

***** [ Web browsers ] *****
 

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [581 bytes] ##########
 

 

ESET OnlineScan

 

C:\Users\JoanaMarini\Documents\Drivers & Softwares\BitTorrent.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting - quarantined
===============================================================
 
Have we finished?
​​



#15 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 PM

Posted 04 December 2015 - 05:29 PM

Have we finished?

How is your PC running now and any issues ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users