Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by pavola and s_gozi


  • This topic is locked This topic is locked
4 replies to this topic

#1 adrenalinethinder

adrenalinethinder

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 16 June 2017 - 05:08 AM

Hello Guys and thank you so much to everyones that will answer me.
 
When I tried to send a mail I got an error message from spamhouse.
In the first message my computer was infected by pavola and now by s-gozi.
 
I used avast, comodo and malwarebyte.
 
I can't use windows defender.
 
I used combofix before farbar because I read another guide... sorry.
 
To use combofix I have disinstalled avast and comodo because I could not turn off them.
 
This the log of farbar:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01
Ran by Matus (administrator) on MATUS-PC (16-06-2017 11:40:04)
Running from C:\Users\Matus\Desktop
Loaded Profiles: Matus & UpdatusUser (Available Profiles: Matus & UpdatusUser & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
() C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Users\Matus\Desktop\Microsoft Office Enterprise SP2 v12.6425.1000 Portable\Microsoft Office Excel 2007.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2017-05-05] (Realtek Semiconductor)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-05-31] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [ASUSQuickGesture(x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUSTPLoader(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek)
HKLM\...\Run: [ASUSQuickGesture(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-07-06] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [178848 2012-07-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2017-05-05] (Intel Corporation)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3386576 2017-03-30] (COMODO)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-06-12] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3133218669-2047727671-1780183130-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
HKU\S-1-5-21-3133218669-2047727671-1780183130-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [247144 2012-08-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-08-01] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 79.143.82.186 8.8.8.8
Tcpip\..\Interfaces\{016F81C3-9A4C-4110-9E1F-E9FD21606142}: [DhcpNameServer] 79.143.82.186 8.8.8.8
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3133218669-2047727671-1780183130-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3133218669-2047727671-1780183130-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-01] (Microsoft Corporation)
BHO: ASUS Browser Extension x64 -> {78234974-0C4B-4111-BDEB-D9A104418772} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll [2012-09-11] (ASUSTeK Computer Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-06-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-01] (Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
BHO-x32: ASUS Browser Extension x86 -> {78234974-0C4B-4111-BDEB-D9A104418771} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll [2012-09-11] (ASUSTeK Computer Inc.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-06-01] (Microsoft Corporation)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2017-05-11] [not signed]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2010-02-02] (Tracker Software Products Ltd.)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2017-05-11] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2010-02-02] (Tracker Software Products Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-07-31] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-07-31] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-05] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-3133218669-2047727671-1780183130-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Matus\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-05-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-3133218669-2047727671-1780183130-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2010-02-02] (Tracker Software Products Ltd.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.edx.org/course/conversational-english-skills-tsinghuax-30640014x-1"
CHR DefaultSearchKeyword: Default -> hunter
CHR Profile: C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default [2017-06-16]
CHR Extension: (Google Traduttore) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-05-05]
CHR Extension: (Presentazioni Google) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-05]
CHR Extension: (Learn English - Beelingo.com) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeefohgoiafgjjpihnoeofgijggpbmmf [2017-05-05]
CHR Extension: (SEOquake) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2017-05-18]
CHR Extension: (Documenti Google) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-05]
CHR Extension: (Google Drive) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-05]
CHR Extension: (Web Developer) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2017-05-05]
CHR Extension: (YouTube) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-05]
CHR Extension: (Open in SEMrush) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgblofegkokcojhgjfgfdbgbcalnpml [2017-05-05]
CHR Extension: (OneNote Online) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciniambnphakdoflgeamacamhfllbkmo [2017-06-06]
CHR Extension: (Fair AdBlocker App) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-05-21]
CHR Extension: (Link Research SEO Toolbar) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\eagkigdnclikabndlojagifehppodooi [2017-05-05]
CHR Extension: (MozBar) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2017-05-05]
CHR Extension: (Fogli Google) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-05]
CHR Extension: (Page Analytics (by Google)) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2017-05-05]
CHR Extension: (Fair Ads) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2017-05-21]
CHR Extension: (Google Documenti offline) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-05]
CHR Extension: (Hunter) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmhmanijnjhaffoampdlllchpolkdnj [2017-06-13]
CHR Extension: (LRT Power*Trust – PageRank Replacement) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmdcomhdlkhkfcpeihnbjchmbnophoi [2017-05-05]
CHR Extension: (Window Tiler) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdbbdcilpcejpjggageekankfnelfpj [2017-05-05]
CHR Extension: (RankTracker) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijnnoffpgmpkapkcpkjndfelijiddgob [2017-05-05]
CHR Extension: (Fair AdBlocker) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-05-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-05-09]
CHR Extension: (edX 
 Free online courses from the wo...) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbccddcociacleekgdakhppmnfgajnnf [2017-05-05]
CHR Extension: (Scraper) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd [2017-05-05]
CHR Extension: (MindMup 2.0 - Free Mind Map web site) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkgkheknpfngchmoaognoilfanomldfl [2017-05-05]
CHR Extension: (FreshStart – Gestore di Sessioni Browser) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb [2017-05-05]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-05]
CHR Extension: (Corporate Finance - Fortune 500) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\oabfkmieajccgpgbggikhflphjgpncbi [2017-05-05]
CHR Extension: (Chrome Sign Builder) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjaaghiehpobimgdjjfofmablbaleem [2017-05-05]
CHR Extension: (Outlook.com) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2017-05-05]
CHR Extension: (Gmail) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-05]
CHR Extension: (Chrome Media Router) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
CHR Extension: (Majestic Backlink Analyzer) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmjaflneibolacpepklokkjnakmikmg [2017-05-05]
CHR HKU\S-1-5-21-3133218669-2047727671-1780183130-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-05] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-06-12] (Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-04-24] (Disc Soft Ltd)
R2 DptfParticipantProcessorService; C:\Windows\SysWOW64\DptfParticipantProcessorService.exe [18944 2017-05-05] ()
R2 DptfPolicyConfigTDPService; C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe [19968 2017-05-05] ()
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2273432 2017-03-01] (Comodo)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [118480 2017-03-30] (COMODO)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10884848 2017-05-23] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [56704 2012-09-11] (ASUS Corporation)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [111104 2012-05-21] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [849408 2012-06-09] (Motorola Solutions, Inc.)
R3 DptfDevDram; C:\Windows\System32\DRIVERS\DptfDevDram.sys [107288 2012-02-20] (Intel Corporation)
R3 DptfDevFan; C:\Windows\System32\DRIVERS\DptfDevFan.sys [42776 2012-02-20] (Intel Corporation)
R3 DptfDevGen; C:\Windows\System32\DRIVERS\DptfDevGen.sys [64792 2012-02-20] (Intel Corporation)
R3 DptfDevPch; C:\Windows\System32\DRIVERS\DptfDevPch.sys [96024 2012-02-20] (Intel Corporation)
R3 DptfDevProc; C:\Windows\System32\DRIVERS\DptfDevProc.sys [220952 2012-02-20] (Intel Corporation)
R3 DptfManager; C:\Windows\System32\DRIVERS\DptfManager.sys [357656 2012-02-20] (Intel Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-05-11] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-05-11] (Disc Soft Ltd)
R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-03-30] (COMODO)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [252832 2017-06-16] (Malwarebytes)
U3 aswbdisk; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-16 11:40 - 2017-06-16 11:40 - 00029748 _____ C:\Users\Matus\Desktop\FRST.txt
2017-06-16 11:39 - 2017-06-16 11:40 - 00000000 ____D C:\FRST
2017-06-16 11:38 - 2017-06-16 11:38 - 02438656 _____ (Farbar) C:\Users\Matus\Desktop\FRST64.exe
2017-06-16 10:56 - 2017-06-16 10:56 - 00041325 _____ C:\ComboFix.txt
2017-06-16 10:27 - 2017-06-16 10:27 - 05659652 ____R (Swearware) C:\Users\Matus\Desktop\ComboFix.exe
2017-06-16 10:27 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2017-06-16 10:27 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2017-06-16 10:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-06-16 10:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-06-16 10:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-06-16 10:27 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2017-06-16 10:27 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2017-06-16 10:27 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2017-06-16 10:25 - 2017-06-16 10:25 - 00000000 ____D C:\OneDriveTemp
2017-06-16 10:12 - 2017-06-16 10:57 - 00000000 ____D C:\Qoobox
2017-06-16 10:12 - 2017-06-16 10:52 - 00000000 ____D C:\Windows\erdnt
2017-06-16 10:04 - 2017-06-16 10:04 - 05659652 _____ (Swearware) C:\Users\Matus\Downloads\ComboFix.exe
2017-06-15 17:53 - 2017-06-15 17:53 - 00000698 _____ C:\Users\Matus\Downloads\download (35).csv
2017-06-15 16:11 - 2017-06-15 16:11 - 00033364 _____ C:\Users\Matus\Downloads\download (34).csv
2017-06-15 16:08 - 2017-06-15 16:08 - 00029490 _____ C:\Users\Matus\Downloads\download (33).csv
2017-06-15 15:56 - 2017-06-15 15:56 - 00000000 ____D C:\Users\Matus\AppData\Roaming\Wireshark
2017-06-15 15:54 - 2017-06-15 15:54 - 00001786 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2017-06-15 15:53 - 2017-06-15 15:54 - 00000000 ____D C:\Program Files\Wireshark
2017-06-15 15:47 - 2017-06-15 15:49 - 49400720 _____ (Wireshark development team) C:\Users\Matus\Downloads\Wireshark-win64-2.2.7.exe
2017-06-15 14:51 - 2017-06-15 14:54 - 138611992 _____ (Microsoft Corporation) C:\Users\Matus\Downloads\msert.exe
2017-06-15 14:39 - 2017-06-15 14:39 - 00291606 _____ C:\Users\Matus\Downloads\TCPView.zip
2017-06-15 14:39 - 2017-06-15 14:39 - 00000000 ____D C:\Users\Matus\Downloads\TCPView
2017-06-15 14:11 - 2017-06-15 14:14 - 00000000 ____D C:\Users\Matus\AppData\Local\NPE
2017-06-15 14:11 - 2017-06-15 14:11 - 03435768 _____ (Symantec Corporation) C:\Users\Matus\Downloads\NPE.exe
2017-06-15 14:11 - 2017-06-15 14:11 - 00000000 ____D C:\ProgramData\Norton
2017-06-15 11:07 - 2017-06-15 11:07 - 00000000 ____D C:\Users\Matus\AppData\Local\CEF
2017-06-15 11:05 - 2017-06-16 10:24 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-15 11:01 - 2017-06-15 11:09 - 00427908 _____ C:\Windows\ntbtlog.txt
2017-06-15 10:37 - 2017-06-15 10:37 - 00000000 ____D C:\ProgramData\McAfee
2017-06-14 23:25 - 2017-06-14 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-13 16:08 - 2017-06-13 16:08 - 00009074 _____ C:\Users\Matus\Documents\13 numeri.xlsx
2017-06-13 09:33 - 2017-06-13 09:37 - 00000000 ____D C:\Users\Matus\Downloads\documenti
2017-06-12 15:09 - 2017-06-12 15:10 - 00241756 _____ C:\Users\Matus\Desktop\jack london - fuoco.pdf
2017-06-12 13:55 - 2017-06-12 13:55 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-06-12 13:52 - 2017-06-12 13:52 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-06-08 13:15 - 2017-06-08 13:15 - 00001166 _____ C:\Users\Matus\Desktop\linkbuilding.lnk
2017-06-07 16:16 - 2017-06-07 16:16 - 00001721 _____ C:\Users\Matus\Desktop\Microsoft Office Excel 2007.exe - Shortcut.lnk
2017-06-07 16:15 - 2017-06-07 16:15 - 00001716 _____ C:\Users\Matus\Desktop\Microsoft Office Word 2007.exe - Shortcut.lnk
2017-06-07 12:35 - 2017-06-07 12:35 - 00000866 _____ C:\Users\Matus\Downloads\download (32).csv
2017-06-06 18:57 - 2017-06-06 18:57 - 00001945 _____ C:\Users\Matus\Downloads\risultati-zero-www-auraweb-it-spiegami-il-tool.csv
2017-06-06 12:32 - 2017-06-06 12:32 - 00030289 _____ C:\Users\Matus\Downloads\download (31).csv
2017-06-06 12:00 - 2017-06-06 12:00 - 00361795 _____ C:\Users\Matus\Downloads\Sintesi_Dati_AudiwebDatabase_Marzo2017.xlsx
2017-06-06 10:37 - 2017-06-06 10:37 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-06-06 10:37 - 2017-06-06 10:37 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2017-06-06 10:37 - 2017-06-06 10:37 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2017-06-06 10:37 - 2017-06-06 10:37 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2017-06-06 10:37 - 2017-06-06 10:37 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2017-06-06 10:37 - 2017-06-06 10:37 - 00000000 ____D C:\Users\DefaultAppPool
2017-06-06 10:37 - 2017-05-11 10:00 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2017-06-06 10:37 - 2017-05-05 21:39 - 00002104 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-06-06 10:37 - 2011-04-12 10:28 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2017-06-06 10:11 - 2017-06-06 10:11 - 00002730 _____ C:\Users\Matus\Desktop\OneNote Online.lnk
2017-06-06 10:06 - 2017-06-06 10:07 - 00000000 ____D C:\Users\Matus\Documents\Microsoft Office Enterprise SP2 v12.6425.1000 Portable
2017-06-05 12:49 - 2017-06-05 12:49 - 00000454 _____ C:\Users\Matus\Downloads\download (30).csv
2017-06-05 12:47 - 2017-06-05 12:47 - 00000562 _____ C:\Users\Matus\Downloads\download (29).csv
2017-06-05 12:46 - 2017-06-05 12:46 - 00001203 _____ C:\Users\Matus\Downloads\download (28).csv
2017-06-03 11:00 - 2017-06-03 11:02 - 00000000 ____D C:\Users\Matus\Downloads\immagini redbull
2017-06-01 18:44 - 2017-06-01 18:44 - 00014777 _____ C:\Users\Matus\Downloads\download (27).csv
2017-06-01 18:33 - 2017-06-01 18:33 - 00001767 _____ C:\Users\Matus\Downloads\download (26).csv
2017-06-01 14:40 - 2017-06-01 14:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-01 14:40 - 2017-06-01 14:40 - 00002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-06-01 14:40 - 2017-06-01 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strumenti di Microsoft Office 2016
2017-06-01 14:35 - 2017-06-03 10:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-01 14:34 - 2017-06-01 14:34 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-06-01 14:33 - 2017-06-01 14:33 - 04127032 _____ (Microsoft Corporation) C:\Users\Matus\Downloads\setuponenotefreeretail.x86.it-it_ (2).exe
2017-06-01 13:00 - 2017-06-09 10:27 - 00000000 ___RD C:\Users\Matus\Desktop\Microsoft Office Enterprise SP2 v12.6425.1000 Portable
2017-06-01 12:53 - 2017-06-01 12:53 - 00000000 ____D C:\Windows\SysWOW64\BestPractices
2017-06-01 12:53 - 2017-06-01 12:53 - 00000000 ____D C:\Windows\system32\BestPractices
2017-06-01 12:53 - 2017-06-01 12:53 - 00000000 ____D C:\inetpub
2017-06-01 12:38 - 2017-06-01 12:39 - 48524296 _____ (Microsoft Corporation) C:\Users\Matus\Downloads\NetFx20SP2_x64.exe
2017-06-01 12:22 - 2017-06-01 12:22 - 01381582 _____ (Igor Pavlov) C:\Users\Matus\Downloads\7z1604-x64 (1).exe
2017-06-01 12:02 - 2017-06-16 10:42 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-01 12:02 - 2017-06-15 12:01 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-06-01 12:02 - 2017-06-15 12:01 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-06-01 12:02 - 2017-06-15 12:01 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-01 12:02 - 2017-06-08 12:10 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-01 12:02 - 2017-06-01 12:04 - 00000000 ____D C:\Users\Matus\Downloads\Office Professional Plus 2010 sp1 x86 x64
2017-06-01 12:02 - 2017-06-01 12:02 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-06-01 12:02 - 2017-06-01 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-01 12:02 - 2017-06-01 12:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-01 12:02 - 2017-06-01 12:02 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-01 12:01 - 2017-06-01 12:22 - 2193427410 _____ C:\Users\Matus\Downloads\Microsoft Office Enterprise 2007 SP3 (ALBERCLAUS 23-10-2014) Portable ita.rar
2017-06-01 12:01 - 2017-06-01 12:01 - 00103078 _____ C:\Users\Matus\Downloads\Office Professional 2010 Plus Sp1 x86 x64.torrent
2017-06-01 11:59 - 2017-06-01 11:59 - 00002679 _____ C:\Users\Matus\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2017-06-01 11:58 - 2017-06-01 13:05 - 00000000 ____D C:\Users\Matus\AppData\Roaming\BitTorrent
2017-06-01 11:58 - 2017-06-01 11:59 - 64025992 _____ (Malwarebytes ) C:\Users\Matus\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.139-1.0.2060.exe
2017-06-01 11:58 - 2017-06-01 11:58 - 02411720 _____ (BitTorrent Inc.) C:\Users\Matus\Downloads\BitTorrent.exe
2017-06-01 11:57 - 2017-06-01 11:57 - 00084367 _____ C:\Users\Matus\Downloads\Microsoft Office Enterprise 2007 SP3 (32-64bit).torrent
2017-05-29 17:35 - 2017-05-29 17:35 - 00519119 _____ C:\Users\Matus\Downloads\websitezoom.htm
2017-05-29 16:41 - 2017-05-29 16:41 - 00000637 _____ C:\Users\Matus\Downloads\download (25).csv
2017-05-29 16:06 - 2017-05-29 16:06 - 00136912 _____ C:\Users\Matus\Downloads\download.htm
2017-05-29 11:19 - 2017-05-29 11:24 - 287309824 _____ C:\Users\Matus\Downloads\gparted-live-0.28.1-1-i686.iso
2017-05-29 11:17 - 2017-05-29 11:17 - 07784960 _____ (Thomas Tsai) C:\Users\Matus\Downloads\tuxboot-0.8.3.exe
2017-05-26 15:51 - 2017-05-26 15:51 - 00000000 ____D C:\Users\Matus\AppData\LocalLow\Temp
2017-05-26 10:23 - 2017-05-26 10:23 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2017-05-23 09:34 - 2017-05-23 09:34 - 00001472 _____ C:\Users\Matus\Downloads\download (24).csv
2017-05-22 18:49 - 2017-05-22 18:49 - 00000000 ____D C:\Users\Matus\AppData\Local\TeamViewer
2017-05-22 18:47 - 2017-06-06 09:18 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-05-22 18:47 - 2017-06-06 09:18 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-05-22 18:47 - 2017-05-26 15:33 - 00000000 ____D C:\Users\Matus\AppData\Roaming\TeamViewer
2017-05-22 18:46 - 2017-06-16 11:02 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-05-22 18:45 - 2017-05-22 18:45 - 14725904 _____ (TeamViewer GmbH) C:\Users\Matus\Downloads\TeamViewer_Setup.exe
2017-05-22 12:01 - 2017-05-22 12:01 - 04591347 _____ C:\Users\Matus\Downloads\man_bampt_it.pdf
2017-05-19 23:54 - 2017-05-19 23:54 - 00000000 ____D C:\Users\Matus\AppData\Local\Adobe_Systems_Incorporate
2017-05-19 23:53 - 2017-05-19 23:59 - 00000000 ____D C:\Users\Matus\Documents\My Digital Editions
2017-05-19 23:53 - 2017-05-19 23:53 - 00002188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk
2017-05-19 23:52 - 2017-05-19 23:52 - 08649240 _____ (Adobe Systems Incorporated) C:\Users\Matus\Downloads\ADE_4.5_Installer.exe
2017-05-18 15:45 - 2017-05-18 15:45 - 00011448 _____ C:\Users\Matus\Downloads\download (23).csv
2017-05-18 15:45 - 2017-05-18 15:45 - 00011448 _____ C:\Users\Matus\Downloads\download (22).csv
2017-05-18 15:45 - 2017-05-18 15:45 - 00009960 _____ C:\Users\Matus\Downloads\download (21).csv
2017-05-17 17:14 - 2017-05-17 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2017-05-17 17:14 - 2017-05-17 17:14 - 00000000 ____D C:\Program Files\AutoHotkey
2017-05-17 17:13 - 2017-05-17 17:13 - 03117579 _____ C:\Users\Matus\Downloads\AutoHotkey_1.1.25.02_setup.exe
2017-05-17 14:26 - 2017-05-17 14:26 - 00001317 _____ C:\Users\Matus\Downloads\download (20).csv
2017-05-17 10:27 - 2017-05-17 10:27 - 00013874 _____ C:\Users\Matus\Downloads\download (19).csv
2017-05-17 09:52 - 2017-05-17 09:52 - 00022896 _____ C:\Users\Matus\Downloads\D-legisl-n-74-del-1992.pdf
2017-05-17 09:40 - 2017-05-17 09:40 - 00000132 _____ C:\Users\Matus\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-05-17 09:24 - 2017-05-17 09:24 - 00000928 _____ C:\Users\Matus\Desktop\PDF-Viewer.lnk
2017-05-17 09:24 - 2017-05-17 09:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2017-05-17 09:24 - 2017-05-17 09:24 - 00000000 ____D C:\Program Files\Tracker Software
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-16 11:29 - 2017-05-12 15:03 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3133218669-2047727671-1780183130-1000.job
2017-06-16 11:25 - 2017-05-05 21:48 - 00000000 ____D C:\Users\Matus\AppData\LocalLow\Mozilla
2017-06-16 10:49 - 2009-07-14 06:45 - 00029584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-16 10:49 - 2009-07-14 06:45 - 00029584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-16 10:47 - 2009-07-14 07:13 - 00882604 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-16 10:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-06-16 10:45 - 2017-05-05 21:40 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-06-16 10:43 - 2017-05-05 21:40 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-06-16 10:43 - 2017-05-05 20:33 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-06-16 10:43 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2017-06-16 10:42 - 2017-05-05 20:22 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-16 10:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-16 10:26 - 2017-05-05 21:39 - 00000000 ___RD C:\Users\Matus\OneDrive
2017-06-16 10:25 - 2017-05-09 10:43 - 00000000 ___RD C:\Users\Matus\Google Drive
2017-06-16 10:25 - 2017-05-05 21:38 - 00000000 ____D C:\Users\Matus\AppData\Roaming\Skype
2017-06-16 10:19 - 2017-05-05 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-06-16 10:19 - 2017-05-05 21:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-16 10:19 - 2017-05-05 21:11 - 00000000 ____D C:\ProgramData\Comodo
2017-06-16 10:18 - 2017-05-05 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2017-06-16 09:50 - 2017-05-12 15:03 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3133218669-2047727671-1780183130-1000.job
2017-06-15 15:53 - 2017-05-08 11:17 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-15 14:44 - 2017-05-05 20:33 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-06-15 12:13 - 2017-05-08 11:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-15 12:13 - 2017-05-08 11:18 - 00000000 ____D C:\ProgramData\Skype
2017-06-15 12:07 - 2017-05-15 09:28 - 00000000 ____D C:\Windows\pss
2017-06-15 11:11 - 2017-05-05 20:22 - 00000000 ____D C:\temp
2017-06-14 23:25 - 2017-05-05 21:40 - 00000000 ____D C:\Users\Matus\AppData\Local\Dropbox
2017-06-14 23:25 - 2017-05-05 21:40 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-14 13:20 - 2017-05-05 21:39 - 00003172 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-14 13:20 - 2017-05-05 21:39 - 00002160 _____ C:\Users\Matus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-06-14 11:25 - 2017-05-12 15:03 - 00003684 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3133218669-2047727671-1780183130-1000
2017-06-14 11:25 - 2017-05-12 15:03 - 00003588 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3133218669-2047727671-1780183130-1000
2017-06-08 17:55 - 2017-05-05 21:31 - 00000000 ____D C:\Users\Matus\AppData\Local\CrashDumps
2017-06-06 10:11 - 2017-05-05 21:05 - 00000000 ____D C:\Users\Matus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome
2017-06-06 10:07 - 2017-05-09 11:43 - 00000000 ____D C:\Users\Matus\Documents\Blocchi appunti di OneNote
2017-06-06 09:06 - 2009-07-14 06:45 - 05022888 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-05 15:54 - 2017-05-05 20:16 - 00118896 _____ C:\Users\Matus\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-05 12:34 - 2017-05-05 20:14 - 00000000 ____D C:\Users\Matus\AppData\Local\VirtualStore
2017-06-01 14:40 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-06-01 13:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-06-01 12:53 - 2017-05-11 10:20 - 00837078 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-06-01 12:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2017-06-01 12:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\inetsrv
2017-06-01 11:32 - 2017-05-05 21:26 - 00000000 ____D C:\Program Files\Microsoft Office
2017-06-01 11:32 - 2011-04-12 10:28 - 00000000 ____D C:\Windows\ShellNew
2017-06-01 11:32 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2017-06-01 11:32 - 2009-07-14 04:34 - 00000387 _____ C:\Windows\win.ini
2017-05-31 19:48 - 2017-05-09 16:26 - 00005104 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Matus-PC-Matus Matus-PC
2017-05-19 23:58 - 2017-05-11 09:58 - 00000000 ____D C:\Users\Matus\AppData\Roaming\Adobe
2017-05-19 23:53 - 2017-05-11 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2017-05-19 23:53 - 2017-05-11 10:00 - 00000000 ____D C:\Program Files (x86)\Adobe
 
==================== Files in the root of some directories =======
 
2017-05-17 09:40 - 2017-05-17 09:40 - 0000132 _____ () C:\Users\Matus\AppData\Roaming\Adobe PNG Format CS5 Prefs
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-12 14:04
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:02 AM

Posted 19 June 2017 - 11:54 AM

adrenalinethinder:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum. My name is Phil. May I address you by your first name?

I will be assisting you with your computer issues. I will endeavor to respond within a reasonable time, normally 48 hours after your last post.

In future, I would ask that you please copy and paste the contents of all requested log files directly into your replies. I know that the instructions do say to attach the "Addition.txt" file, but it is much faster for me to analyze the logs when that are copied and pasted into your replies. Please do not use "code" or "quote" boxes. Thank you for your anticipated cooperation.

I will need some time to review your FRST logs. That could take a day or two. I hope to respond to you tomorrow (Tuesday).

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

Thank you and have a great day.

Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:02 AM

Posted 20 June 2017 - 09:43 AM

adrenalinethinder:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: I note right away in your FRST logs that your Internet Explorer version is 8. The current version is 11. Do you know why Windows Update has not updated your Internet Explorer to Version 11?
Older software versions have malware vulnerabilities. It is very important to keep all of programs, including Windows, fully updated and current.

.

:step2: Bleeping Computer does not recommend that users run ComboFix on their own, unless they have been trained in its use. It is an extremely powerful program that can render your computer unbootable. Please see this link for more information.

Please open an Administrative Command Prompt and type in the command

ComboFix /uninstall

.

:step3: Do you know about this Google Chrome extension:

 

CHR Extension: (edX
Free online courses from the wo...) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbccddcociacleekgdakhppmnfgajnnf [2017-05-05]

 

I am not getting any hits when I search that extension, except for your topic. That makes this extension very suspect. If you do not know about it, you should go to Google Chrome settings and disable/remove this extension.

Also, this Google Chrome extension:

 

CHR Extension: (FreshStart – Gestore di Sessioni Browser) - C:\Users\Matus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb [2017-05-05]


I did find this reference to this Chrome extension. You may keep it, if you wish. It is your computer.

.

:step4: In going over your logs I noticed that you have BitTorrent installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

.


:step5: Do you know what this program is? Did you install it?

 

PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden

 

.

:step6: Please run a FRST fix for me. I will be removing remnants of Avast and McAfee that I am seeing in your logs, even though neither program is installed.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3133218669-2047727671-1780183130-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
U3 aswbdisk; no ImagePath
2017-06-15 11:05 - 2017-06-16 10:24 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-15 10:37 - 2017-06-15 10:37 - 00000000 ____D C:\ProgramData\McAfee
File: C:\Users\Matus\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileCoAuthLib64.dll
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST/FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

:step7: The "Addition.txt" Security Center section is of concern to me.

 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


You have no up-to-date anti-virus and/or anti-malware applications running on your computer. That is a recipe for becoming infected. I know that you removed Avast and I am also seeing McAfee remnants.

I am seeing that Malwarebytes is installed on your computer. Am I correct in assuming that it is the free version?

You also stated that you could not get Windows Defender to run. What error messages are you getting from Windows Defender? Might this be related to possible Windows Update issues? Any information that you can provide will assist me to help you.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:02 AM

Posted 23 June 2017 - 09:56 AM

adrenalinethinder:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:02 AM

Posted 25 June 2017 - 06:16 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users