Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE keep opening new windows, system is slow


  • This topic is locked This topic is locked
29 replies to this topic

#1 Aceim

Aceim

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 27 July 2016 - 11:46 PM

Hi,

 

I am facing following problem from past few months:

 

I use chrome for browsing, however my IE keep opening several blank windows. Also system seems to be a bit slow and whenever i stream some video, system cooling fan starts running at very high speed. Is it due to some virus or ? need your help to fix it. and I think when I first visited this forum while searching for the aforesaid issue I did run combo fix.

 

 FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by user (administrator) on USER-PC (27-07-2016 22:27:38)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\ProgramData\Avg_Update_0816tb\AVG-Secure-Search-Update_0816tb.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
() C:\ProgramData\Avg_Update_0816tb\AVG-Secure-Search-Update_0816tb.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.2\ToolbarUpdater.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\40.3.2\ScriptHelper.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-07-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6723856 2016-07-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2162760 2016-07-21] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2868262045-1904659868-213973561-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2868262045-1904659868-213973561-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-06-30] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{19DE8AF5-4830-4E34-A22E-2AAA7A9CB5F4}: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{26585AF1-8830-47E9-8089-FC7214FC786C}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2868262045-1904659868-213973561-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2868262045-1904659868-213973561-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2868262045-1904659868-213973561-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={3BBB8C88-ED3D-4B50-B01A-0A93138E96ED}&mid=727568c0cfc747ccbf553163c4d299ab-a6f5868bc899098a19316b76a8cee3280aed1bbe&lang=en&ds=AVG&coid=avgtbavg&cmpid=0616avz&pr=fr&d=2016-06-08%2012:38:50&v=4.3.1.831&pid=wtu&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-2868262045-1904659868-213973561-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3BBB8C88-ED3D-4B50-B01A-0A93138E96ED}&mid=727568c0cfc747ccbf553163c4d299ab-a6f5868bc899098a19316b76a8cee3280aed1bbe&lang=en&ds=AVG&coid=avgtbavg&cmpid=0716tb&pr=fr&d=2016-06-08 12:38:50&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-05] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.2.18\AVG Web TuneUp.dll [2016-07-21] (AVG)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-05] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-03-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-03-01] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.2\\npsitesafety.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2868262045-1904659868-213973561-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2868262045-1904659868-213973561-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.ca/
CHR Plugin: (Native Client) - C:\Users\user\AppData\Local\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\user\AppData\Local\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\51.0.2704.103\gcswf32.dll => No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Users\user\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Users\user\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (HomeworkSimplified) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjehgfjdlamgemlkljpklaiiamnbeemk [2016-06-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
StartMenuInternet: Google Chrome.3DI4TCONUB6J6THV3SSOR5TW6A - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [637944 2016-07-22] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5251808 2016-07-22] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-07-20] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [712792 2016-07-22] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-24] (IDT, Inc.) [File not signed]
R2 vToolbarUpdater40.3.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.2\ToolbarUpdater.exe [1309768 2016-07-21] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [976456 2016-07-21] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [310016 2016-06-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [249088 2016-06-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [280320 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [76544 2016-06-01] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-15] (Intel Corporation)
R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [58880 2008-07-31] (Infineon Technologies AG)
S3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [118272 2016-02-10] (QUALCOMM Incorporated)
R3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain)
R2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-05] (Unibrain)
R2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-05] (Unibrain)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-27 22:27 - 2016-07-27 22:27 - 00018027 _____ C:\Users\user\Downloads\FRST.txt
2016-07-27 22:27 - 2016-07-27 22:27 - 00000000 ____D C:\FRST
2016-07-27 22:25 - 2016-07-27 22:25 - 02394112 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2016-07-27 21:46 - 2016-07-27 21:46 - 00002898 _____ C:\Windows\System32\Tasks\AVG-SSU_0816tb_RML
2016-07-27 21:46 - 2016-07-27 21:46 - 00000404 _____ C:\Windows\Tasks\AVG-SSU_0816tb_RML.job
2016-07-26 03:40 - 2016-07-27 21:44 - 00000432 _____ C:\Windows\Tasks\AVG-SSU_0816tb_DELETE.job
2016-07-26 03:40 - 2016-07-26 03:40 - 00002934 _____ C:\Windows\System32\Tasks\AVG-SSU_0816tb_DELETE
2016-07-26 03:39 - 2016-07-27 21:44 - 00000570 _____ C:\Windows\Tasks\AVG-SSU_0816tb.job
2016-07-26 03:39 - 2016-07-26 03:39 - 00002866 _____ C:\Windows\System32\Tasks\AVG-SSU_0816tb
2016-07-26 03:39 - 2016-07-26 03:39 - 00000000 ____D C:\ProgramData\Avg_Update_0816tb
2016-07-20 15:48 - 2016-07-20 15:48 - 09674247 _____ C:\Users\user\Documents\NooraniQaida.pdf
2016-07-16 22:38 - 2016-07-16 22:38 - 00000000 ____D C:\Windows\EOONotify
2016-07-14 11:43 - 2016-06-25 18:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-14 11:43 - 2016-06-25 18:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-14 11:43 - 2016-06-25 18:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-14 11:43 - 2016-06-25 18:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-14 11:43 - 2016-06-25 18:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-14 11:43 - 2016-06-25 18:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-14 11:43 - 2016-06-25 18:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-14 11:43 - 2016-06-25 13:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-14 11:43 - 2016-06-25 13:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-14 11:43 - 2016-06-25 13:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-14 11:43 - 2016-06-25 13:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-14 11:43 - 2016-06-25 13:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-14 11:43 - 2016-06-22 07:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-14 11:43 - 2016-06-17 12:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-14 11:43 - 2016-06-17 12:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-14 11:43 - 2016-06-17 12:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-14 11:43 - 2016-06-17 12:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-14 11:43 - 2016-06-17 12:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-14 11:43 - 2016-06-17 12:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-14 11:43 - 2016-06-14 09:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-12 18:57 - 2016-07-12 18:57 - 00001105 _____ C:\Users\user\Documents\call it spring.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-27 22:17 - 2015-06-30 03:35 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2868262045-1904659868-213973561-1000UA.job
2016-07-27 22:10 - 2015-11-16 00:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-27 21:56 - 2009-07-13 22:45 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-27 21:56 - 2009-07-13 22:45 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-27 21:45 - 2016-06-08 12:41 - 00000351 _____ C:\prefs.js
2016-07-27 21:45 - 2016-02-10 18:24 - 00000000 ____D C:\Users\user\AppData\Local\HTC MediaHub
2016-07-27 21:45 - 2015-04-22 03:24 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-07-27 21:44 - 2016-01-10 19:53 - 00000000 ____D C:\Temp
2016-07-27 21:44 - 2015-11-16 00:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-27 21:43 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-27 20:13 - 2016-02-22 17:38 - 00000000 ____D C:\ProgramData\MFAData
2016-07-27 13:21 - 2016-02-22 17:38 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk
2016-07-27 13:21 - 2016-02-22 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-07-26 21:17 - 2015-06-30 03:35 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2868262045-1904659868-213973561-1000Core.job
2016-07-26 03:55 - 2016-02-22 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-07-24 13:40 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-07-21 18:05 - 2016-06-08 12:38 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-07-21 18:05 - 2016-06-08 12:38 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-07-20 13:20 - 2015-08-09 21:13 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-20 13:20 - 2015-08-09 21:13 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-14 17:01 - 2015-08-09 21:12 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 17:01 - 2010-11-21 01:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 17:01 - 2009-07-13 22:45 - 00294520 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-12 23:23 - 2009-07-13 23:08 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-12 18:42 - 2015-04-22 03:24 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-12 18:42 - 2015-04-22 03:24 - 00000000 ____D C:\ProgramData\Skype
2016-06-28 12:49 - 2015-12-18 02:51 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-06-28 12:49 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-06-28 12:48 - 2009-07-13 23:13 - 00775124 _____ C:\Windows\system32\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2016-02-21 20:10 - 2016-02-21 20:10 - 7951360 _____ () C:\Users\user\AppData\Roaming\agent.dat
2016-02-21 20:10 - 2016-02-21 20:10 - 0063696 _____ () C:\Users\user\AppData\Roaming\Config.xml
2016-02-21 20:10 - 2016-02-21 20:10 - 1882143 _____ () C:\Users\user\AppData\Roaming\Ecofax.tst
2016-02-21 20:09 - 2016-02-21 20:10 - 0018672 _____ () C:\Users\user\AppData\Roaming\InstallationConfiguration.xml
2016-02-21 20:09 - 2016-02-21 20:09 - 0126976 _____ () C:\Users\user\AppData\Roaming\Installer.dat
2016-02-21 20:10 - 2016-02-21 20:10 - 0072707 _____ () C:\Users\user\AppData\Roaming\Kaneco.tst
2016-02-21 20:10 - 2016-02-21 20:10 - 0018432 _____ () C:\Users\user\AppData\Roaming\Main.dat
 
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\avguirn_081564071720.exe
C:\Users\user\AppData\Local\Temp\avguirn_081633531342.exe
C:\Users\user\AppData\Local\Temp\avguirn_081837004668.exe
C:\Users\user\AppData\Local\Temp\avguirn_081882591180.exe
C:\Users\user\AppData\Local\Temp\avguirn_082049401482.exe
C:\Users\user\AppData\Local\Temp\avguirn_08991500070.exe
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-24 13:32
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 28 July 2016 - 05:32 AM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 4 days will result in this thread being closed.


Hello Aceim,

My name is mAL_rEm018, but feel free to call me mAL.  I will be helping you with your malware related problems. :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.


Cobian Backup
DriveImage XML


To make sure everything goes smoothly, I would like you to observe the following rules:

  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread.  Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum.  Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing you logs and will return as soon as possible, with additional instructions.


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#3 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 28 July 2016 - 06:10 AM

Hello Aceim,
 

and I think when I first visited this forum while searching for the aforesaid issue I did run combo fix.

I need to see the log that Combofix created.  Please navigate to the following location and post "ComboFix.txt" in your next reply:


C:\ComboFix.txt


Backup your registry using TCRB


  • Please download TCRB to your Desktop.
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

Next..

Adwcleaner


  • Please download AdwCleaner to your Desktop.
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Logfile.
  • A notepad window will open.  Please copy/paste the contents in your next reply.
    Note: do not select Cleaning at this point

I would like you to run a search using FRST..



  • Double click Frst.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/Paste or Type the following line into the Search: box.

babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer

  • Press the Search Registry button.
  • When finished searching a log will open on your Desktop ... SearchReg.txt
  • Please post it in your next reply.

 

-----------------------------------------
In your next reply, I would like to see..

  • Did you have trouble performing any of the steps?
  • ComboFix.txt
  • AdwCleaner log
  • SearchReg.txt

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#4 Aceim

Aceim
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 28 July 2016 - 07:45 PM

Hi mAL,

 

Thanks for your prompt response, as requested please find following and there was no problem while performing these tasks:

 

ComboFix.txt:

ComboFix 16-02-23.01 - user 02/23/2016  20:28:02.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4006.2657 [GMT -7:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Roaming\Ron-Tam.bin
.
.
(((((((((((((((((((((((((   Files Created from 2016-01-24 to 2016-02-24  )))))))))))))))))))))))))))))))
.
.
2016-02-24 03:31 . 2016-02-24 03:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-23 23:56 . 2016-02-23 23:59 -------- d-----w- C:\AdwCleaner
2016-02-22 23:41 . 2016-02-22 23:41 -------- d-----w- c:\users\user\AppData\Roaming\AVG
2016-02-22 23:40 . 2016-02-22 23:40 -------- d-----w- c:\program files\Common Files\AV
2016-02-22 23:40 . 2016-02-22 23:40 -------- d-----w- c:\users\user\AppData\Roaming\TuneUp Software
2016-02-22 23:39 . 2016-02-22 23:39 -------- d-----w- C:\$AVG
2016-02-22 23:38 . 2016-02-23 23:59 -------- d-----w- c:\programdata\MFAData
2016-02-22 23:38 . 2016-02-22 23:38 -------- d-----w- c:\users\user\AppData\Local\MFAData
2016-02-22 23:36 . 2016-02-22 23:39 -------- d-----w- c:\programdata\Avg
2016-02-22 23:36 . 2016-02-22 23:39 -------- d-----w- c:\program files (x86)\AVG
2016-02-22 23:36 . 2016-02-22 23:36 -------- d--h--w- c:\programdata\Common Files
2016-02-22 23:10 . 2016-02-22 23:41 -------- d-----w- c:\users\user\AppData\Local\Avg
2016-02-22 03:10 . 2016-02-24 03:23 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-22 03:10 . 2016-02-22 03:10 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-02-22 03:10 . 2016-02-22 03:10 -------- d-----w- c:\programdata\Malwarebytes
2016-02-22 03:10 . 2015-10-05 16:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-02-22 03:10 . 2015-10-05 16:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-22 03:10 . 2015-10-05 16:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-22 02:15 . 2016-02-24 03:13 -------- d-----w- c:\program files (x86)\Lavasoft
2016-02-22 02:11 . 2016-02-22 03:22 -------- d-----w- c:\program files\BitTorrent
2016-02-22 02:07 . 2016-02-22 02:07 -------- d-----w- c:\windows\system32\laf
2016-02-22 02:06 . 2016-02-22 03:20 -------- d-----w- c:\users\user\AppData\Roaming\AtedeYsu
2016-02-22 02:02 . 2016-02-22 02:02 -------- d-----w- C:\uninst
2016-02-22 02:01 . 2016-02-22 02:01 -------- d-----w- c:\windows\system32\haj
2016-02-22 02:01 . 2016-02-22 03:20 -------- d-----w- c:\users\user\AppData\Roaming\VuvusiRigqhd
2016-02-22 02:01 . 2016-02-22 02:07 -------- d-----w- c:\users\user\AppData\Local\Tempfolder
2016-02-22 01:54 . 2016-02-22 02:41 -------- d-----w- c:\users\user\AppData\Local\Samsung
2016-02-22 01:54 . 2016-02-22 02:41 -------- d-----w- c:\users\user\AppData\Roaming\Samsung
2016-02-22 01:43 . 2016-02-22 01:43 -------- d-----w- c:\users\user\AppData\Local\Programs
2016-02-22 01:42 . 2013-12-30 17:53 144664 ----a-w- c:\windows\SysWow64\secman.dll
2016-02-22 01:42 . 2013-12-30 17:53 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2016-02-10 09:55 . 2016-01-22 06:27 5573056 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-02-10 09:55 . 2016-01-22 06:18 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-02-10 09:55 . 2016-01-22 06:18 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-02-10 09:55 . 2016-01-22 06:04 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2016-02-10 09:55 . 2016-01-22 06:04 535040 ----a-w- c:\windows\SysWow64\EncDec.dll
2016-02-10 09:55 . 2016-01-22 06:24 1733592 ----a-w- c:\windows\system32\ntdll.dll
2016-02-10 09:53 . 2016-01-06 19:04 1737216 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2016-02-10 09:51 . 2016-01-07 17:42 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-02-10 09:48 . 2016-01-22 06:19 14179840 ----a-w- c:\windows\system32\shell32.dll
2016-02-10 09:48 . 2016-01-22 05:19 3231232 ----a-w- c:\windows\explorer.exe
2016-02-10 09:48 . 2016-01-22 06:15 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-02-10 09:48 . 2016-01-22 06:12 1940992 ----a-w- c:\windows\system32\authui.dll
2016-02-10 09:48 . 2016-01-22 05:59 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2016-02-10 09:48 . 2016-01-22 05:12 2973184 ----a-w- c:\windows\SysWow64\explorer.exe
2016-02-10 09:48 . 2016-01-22 06:00 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-23 00:27 . 2015-08-09 15:02 357888 ----a-w- c:\windows\system32\dnsapi.dll
2016-02-11 00:31 . 2009-02-23 21:58 118272 ----a-w- c:\windows\system32\drivers\qcusbser.sys
2016-02-10 02:15 . 2015-07-31 01:16 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-02-10 02:15 . 2015-07-31 01:16 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-01-22 22:15 . 2016-01-22 22:15 260528 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2016-01-22 05:59 . 2016-02-10 09:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-01-08 17:46 . 2016-01-08 17:46 272304 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2016-01-08 17:46 . 2016-01-08 17:46 23472 ----a-w- c:\windows\system32\drivers\avguniva.sys
2016-01-05 23:02 . 2016-01-05 23:02 315312 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2015-12-10 05:39 . 2015-12-10 05:39 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2015-12-08 21:54 . 2016-01-15 01:21 902144 ----a-w- c:\windows\SysWow64\WMADMOD.DLL
2015-12-08 21:54 . 2016-01-15 01:21 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2015-12-08 21:54 . 2016-01-15 01:21 815616 ----a-w- c:\windows\SysWow64\WMADMOE.DLL
2015-12-08 21:54 . 2016-01-15 01:21 739328 ----a-w- c:\windows\SysWow64\WMSPDMOD.DLL
2015-12-08 21:54 . 2016-01-15 01:21 541184 ----a-w- c:\windows\SysWow64\WMVSDECD.DLL
2015-12-08 21:54 . 2016-01-15 01:21 740352 ----a-w- c:\windows\SysWow64\wmpmde.dll
2015-12-08 21:54 . 2016-01-15 01:21 1568768 ----a-w- c:\windows\SysWow64\WMVENCOD.DLL
2015-12-08 21:54 . 2016-01-15 01:21 665088 ----a-w- c:\windows\SysWow64\WMVXENCD.DLL
2015-12-08 21:54 . 2016-01-15 01:20 358400 ----a-w- c:\windows\SysWow64\WMVSENCD.DLL
2015-12-08 21:54 . 2016-01-15 01:20 1325056 ----a-w- c:\windows\SysWow64\WMSPDMOE.DLL
2015-12-08 21:54 . 2016-01-15 01:20 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-12-08 21:54 . 2016-01-15 01:20 154112 ----a-w- c:\windows\SysWow64\VIDRESZR.DLL
2015-12-08 21:53 . 2016-01-15 01:20 206848 ----a-w- c:\windows\SysWow64\RESAMPLEDMO.DLL
2015-12-08 21:53 . 2016-01-15 01:21 509952 ----a-w- c:\windows\SysWow64\qedit.dll
2015-12-08 21:53 . 2016-01-15 01:21 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2015-12-08 21:53 . 2016-01-15 01:20 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2015-12-08 21:53 . 2016-01-15 01:20 206848 ----a-w- c:\windows\SysWow64\qasf.dll
2015-12-08 21:53 . 2016-01-15 01:21 970240 ----a-w- c:\windows\SysWow64\msmpeg2adec.dll
2015-12-08 21:53 . 2016-01-15 01:20 829952 ----a-w- c:\windows\SysWow64\MSMPEG2ENC.DLL
2015-12-08 21:53 . 2016-01-15 01:20 241152 ----a-w- c:\windows\SysWow64\MPG4DECD.DLL
2015-12-08 21:53 . 2016-01-15 01:20 241152 ----a-w- c:\windows\SysWow64\MP43DECD.DLL
2015-12-08 21:53 . 2016-01-15 01:20 79872 ----a-w- c:\windows\SysWow64\MP3DMOD.DLL
2015-12-08 21:53 . 2016-01-15 01:20 415744 ----a-w- c:\windows\SysWow64\MP4SDECD.DLL
2015-12-08 21:53 . 2016-01-15 01:21 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-12-08 21:53 . 2016-01-15 01:20 609280 ----a-w- c:\windows\SysWow64\MFWMAAEC.DLL
2015-12-08 21:53 . 2016-01-15 01:20 354816 ----a-w- c:\windows\SysWow64\mfplat.dll
2015-12-08 21:53 . 2016-01-15 01:20 53248 ----a-w- c:\windows\SysWow64\mfvdsp.dll
2015-12-08 21:53 . 2016-01-15 01:20 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2015-12-08 21:53 . 2016-01-15 01:20 4608 ----a-w- c:\windows\SysWow64\ksuser.dll
2015-12-08 21:53 . 2016-01-15 01:21 489984 ----a-w- c:\windows\SysWow64\evr.dll
2015-12-08 21:53 . 2016-01-15 01:21 67584 ----a-w- c:\windows\SysWow64\devenum.dll
2015-12-08 21:53 . 2016-01-15 01:21 153600 ----a-w- c:\windows\SysWow64\COLORCNV.DLL
2015-12-08 21:53 . 2016-01-15 01:20 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2015-12-08 21:53 . 2016-01-15 01:20 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2015-12-08 21:53 . 2016-01-15 01:20 193536 ----a-w- c:\windows\SysWow64\ksproxy.ax
2015-12-08 21:52 . 2016-01-15 01:18 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-12-08 21:50 . 2016-01-15 01:20 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2015-12-08 19:07 . 2016-01-15 01:21 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-08 19:07 . 2016-01-15 01:21 1232896 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-08 19:07 . 2016-01-15 01:21 978944 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-08 19:07 . 2016-01-15 01:21 666112 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-08 19:07 . 2016-01-15 01:21 1153024 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-08 19:07 . 2016-01-15 01:21 1955328 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-08 19:07 . 2016-01-15 01:21 1026048 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-08 19:07 . 2016-01-15 01:21 642048 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-08 19:07 . 2016-01-15 01:21 447488 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-08 19:07 . 2016-01-15 01:21 1575424 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-08 19:07 . 2016-01-15 01:21 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2015-12-08 19:07 . 2016-01-15 01:20 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-12-08 19:07 . 2016-01-15 01:21 292352 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-08 19:07 . 2016-01-15 01:20 378880 ----a-w- c:\windows\system32\SysFxUI.dll
2015-12-08 19:07 . 2016-01-15 01:20 225792 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-08 19:07 . 2016-01-15 01:21 624640 ----a-w- c:\windows\system32\qedit.dll
2015-12-08 19:07 . 2016-01-15 01:21 1573888 ----a-w- c:\windows\system32\quartz.dll
2015-12-08 19:07 . 2016-01-15 01:20 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-12-08 19:07 . 2016-01-15 01:20 254464 ----a-w- c:\windows\system32\qasf.dll
2015-12-08 19:07 . 2016-01-15 01:21 1307136 ----a-w- c:\windows\system32\msmpeg2adec.dll
2015-12-08 19:07 . 2016-01-15 01:21 1160192 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2015-12-08 19:07 . 2016-01-15 01:21 4121600 ----a-w- c:\windows\system32\mf.dll
2015-12-08 19:07 . 2016-01-15 01:21 1010688 ----a-w- c:\windows\system32\mcmde.dll
2015-12-08 19:07 . 2016-01-15 01:21 484864 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-08 19:07 . 2016-01-15 01:21 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-12-08 19:07 . 2016-01-15 01:20 70144 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-08 19:07 . 2016-01-15 01:20 653824 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-08 19:07 . 2016-01-15 01:20 224768 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-08 19:07 . 2016-01-15 01:20 223744 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-08 19:07 . 2016-01-15 01:20 100864 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-08 19:07 . 2016-01-15 01:20 206848 ----a-w- c:\windows\system32\mfps.dll
2015-12-08 19:07 . 2016-01-15 01:20 5120 ----a-w- c:\windows\system32\ksuser.dll
2015-12-08 19:07 . 2016-01-15 01:21 632320 ----a-w- c:\windows\system32\evr.dll
2015-12-08 19:07 . 2016-01-15 01:18 405504 ----a-w- c:\windows\system32\gdi32.dll
2015-12-08 19:07 . 2016-01-15 01:21 189952 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-08 19:07 . 2016-01-15 01:21 76288 ----a-w- c:\windows\system32\devenum.dll
2015-12-08 19:07 . 2016-01-15 01:20 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-12-08 19:06 . 2016-01-15 01:20 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-12-08 19:06 . 2016-01-15 01:20 250880 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-08 19:04 . 2016-01-15 01:20 2048 ----a-w- c:\windows\system32\mferror.dll
2015-12-08 18:54 . 2016-01-15 01:20 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-12-08 18:12 . 2016-01-15 01:20 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-12-08 18:11 . 2016-01-15 01:20 5632 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2015-12-04 21:27 . 2015-12-04 21:27 42416 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2015-12-02 08:18 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-02-10 50605696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguirnx.exe" [2016-02-18 179624]
"AVG_UI"="c:\program files (x86)\AVG\Av\avuirunnerx.exe" [2016-02-01 25512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\Av\avgidsagent.exe;c:\program files (x86)\AVG\Av\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AvgAMPS;AvgAMPS;c:\program files (x86)\AVG\Av\avgamps.exe;c:\program files (x86)\AVG\Av\avgamps.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbser.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 Avguniva;AVG Universal Driver;c:\windows\system32\DRIVERS\avguniva.sys;c:\windows\SYSNATIVE\DRIVERS\avguniva.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 avgsvc;AVG Service;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\Av\avgwdsvcx.exe;c:\program files (x86)\AVG\Av\avgwdsvcx.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys;c:\windows\SYSNATIVE\DRIVERS\ubsbm.sys [x]
S2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys;c:\windows\SYSNATIVE\DRIVERS\ubumapi.sys [x]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS;c:\windows\SYSNATIVE\DRIVERS\IFXTPM.SYS [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys;c:\windows\SYSNATIVE\DRIVERS\ubohci.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2016-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-31 02:15]
.
2016-02-24 c:\windows\Tasks\AVG_SYS_TASK_0116piz_DELETE.job
- c:\programdata\Avg_Update_0116piz\AVG-Secure-Search-Update_0116piz.exe [2016-02-22 09:55]
.
2016-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-11-16 06:48]
.
2016-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-11-16 06:48]
.
2016-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2868262045-1904659868-213973561-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-30 09:35]
.
2016-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2868262045-1904659868-213973561-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-30 09:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-15 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-15 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-15 442352]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-10-24 1664000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 192.168.1.254 75.153.176.9
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-02-23  20:33:47
ComboFix-quarantined-files.txt  2016-02-24 03:33
.
Pre-Run: 15,239,573,504 bytes free
Post-Run: 15,336,660,992 bytes free
.
- - End Of File - - 73D180EC8DAA50695CEB30065C966F4C
A36C5E4F47E84449FF07ED3517B43A31

 

 

 

AdwCleaner log:
 
# AdwCleaner v5.036 - Logfile created 23/02/2016 at 16:56:36
# Updated 22/02/2016 by Xplode
# Database : 2016-02-22.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : user - USER-PC
# Running from : C:\Users\user\Downloads\adwcleaner_5.036.exe
# Option : Scan
# Support : hxxp://toolslib.net/forum
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files\SOUND+
Folder Found : C:\Program Files (x86)\ExploreTech
Folder Found : C:\Program Files (x86)\pc speed up
Folder Found : C:\ProgramData\28341ff220e0446c9fff27c4493d622e
Folder Found : C:\ProgramData\7d698599-1151-0
Folder Found : C:\ProgramData\7d698599-1e93-1
Folder Found : C:\ProgramData\d7c860fb-1ff1-0
Folder Found : C:\ProgramData\d7c860fb-3af1-1
Folder Found : C:\ProgramData\Service1291
Folder Found : C:\Users\user\AppData\Local\Temp\MPC
 
***** [ Files ] *****
 
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Windows\SysNative\LavasoftTcpService64.dll
File Found : C:\Windows\SysNative\LavasoftTcpServiceOff.ini
File Found : C:\Windows\SysWOW64\lavasofttcpservice.dll
File Found : C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
Shortcut Infected : C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( %SNP% )
 
***** [ Scheduled tasks ] *****
 
Task Found : YIRATGWQBJUTUQBO
Task Found : YIRATGWQBJUTUQBO
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}
Key Found : HKCU\Software\DriverToolkit
Key Found : HKCU\Software\Microsoft\Tinstalls
Key Found : HKCU\Software\Tutorials
Key Found : HKLM\SOFTWARE\MPC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\reimageplus.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\search.mpc.am
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.reimageplus.com
 
***** [ Web browsers ] *****
 
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://www.trovi.com/?gd=&ctid=CT3335112&octid=EB_ORIGINAL_CTID&ISID=MCB6ED005-B9CD-4E10-94D1-ECB410860502&SearchSource=55&CUI=&UM=8&UP=SP46F4A051-4A9E-41DA-9330-A5820E38F8FA&D=022116&SSPV=
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fcgnigmofekcllgbiejhmigggmgehkip
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [3439 bytes] - [23/02/2016 16:56:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3512 bytes] ##########
# AdwCleaner v5.201 - Logfile created 28/07/2016 at 18:33:36
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-28.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : user - USER-PC
# Running from : C:\Users\user\Downloads\AdwCleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : WtuSystemSupport
Service Found : vToolbarUpdater40.3.2
 
***** [ Folders ] *****
 
Folder Found : C:\ProgramData\avg web tuneup
Folder Found : C:\ProgramData\Application Data\avg web tuneup
Folder Found : C:\Program Files (x86)\avg web tuneup
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\users\user\AppData\Local\avg web tuneup
Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
Folder Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjehgfjdlamgemlkljpklaiiamnbeemk
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\uninst
 
***** [ Files ] *****
 
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kjehgfjdlamgemlkljpklaiiamnbeemk_0.localstorage
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kjehgfjdlamgemlkljpklaiiamnbeemk_0.localstorage-journal
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage-journal
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homeworksimplified.dl.myway.com_0.localstorage
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homeworksimplified.dl.myway.com_0.localstorage-journal
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homeworksimplified.dl.tb.ask.com_0.localstorage
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homeworksimplified.dl.tb.ask.com_0.localstorage-journal
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_land.pckeeper.software_0.localstorage
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_land.pckeeper.software_0.localstorage-journal
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : Riirii
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Medlight.exe
Key Found : HKLM\SOFTWARE\Classes\s
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Key Found : HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
Key Found : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
Key Found : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\INSTALLPATH\STATUS
Key Found : HKLM\SOFTWARE\AVG Tuneup
Key Found : HKLM\SOFTWARE\Lavasoft\Web Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Key Found : HKU\S-1-5-21-2868262045-1904659868-213973561-1000\Software\INSTALLPATH\STATUS
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://mysearch.avg.com/?cid={3BBB8C88-ED3D-4B50-B01A-0A93138E96ED}&mid=727568c0cfc747ccbf553163c4d299ab-a6f5868bc899098a19316b76a8cee3280aed1bbe&lang=en&ds=AVG&coid=avgtbavg&cmpid=0616avz&pr=fr&d=2016-06-08%2012:38:50&v=4.3.1.831&pid=wtu&sg=&sap=hp
Data Found : HKU\S-1-5-21-2868262045-1904659868-213973561-1000\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://mysearch.avg.com/?cid={3BBB8C88-ED3D-4B50-B01A-0A93138E96ED}&mid=727568c0cfc747ccbf553163c4d299ab-a6f5868bc899098a19316b76a8cee3280aed1bbe&lang=en&ds=AVG&coid=avgtbavg&cmpid=0616avz&pr=fr&d=2016-06-08%2012:38:50&v=4.3.1.831&pid=wtu&sg=&sap=hp
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-2868262045-1904659868-213973561-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
 
***** [ Web browsers ] *****
 
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : chfdnecihphmhljaaejmgoiahnihplgn
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : kjehgfjdlamgemlkljpklaiiamnbeemk
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [3975 bytes] - [23/02/2016 17:59:31]
C:\AdwCleaner\AdwCleaner[S1].txt - [12863 bytes] - [23/02/2016 17:56:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [12937 bytes] ##########

 

 


SearchReg.txt:
 
Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by user (2016-07-28 18:39:46)
Running from C:\Users\user\Downloads
Boot Mode: Normal
 
================== Search Registry: "babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer" ===========
 
 
===================== Search result for "babylon" ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
 
 
===================== Search result for "Searchqu" ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"
 
 
===================== Search result for "trolltech" ==========
 
[HKEY_USERS\S-1-5-21-2868262045-1904659868-213973561-1000\Software\Trolltech]
 
[HKEY_USERS\S-1-5-21-2868262045-1904659868-213973561-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
 
====== End of Search ======
 

 

 



#5 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 29 July 2016 - 01:24 AM

Hello Aceim,

AdwCleaner

  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Cleaning.
  • Note: All programs will be closed and your computer will be rebooted, therefore I advise you to save any unsaved work.
  • A notepad window will open.  Please copy/paste the contents in your next reply.

 

Next..

 

I need to see a fresh FRST log..


  • Right-click on FRST64.exe and select Run as administrator.
  • Ensure that Addition.txt is checked.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.


-----------------------------------------
In your next reply, I would like to see..

  • AdwCleaner report
  • FRST.txt
  • Addition.txt

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#6 Aceim

Aceim
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 29 July 2016 - 11:22 AM

Hi mAL,

 

Please find logs:

 

AdwCleaner:

# AdwCleaner v5.036 - Logfile created 23/02/2016 at 16:59:31

# Updated 22/02/2016 by Xplode
# Database : 2016-02-22.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : user - USER-PC
# Running from : C:\Users\user\Downloads\adwcleaner_5.036.exe
# Option : Cleaning
# Support : hxxp://toolslib.net/forum
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files\SOUND+
[-] Folder Deleted : C:\Program Files (x86)\ExploreTech
[-] Folder Deleted : C:\Program Files (x86)\pc speed up
[-] Folder Deleted : C:\ProgramData\28341ff220e0446c9fff27c4493d622e
[-] Folder Deleted : C:\ProgramData\7d698599-1151-0
[-] Folder Deleted : C:\ProgramData\7d698599-1e93-1
[-] Folder Deleted : C:\ProgramData\d7c860fb-1ff1-0
[-] Folder Deleted : C:\ProgramData\d7c860fb-3af1-1
[-] Folder Deleted : C:\ProgramData\Service1291
[-] Folder Deleted : C:\Users\user\AppData\Local\Temp\MPC
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Windows\SysNative\LavasoftTcpService64.dll
[-] File Deleted : C:\Windows\SysNative\LavasoftTcpServiceOff.ini
[-] File Deleted : C:\Windows\SysWOW64\lavasofttcpservice.dll
[-] File Deleted : C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : YIRATGWQBJUTUQBO
[-] Task Deleted : YIRATGWQBJUTUQBO
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}
[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\MPC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\reimageplus.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\search.mpc.am
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.reimageplus.com
 
***** [ Web browsers ] *****
 
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3335112&octid=EB_ORIGINAL_CTID&ISID=MCB6ED005-B9CD-4E10-94D1-ECB410860502&SearchSource=55&CUI=&UM=8&UP=SP46F4A051-4A9E-41DA-9330-A5820E38F8FA&D=022116&SSPV=
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcgnigmofekcllgbiejhmigggmgehkip
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [3738 bytes] - [23/02/2016 16:59:31]
C:\AdwCleaner\AdwCleaner[S1].txt - [3603 bytes] - [23/02/2016 16:56:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3884 bytes] ##########
# AdwCleaner v5.201 - Logfile created 29/07/2016 at 10:10:35
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-28.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : user - USER-PC
# Running from : C:\Users\user\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[-] Service Deleted : WtuSystemSupport
[-] Service Deleted : vToolbarUpdater40.3.2
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\avg web tuneup
[#] Folder Deleted : C:\ProgramData\Application Data\avg web tuneup
[-] Folder Deleted : C:\Program Files (x86)\avg web tuneup
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\users\user\AppData\Local\avg web tuneup
[-] Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[-] Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjehgfjdlamgemlkljpklaiiamnbeemk
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\uninst
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kjehgfjdlamgemlkljpklaiiamnbeemk_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kjehgfjdlamgemlkljpklaiiamnbeemk_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homeworksimplified.dl.myway.com_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homeworksimplified.dl.myway.com_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homeworksimplified.dl.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homeworksimplified.dl.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_land.pckeeper.software_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_land.pckeeper.software_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Riirii
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Medlight.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\s
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[-] Key Deleted : HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\INSTALLPATH\STATUS
[-] Key Deleted : HKLM\SOFTWARE\AVG Tuneup
[-] Key Deleted : HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-2868262045-1904659868-213973561-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chfdnecihphmhljaaejmgoiahnihplgn
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : kjehgfjdlamgemlkljpklaiiamnbeemk
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [13034 bytes] - [23/02/2016 17:59:31]
C:\AdwCleaner\AdwCleaner[S1].txt - [13017 bytes] - [23/02/2016 17:56:36]
C:\AdwCleaner\AdwCleaner[S2].txt - [9482 bytes] - [29/07/2016 10:08:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [13255 bytes] ##########
 

 


FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by user (administrator) on USER-PC (29-07-2016 10:17:23)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-07-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6723856 2016-07-22] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2868262045-1904659868-213973561-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2868262045-1904659868-213973561-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-06-30] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{19DE8AF5-4830-4E34-A22E-2AAA7A9CB5F4}: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{26585AF1-8830-47E9-8089-FC7214FC786C}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2868262045-1904659868-213973561-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2868262045-1904659868-213973561-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-05] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-05] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-03-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-03-01] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2868262045-1904659868-213973561-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2868262045-1904659868-213973561-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.ca/
CHR Plugin: (Native Client) - C:\Users\user\AppData\Local\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\user\AppData\Local\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\51.0.2704.103\gcswf32.dll => No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Users\user\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Users\user\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
StartMenuInternet: Google Chrome.3DI4TCONUB6J6THV3SSOR5TW6A - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [637944 2016-07-22] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5251808 2016-07-22] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-07-20] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [712792 2016-07-22] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-24] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [310016 2016-06-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [249088 2016-06-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [280320 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [76544 2016-06-01] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-15] (Intel Corporation)
R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [58880 2008-07-31] (Infineon Technologies AG)
S3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [118272 2016-02-10] (QUALCOMM Incorporated)
R3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain)
R2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-05] (Unibrain)
R2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-05] (Unibrain)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-28 18:39 - 2016-07-28 18:39 - 00002134 _____ C:\Users\user\Downloads\SearchReg.txt
2016-07-28 18:32 - 2016-07-28 18:32 - 03712064 _____ C:\Users\user\Downloads\AdwCleaner (1).exe
2016-07-28 18:31 - 2016-07-28 18:31 - 03712064 _____ C:\Users\user\Downloads\AdwCleaner.exe
2016-07-28 18:31 - 2016-07-28 18:31 - 00000207 _____ C:\Windows\tweaking.com-regbackup-USER-PC-Windows-7-Professional-(64-bit).dat
2016-07-28 18:31 - 2016-07-28 18:31 - 00000000 ____D C:\RegBackup
2016-07-28 18:30 - 2016-07-28 18:30 - 05575304 _____ (Tweaking.com) C:\Users\user\Downloads\tweaking.com_registry_backup_setup.exe
2016-07-28 18:30 - 2016-07-28 18:30 - 00017981 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-07-28 18:30 - 2016-07-28 18:30 - 00002235 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-07-28 18:30 - 2016-07-28 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-07-28 18:30 - 2016-07-28 18:30 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-07-28 18:21 - 2016-07-28 18:21 - 00170058 _____ C:\Users\user\Documents\bookmarks_7_28_16.html
2016-07-28 17:51 - 2016-07-28 17:51 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-07-28 17:48 - 2016-07-28 17:48 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\user\Downloads\cbSetup.exe
2016-07-27 22:28 - 2016-07-27 22:29 - 00027914 _____ C:\Users\user\Downloads\Addition.txt
2016-07-27 22:27 - 2016-07-29 10:17 - 00015654 _____ C:\Users\user\Downloads\FRST.txt
2016-07-27 22:27 - 2016-07-29 10:17 - 00000000 ____D C:\FRST
2016-07-27 22:25 - 2016-07-27 22:25 - 02394112 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2016-07-20 15:48 - 2016-07-20 15:48 - 09674247 _____ C:\Users\user\Documents\NooraniQaida.pdf
2016-07-16 22:38 - 2016-07-16 22:38 - 00000000 ____D C:\Windows\EOONotify
2016-07-14 11:43 - 2016-06-25 18:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-14 11:43 - 2016-06-25 18:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-14 11:43 - 2016-06-25 18:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-14 11:43 - 2016-06-25 18:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-14 11:43 - 2016-06-25 18:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-14 11:43 - 2016-06-25 18:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-14 11:43 - 2016-06-25 18:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-14 11:43 - 2016-06-25 13:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-14 11:43 - 2016-06-25 13:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-14 11:43 - 2016-06-25 13:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-14 11:43 - 2016-06-25 13:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-14 11:43 - 2016-06-25 13:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-14 11:43 - 2016-06-22 07:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-14 11:43 - 2016-06-17 12:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-14 11:43 - 2016-06-17 12:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-14 11:43 - 2016-06-17 12:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-14 11:43 - 2016-06-17 12:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-14 11:43 - 2016-06-17 12:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-14 11:43 - 2016-06-17 12:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-14 11:43 - 2016-06-14 09:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-12 18:57 - 2016-07-12 18:57 - 00001105 _____ C:\Users\user\Documents\call it spring.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-29 10:16 - 2015-11-16 00:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-29 10:13 - 2016-02-22 17:38 - 00000000 ____D C:\ProgramData\MFAData
2016-07-29 10:13 - 2016-02-10 18:24 - 00000000 ____D C:\Users\user\AppData\Local\HTC MediaHub
2016-07-29 10:13 - 2015-11-16 00:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-29 10:13 - 2015-04-22 03:24 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-07-29 10:12 - 2016-01-10 19:53 - 00000000 ____D C:\Temp
2016-07-29 10:12 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-29 10:10 - 2009-07-13 22:45 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-29 10:10 - 2009-07-13 22:45 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-29 10:08 - 2016-02-23 17:56 - 00000000 ____D C:\AdwCleaner
2016-07-29 10:05 - 2016-06-08 12:41 - 00000351 _____ C:\prefs.js
2016-07-28 23:22 - 2015-06-30 03:35 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2868262045-1904659868-213973561-1000UA.job
2016-07-28 18:12 - 2009-07-13 23:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-28 18:12 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-07-28 17:22 - 2015-06-30 03:35 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2868262045-1904659868-213973561-1000Core.job
2016-07-28 17:17 - 2015-06-30 03:35 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2868262045-1904659868-213973561-1000UA
2016-07-28 17:17 - 2015-06-30 03:35 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2868262045-1904659868-213973561-1000Core
2016-07-28 16:11 - 2015-11-16 00:48 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 16:11 - 2015-11-16 00:48 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-27 13:21 - 2016-02-22 17:38 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk
2016-07-27 13:21 - 2016-02-22 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-07-26 03:55 - 2016-02-22 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-07-24 13:40 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-07-20 13:20 - 2015-08-09 21:13 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-20 13:20 - 2015-08-09 21:13 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-14 17:01 - 2015-08-09 21:12 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 17:01 - 2010-11-21 01:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 17:01 - 2009-07-13 22:45 - 00294520 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-12 23:23 - 2009-07-13 23:08 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-12 18:42 - 2015-04-22 03:24 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-12 18:42 - 2015-04-22 03:24 - 00000000 ____D C:\ProgramData\Skype
 
==================== Files in the root of some directories =======
 
2016-02-21 20:10 - 2016-02-21 20:10 - 7951360 _____ () C:\Users\user\AppData\Roaming\agent.dat
2016-02-21 20:10 - 2016-02-21 20:10 - 0063696 _____ () C:\Users\user\AppData\Roaming\Config.xml
2016-02-21 20:10 - 2016-02-21 20:10 - 1882143 _____ () C:\Users\user\AppData\Roaming\Ecofax.tst
2016-02-21 20:09 - 2016-02-21 20:10 - 0018672 _____ () C:\Users\user\AppData\Roaming\InstallationConfiguration.xml
2016-02-21 20:09 - 2016-02-21 20:09 - 0126976 _____ () C:\Users\user\AppData\Roaming\Installer.dat
2016-02-21 20:10 - 2016-02-21 20:10 - 0072707 _____ () C:\Users\user\AppData\Roaming\Kaneco.tst
2016-02-21 20:10 - 2016-02-21 20:10 - 0018432 _____ () C:\Users\user\AppData\Roaming\Main.dat
 
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\avguirn_081564071720.exe
C:\Users\user\AppData\Local\Temp\avguirn_081633531342.exe
C:\Users\user\AppData\Local\Temp\avguirn_081837004668.exe
C:\Users\user\AppData\Local\Temp\avguirn_081882591180.exe
C:\Users\user\AppData\Local\Temp\avguirn_082049401482.exe
C:\Users\user\AppData\Local\Temp\avguirn_08991500070.exe
C:\Users\user\AppData\Local\Temp\libeay32.dll
C:\Users\user\AppData\Local\Temp\msvcr120.dll
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-24 13:32
 
==================== End of FRST.txt ============================

 

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016

Ran by user (2016-07-29 10:18:10)
Running from C:\Users\user\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-04-22 08:32:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2868262045-1904659868-213973561-500 - Administrator - Disabled)
Guest (S-1-5-21-2868262045-1904659868-213973561-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2868262045-1904659868-213973561-1002 - Limited - Enabled)
user (S-1-5-21-2868262045-1904659868-213973561-1000 - Administrator - Enabled) => C:\Users\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
AVG (HKLM\...\AvgZen) (Version: 1.81.2.29057 - AVG Technologies)
AVG (Version: 16.91.7690 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4627 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.91.7690 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.2.18 - AVG Technologies)
AVG Zen (Version: 1.81.13 - AVG Technologies) Hidden
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1707 - CyberLink Corp.)
FMW 1 (Version: 1.112.3 - AVG Technologies) Hidden
Google Chrome (HKU\S-1-5-21-2868262045-1904659868-213973561-1000\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.67.0 - HTC)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.8 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Kies mini (HKLM-x32\...\InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Kies mini (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
K-Lite Mega Codec Pack 5.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.0.5 - )
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Excel 2010 (HKLM-x32\...\Office14.EXCEL) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft PowerPoint 2010 (HKLM-x32\...\Office14.POWERPOINT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
QPST (HKLM-x32\...\{31228E31-2BFF-11D2-8866-00805F0D9D40}) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2300.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0000-0000-0000000FF1CE}_Office14.EXCEL_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.0 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.26.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A693956-1BB4-4646-82EB-37D533E491BD} - System32\Tasks\MyDailyBackup => C:\Windows\winupd.exe <==== ATTENTION
Task: {0AAB7D55-9746-4188-9F23-B165433D4A4E} - System32\Tasks\ieuupp => Iexplore.exe "hxxp://mynightqueen.com/popup/test/index1.html"
Task: {1C9E8CA9-5C8B-49AF-9C77-0F3302B04065} - System32\Tasks\Microsoft\Windows\Setup\EOONotify => C:\Windows\EOONotify\EOONotify.exe [2016-07-08] (Microsoft Corporation)
Task: {1CB170F9-EE7C-4CDD-B6C2-856F29858D39} - System32\Tasks\{735FA132-6E9B-4AE8-AB9D-B7AB135CCD7E} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Trippleplus\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Trippleplus\uninstall.dat" -a uninstallme 76A206FF-3FB9-45EB-B3C2-6755014CCC77 DeviceId=932d07ce-8d25-ffce-a80f-5e0b794eb961 BarcodeId=50027003 ChannelId=3 DistributerName=APSnapdoAMRev
Task: {2A172ACC-E201-4C7D-B95C-95C6FC7F7FA0} - \impo -> No File <==== ATTENTION
Task: {3FCA676D-63BF-4190-8481-CC6A79AAD080} - System32\Tasks\Coexpip => C:\PROGRA~1\GROOVE~1\Xuhmi.bat <==== ATTENTION
Task: {43A4C550-76E2-4994-B089-F4E0323B0CFC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2868262045-1904659868-213973561-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-30] (Google Inc.)
Task: {5E7E746F-7FE9-4AAF-A368-E4F3CA74FF7B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-16] (Google Inc.)
Task: {69E7B8F6-9AFA-40F3-A338-98E91A04C70B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-16] (Google Inc.)
Task: {96B39681-1242-4331-87F9-5063221E0A8F} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {9912A729-350F-4F45-842D-D8BEA85F3348} - System32\Tasks\Koioariuvn => C:\ProgramData\Koioariuvn\1.0.7.1\epliimsa.exe
Task: {B4CDBC86-B98D-4DEA-BE05-EC7315F8929D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2868262045-1904659868-213973561-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-30] (Google Inc.)
Task: {E4965977-E007-4C05-8749-7D974B809D1B} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {F2DD5F5C-E5AE-49CC-B093-258E57B373E5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2868262045-1904659868-213973561-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2868262045-1904659868-213973561-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2016-01-26 11:16 - 2016-01-26 11:16 - 00821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2015-04-22 03:15 - 2013-10-31 12:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-01-26 11:15 - 2016-01-26 11:15 - 00030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2016-01-26 11:15 - 2016-01-26 11:15 - 00607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2016-01-26 11:15 - 2016-01-26 11:15 - 00059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2016-01-26 11:15 - 2016-01-26 11:15 - 00035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2016-01-26 11:16 - 2016-01-26 11:16 - 00079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2016-01-26 11:16 - 2016-01-26 11:16 - 00129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2016-01-26 11:17 - 2016-01-26 11:17 - 00223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2014-04-07 08:31 - 2014-04-07 08:31 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2016-02-22 17:36 - 2016-04-07 08:51 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-06-17 17:20 - 2016-06-15 03:15 - 01745560 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-17 17:20 - 2016-06-15 03:15 - 00091288 _____ () C:\Users\user\AppData\Local\Google\Chrome\Application\51.0.2704.103\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2868262045-1904659868-213973561-1000\...\localhost -> localhost
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2016-02-23 21:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2868262045-1904659868-213973561-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254 - 75.153.171.122
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{BBD5FED3-F9B6-4303-B634-3C33DD2F27FB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0BFF70CB-541B-4B14-99CB-00AEF672A6A8}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{6BB91270-25EF-466C-96F6-990A721E6825}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{1B35A5EA-CD11-442A-B21A-C4F9A0E53621}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{FA728BEE-4B97-4DE0-BD3F-B2BA7ECF3DA2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{CA0C640C-6DB8-4D15-8E82-33CE833C3CD5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{FB5DCC2C-DAAB-4C6E-A65F-88B448C8174A}] => (Allow) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{CF51A0B5-5FDE-4B39-8A99-D071F5EFE60A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{05014D1D-0A0A-40B4-84A9-7E07C0BB5F12}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{95846652-E991-4594-ACBB-0F58089D18C3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{7B7E4AAB-AC59-4A0E-B0E2-B559C8249FB0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{52A7373B-C62B-4FA1-A060-D75DCE4D8A45}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{AD250652-19FE-47A4-8C76-1E014B40C71F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/29/2016 10:13:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/29/2016 10:04:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/28/2016 09:11:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/28/2016 08:28:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/28/2016 03:43:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/28/2016 11:51:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/28/2016 10:18:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/28/2016 03:37:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17606 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: fa0
 
Start Time: 01d1e899bef68d76
 
Termination Time: 680
 
Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE
 
Report Id: d158ac2a-54a6-11e6-aec6-e02a82367058
 
Error: (07/28/2016 12:29:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/27/2016 11:00:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (07/29/2016 10:11:04 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056 = An instance of the service is already running.
 
 
Error: (07/29/2016 10:10:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (07/29/2016 10:10:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/29/2016 10:10:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (07/29/2016 10:10:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/29/2016 10:10:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The vToolbarUpdater40.3.2 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/29/2016 10:10:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The PST Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.
 
Error: (07/29/2016 10:10:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Internet Pass-Through Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (07/29/2016 10:10:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (07/29/2016 10:10:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HTCMonitorService service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-07-29 10:16:12.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-29 10:13:47.076
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-29 10:10:27.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-29 10:07:38.806
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-29 10:05:08.326
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-29 10:03:22.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-29 10:03:17.546
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-28 23:59:50.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-28 23:53:00.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-28 23:52:48.205
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 59%
Total physical RAM: 4006.36 MB
Available physical RAM: 1632.14 MB
Total Virtual: 8010.9 MB
Available Virtual: 5843.77 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:58.22 GB) (Free:18.15 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:58.22 GB) (Free:50.8 GB) NTFS
Drive e: () (Fixed) (Total:58.22 GB) (Free:55.72 GB) NTFS
Drive f: () (Fixed) (Total:58.22 GB) (Free:58.12 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 49087F18)
Partition 1: (Active) - (Size=58.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=58.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=58.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



#7 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 30 July 2016 - 02:42 PM

Hello Aceim,

My apologies for the delay.  I didn't get much time to go on the computer since yesterday.  I will post additional instructions as soon as possible.

mAL


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#8 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 30 July 2016 - 11:46 PM

Hello Aceim,

Thank you for your patience.  I usually post my replies within 24 hours, however this weekend has been full of unexpected events.

Before I provide you with a fix, there are a few files I would like you to upload to an online scanner.




Uploading files to Virustotal

  • Please click on the following link: Virustotal
  • Select Choose File, under the File tab.
  • Navigate to the following locations on your computer:

    C:\ProgramData\Koioariuvn\1.0.7.1\epliimsa.exe
    C:\PROGRA~1\GROOVE~1\Xuhmi.bat
    C:\Users\user\AppData\Roaming\Kaneco.tst

  • Click on Open and then Scan it!.
  • When the scan is finished copy/paste the web address in your following post.
    Note: you can only upload one file at a time.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#9 Aceim

Aceim
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 31 July 2016 - 11:25 PM

Hi,

 

No worries for the late response, after all you are trying to fix my system :), well I am unable to locate any of the requested file/folder.

 

Koioariuvn

PROGRA~1

AppData

 

 Also, I have noticed whenever i tried to open any folder it seems another window/folder opens (but in reality nothing opens)

 

Thanks

 



#10 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 01 August 2016 - 01:48 PM

Hello Aceim,

 

Also, I have noticed whenever i tried to open any folder it seems another window/folder opens (but in reality nothing opens)

I'm not sure what you mean.  Can you give me more information?


Please do the following and see if you can upload the files now..



  • Open the Start menu and select Control Panel.
  • Click on Appearance and Personalization.
  • Select Folder Options and click on the View tab.
  • Locate the following option and select the following option:

    Show hidden files, folders, and drives

  • Click Ok to ensure the change has been made.

Next..

Uploading files to Virustotal


  • Please click on the following link: Virustotal
  • Select Choose File, under the File tab.
  • Navigate to the following locations on your computer:

    C:\ProgramData\Koioariuvn\1.0.7.1\epliimsa.exe
    C:\PROGRA~1\GROOVE~1\Xuhmi.bat
    C:\Users\user\AppData\Roaming\Kaneco.tst

    Click on Open and then Scan it!.
    When the scan is finished copy/paste the web address in your following post.
    Note: you can only upload one file at a time.


To disable Show Hidden Files and Folders..



  • Open the Start menu and select Control Panel.
  • Click on Appearance and Personalization.
  • Select Folder Options and click on the View tab.
  • Locate the following option and select the following option:

    Don't show hidden files, folders, or drives

  • Click Ok to ensure the change has been made.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#11 Aceim

Aceim
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 01 August 2016 - 07:58 PM

Thanks for your response, I already have performed suggested method to show hidden files yesterday. Although radio button is enabled to show hidden files and folders but  still files/folder are not visible.



#12 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 02 August 2016 - 03:38 PM

Hello Aceim,

Please do the following..
 

  • Please download Zoek from Here and save it to your Desktop.
  • Right-Click on Zoek.exe and select Run as Administrator.
  • It may take a while before the program opens, this is normal.
  • Once Zoek is opened, copy/paste the following code inside the Input Field:
    C:\ProgramData\Koioariuvn\1.0.7.1\epliimsa.exe;virustotal
    C:\PROGRA~1\GROOVE~1\Xuhmi.bat;virustotal
    C:\Users\user\AppData\Roaming\Kaneco.tst;virustotal
    
  • Close any open browser and click on Run script.
  • Zoek will now start to run the script.
  • Once the tool finishes, a window will open named zoek-results.log.
  • Please post the contents of zoek-results.log in your next post.

Edited by mAL_rEm018, 02 August 2016 - 03:40 PM.

Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#13 Aceim

Aceim
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 02 August 2016 - 08:21 PM

Hi mAL,

 

here you go:

 


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by user on Tue 08/02/2016 at 19:19:19.99.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\user\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2016-08-03-011533.log 882 bytes
 
==== VirusTotal Scan ======================
 
C:\ProgramData\Koioariuvn\1.0.7.1\epliimsa.exe not found
C:\PROGRA~1\GROOVE~1\Xuhmi.bat not found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Tue 08/02/2016 at 19:20:01.45 ======================

 

 



#14 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 04 August 2016 - 12:01 AM

Hello Aceim,

Please run the following fix and let me know if you see any signs of improvement with your computer..
 

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
  • Copy/Paste the contents of the code box below into Notepad.
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2868262045-1904659868-213973561-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Native Client) - C:\Users\user\AppData\Local\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\user\AppData\Local\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\51.0.2704.103\gcswf32.dll => No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\user\AppData\Local\Temp\avguirn_081564071720.exe
C:\Users\user\AppData\Local\Temp\avguirn_081633531342.exe
C:\Users\user\AppData\Local\Temp\avguirn_081837004668.exe
C:\Users\user\AppData\Local\Temp\avguirn_081882591180.exe
C:\Users\user\AppData\Local\Temp\avguirn_082049401482.exe
C:\Users\user\AppData\Local\Temp\avguirn_08991500070.exe
C:\Users\user\AppData\Local\Temp\libeay32.dll
C:\Users\user\AppData\Local\Temp\msvcr120.dll
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.26.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {0A693956-1BB4-4646-82EB-37D533E491BD} - System32\Tasks\MyDailyBackup => C:\Windows\winupd.exe <==== ATTENTION
Task: {0AAB7D55-9746-4188-9F23-B165433D4A4E} - System32\Tasks\ieuupp => Iexplore.exe "hxxp://mynightqueen.com/popup/test/index1.html"
Task: {1CB170F9-EE7C-4CDD-B6C2-856F29858D39} - System32\Tasks\{735FA132-6E9B-4AE8-AB9D-B7AB135CCD7E} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Trippleplus\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Trippleplus\uninstall.dat" -a uninstallme 76A206FF-3FB9-45EB-B3C2-6755014CCC77 DeviceId=932d07ce-8d25-ffce-a80f-5e0b794eb961 BarcodeId=50027003 ChannelId=3 DistributerName=APSnapdoAMRev
Task: {2A172ACC-E201-4C7D-B95C-95C6FC7F7FA0} - \impo -> No File <==== ATTENTION
Task: {3FCA676D-63BF-4190-8481-CC6A79AAD080} - System32\Tasks\Coexpip => C:\PROGRA~1\GROOVE~1\Xuhmi.bat <==== ATTENTION
Task: {9912A729-350F-4F45-842D-D8BEA85F3348} - System32\Tasks\Koioariuvn => C:\ProgramData\Koioariuvn\1.0.7.1\epliimsa.exe

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_USERS\S-1-5-21-2868262045-1904659868-213973561-1000\Software\Trolltech]

EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
  •  
  • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system



  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log



-----------------------------------------
In your next reply, I would like to see..

  • fixlog.txt

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#15 Aceim

Aceim
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 04 August 2016 - 09:13 PM

Hi mAL,

 

I have run FRST as advised, here is the log:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by user (2016-08-04 20:02:12) Run:1
Running from C:\Users\user\Downloads\bleep
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2868262045-1904659868-213973561-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Native Client) - C:\Users\user\AppData\Local\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\user\AppData\Local\Google\Chrome\Application\51.0.2704.103\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\Application\51.0.2704.103\gcswf32.dll => No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Users\user\AppData\Local\Temp\avguirn_081564071720.exe
C:\Users\user\AppData\Local\Temp\avguirn_081633531342.exe
C:\Users\user\AppData\Local\Temp\avguirn_081837004668.exe
C:\Users\user\AppData\Local\Temp\avguirn_081882591180.exe
C:\Users\user\AppData\Local\Temp\avguirn_082049401482.exe
C:\Users\user\AppData\Local\Temp\avguirn_08991500070.exe
C:\Users\user\AppData\Local\Temp\libeay32.dll
C:\Users\user\AppData\Local\Temp\msvcr120.dll
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.26.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {0A693956-1BB4-4646-82EB-37D533E491BD} - System32\Tasks\MyDailyBackup => C:\Windows\winupd.exe <==== ATTENTION
Task: {0AAB7D55-9746-4188-9F23-B165433D4A4E} - System32\Tasks\ieuupp => Iexplore.exe "hxxp://mynightqueen.com/popup/test/index1.html"
Task: {1CB170F9-EE7C-4CDD-B6C2-856F29858D39} - System32\Tasks\{735FA132-6E9B-4AE8-AB9D-B7AB135CCD7E} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Trippleplus\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Trippleplus\uninstall.dat" -a uninstallme 76A206FF-3FB9-45EB-B3C2-6755014CCC77 DeviceId=932d07ce-8d25-ffce-a80f-5e0b794eb961 BarcodeId=50027003 ChannelId=3 DistributerName=APSnapdoAMRev
Task: {2A172ACC-E201-4C7D-B95C-95C6FC7F7FA0} - \impo -> No File <==== ATTENTION
Task: {3FCA676D-63BF-4190-8481-CC6A79AAD080} - System32\Tasks\Coexpip => C:\PROGRA~1\GROOVE~1\Xuhmi.bat <==== ATTENTION
Task: {9912A729-350F-4F45-842D-D8BEA85F3348} - System32\Tasks\Koioariuvn => C:\ProgramData\Koioariuvn\1.0.7.1\epliimsa.exe
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_USERS\S-1-5-21-2868262045-1904659868-213973561-1000\Software\Trolltech]
 
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
*****************
 
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2868262045-1904659868-213973561-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\user\AppData\Local\Google\Chrome\Application\51.0.2704.103\ppGoogleNaClPluginChrome.dll => not found.
C:\Users\user\AppData\Local\Google\Chrome\Application\51.0.2704.103\pdf.dll => not found.
C:\Users\user\AppData\Local\Google\Chrome\Application\51.0.2704.103\gcswf32.dll => not found.
catchme => service removed successfully
C:\Users\user\AppData\Local\Temp\avguirn_081564071720.exe => moved successfully
C:\Users\user\AppData\Local\Temp\avguirn_081633531342.exe => moved successfully
C:\Users\user\AppData\Local\Temp\avguirn_081837004668.exe => moved successfully
C:\Users\user\AppData\Local\Temp\avguirn_081882591180.exe => moved successfully
C:\Users\user\AppData\Local\Temp\avguirn_082049401482.exe => moved successfully
C:\Users\user\AppData\Local\Temp\avguirn_08991500070.exe => moved successfully
C:\Users\user\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\user\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\user\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}" => key removed successfully
"HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully
"HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-2868262045-1904659868-213973561-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A693956-1BB4-4646-82EB-37D533E491BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A693956-1BB4-4646-82EB-37D533E491BD}" => key removed successfully
C:\Windows\System32\Tasks\MyDailyBackup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyDailyBackup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AAB7D55-9746-4188-9F23-B165433D4A4E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AAB7D55-9746-4188-9F23-B165433D4A4E}" => key removed successfully
C:\Windows\System32\Tasks\ieuupp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ieuupp" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CB170F9-EE7C-4CDD-B6C2-856F29858D39}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CB170F9-EE7C-4CDD-B6C2-856F29858D39}" => key removed successfully
C:\Windows\System32\Tasks\{735FA132-6E9B-4AE8-AB9D-B7AB135CCD7E} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{735FA132-6E9B-4AE8-AB9D-B7AB135CCD7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A172ACC-E201-4C7D-B95C-95C6FC7F7FA0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A172ACC-E201-4C7D-B95C-95C6FC7F7FA0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\impo" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FCA676D-63BF-4190-8481-CC6A79AAD080}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FCA676D-63BF-4190-8481-CC6A79AAD080}" => key removed successfully
C:\Windows\System32\Tasks\Coexpip => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Coexpip" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9912A729-350F-4F45-842D-D8BEA85F3348}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9912A729-350F-4F45-842D-D8BEA85F3348}" => key removed successfully
C:\Windows\System32\Tasks\Koioariuvn => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Koioariuvn" => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
HKEY_USERS\S-1-5-21-2868262045-1904659868-213973561-1000\Software\Trolltech => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\S-1-5-21-2868262045-1904659868-213973561-1000\Software\Trolltech => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End ofCMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 100705575 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 710481332 B
Edge => 0 B
Chrome => 626397999 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 78587389 B
systemprofile32 => 66088 B
LocalService => 182568 B
NetworkService => 72550 B
user => 130988032 B
 
RecycleBin => 17167724 B
EmptyTemp: => 1.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:03:20 ====
 
I will observe the system over next couple of days and will let you know accordingly.
 
Thanks for your time and assistance.
 
Regards





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users