Jump to content

Explorer only really works on safe mode.


tasanhalas
 Share

Recommended Posts

So, my pc clearly got infected, runned my anti-virus (mse) and got nothing, downloaded ccleaner and malware bytes, they both cleaned a lot and ordered a reboot, I did, and all I got was a black screen with my mouse pointer... Got on safe mode and runned Microsoft online scanner and ESET, they both cleaned some things. And now I can reboot to normal mode, but I can't press anything without freezing and task manager won't even show up...

Any help would be appreciated

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin...

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

 

 

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  •  

     

  • Double-click to run it. When the tool opens click Yes to disclaimer.

     

     

  • Press Scan button.

     

     

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

     

     

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

     

     

 

 

Kevin...

 

 

 

So, here is the FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014

Ran by Duarte (administrator) on TASANHALAS on 26-09-2014 00:53:08
Running from C:\Users\Duarte\Downloads
Loaded Profile: Duarte (Available profiles: Duarte & Convidado)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Português (Portugal)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Duarte\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Duarte\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Duarte\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [avast5] => "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [tuto4pc_pt_17] => [X]
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-07-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\Run: [Google Update] => C:\Users\Duarte\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-09-05] (Google Inc.)
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe [136136 2007-09-06] (DT Soft Ltd.)
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-07-23] (AMD)
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\Run: [spotify Web Helper] => C:\Users\Duarte\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-10] (Spotify Ltd)
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\MountPoints2: N - N:\AutoRun.exe
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\MountPoints2: {185fa81d-da31-11e1-b7a3-00266c6de539} - K:\AutoRun.exe
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\MountPoints2: {2d674931-17a6-11e3-96a2-00266c6de539} - K:\LGAutoRun.exe
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\MountPoints2: {484ecf65-b6a8-11e0-b7e9-b482fec2f390} - N:\AutoRun.exe
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\MountPoints2: {484ecf6a-b6a8-11e0-b7e9-b482fec2f390} - U:\AutoRun.exe
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\MountPoints2: {4ec0f3fa-f193-11e3-b52f-00266c6de539} - M:\Startme.exe
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\MountPoints2: {6ab29b84-7d8f-11e0-80ae-00266c6de539} - P:\autorun.exe
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\MountPoints2: {6ab29b85-7d8f-11e0-80ae-00266c6de539} - Q:\autorun.exe
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\MountPoints2: {6ab29b8c-7d8f-11e0-80ae-00266c6de539} - R:\setup.exe
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\MountPoints2: {add65cca-b8e0-11df-837a-00266c6de539} - F:\autorun.exe
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\MountPoints2: {c7eaf11d-2e36-11e1-806c-00266c6de539} - N:\Startme.exe
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\MountPoints2: {cc1e83c0-c32e-11e2-9b7c-806e6f6e6963} - I:\autorun.exe
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\MountPoints2: {df353e69-327b-11e1-9416-b482fec2f390} - N:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\MountPoints2: {e3e8cb83-180e-11e0-9b16-00266c6de539} - I:\setup.exe
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\MountPoints2: {fb7e1fef-3301-11e1-84a4-00a0c6000000} - O:\AutoRun.exe
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\MountPoints2: {fb7e1ffd-3301-11e1-84a4-00a0c6000000} - N:\AutoRun.exe
HKU\S-1-5-21-2600478130-2163005085-2260933331-1001\...\MountPoints2: {fb7e200d-3301-11e1-84a4-00a0c6000000} - N:\AutoRun.exe
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
Startup: C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Duarte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Duarte\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://toshiba.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {D99A0E27-4811-44C6-9CBB-F2E1ABC2A571} URL = http://rover.ebay.com/rover/1/710-71511-9400-6/4?satitle={searchTerms}
SearchScopes: HKCU - {DD7C0768-BDA4-44B8-8478-A99D37BB3295} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=12.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=12.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Duarte\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Duarte\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Duarte\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Duarte\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: electronicarts.com/GameFacePlugin -> C:\Users\Duarte\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
 
Chrome: 
=======
CHR Profile: C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-11-27]
CHR Extension: (wareztuga.tv streamer) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajnommifabkikkfaponcacapkfaghkcj [2013-08-15]
CHR Extension: (Show the YouTube Channel bar or the name.) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2011-11-13]
CHR Extension: (Stunt Pilot) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglbbacijbbjccjggbnnfcllpihdcmfa [2012-01-24]
CHR Extension: (Gun Bros) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciamkmigckbgfajcieiflmkedohjjohh [2011-11-26]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2012-05-25]
CHR Extension: (Frogger Classic Arcade Game) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\djpkhmboibndifbkjcomcmiocjpfahpf [2013-05-08]
CHR Extension: (Session Buddy) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2013-11-27]
CHR Extension: (AdBlock) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-26]
CHR Extension: (Rail Rush) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkgcekpnnljleiiodkaakhiiikhjbpjd [2013-06-13]
CHR Extension: (DinerTown Tycoon) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\heegnemegpfahhkealmbjionamlefmof [2013-06-22]
CHR Extension: (Don't Starve) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc [2013-05-12]
CHR Extension: (Plants vs Zombies HD Reloaded) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjkhoacaklmakefhjplfdnadddjfhaof [2013-09-25]
CHR Extension: (Gun Blood) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifphbghhodpimajnjejgjlfcjmnnkhci [2011-11-23]
CHR Extension: (Apple Shooter) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm [2011-11-27]
CHR Extension: (LEGO Star Wars - The Quest for R2-D2) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcjbcgfmgdinmcljnafppclcmckchoca [2013-06-22]
CHR Extension: (Isoball) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejjemnehdnkjkjnjbiilhlpnbliolhf [2011-12-09]
CHR Extension: (SparkChess 7) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2013-05-12]
CHR Extension: (Break The Wall) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhfgnobmdkblmbdahcnpajbjnfmknpn [2013-01-30]
CHR Extension: (Fieldrunners) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpikhjbfbffdblahfidklcohlaeabak [2012-01-12]
CHR Extension: (Plants vs Zombies) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2013-05-08]
CHR Extension: (Google Wallet) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Achilles 2) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\obaeennkdbefpigohdpngkaaejkejkff [2013-04-13]
CHR Extension: (Flow Colors) - C:\Users\Duarte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnmelddedlommnmllmfhoephaidddmk [2014-01-03]
CHR StartMenuInternet: Google Chrome - C:\Users\Duarte\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2013-08-26] (AOMEI Tech Co., Ltd.)
S2 fsproflt; C:\Windows\SysWOW64\fsproflt.exe [142648 2010-01-06] (FSPro Labs)
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 msftesql$CSSQL05; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [91992 2010-03-26] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S2 MSSQL$CSSQL05; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2010-10-03] ()
S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-05-07] () [File not signed]
S2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2013-05-07] () [File not signed]
S2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2013-02-06] () [File not signed]
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2014-03-28] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2014-03-28] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2014-03-28] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93696 2014-03-28] (LG Electronics Inc.)
S3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
R0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [55440 2008-06-06] (FSPro Labs)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] () [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-05-22] (Duplex Secure Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106408 2012-12-19] (Oracle Corporation)
S3 ALSysIO; \??\C:\Users\Duarte\AppData\Local\Temp\ALSysIO64.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 WPRO_40_755; system32\drivers\WPRO_40_755.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-26 00:53 - 2014-09-26 00:54 - 00023499 _____ () C:\Users\Duarte\Downloads\FRST.txt
2014-09-26 00:52 - 2014-09-26 00:53 - 00000000 ____D () C:\FRST
2014-09-26 00:52 - 2014-09-26 00:52 - 02108928 _____ (Farbar) C:\Users\Duarte\Downloads\FRST64.exe
2014-09-25 23:27 - 2014-09-25 23:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 23:26 - 2014-09-25 23:26 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-25 23:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-25 23:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-25 23:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-25 19:29 - 2014-09-25 19:29 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-25 09:28 - 2014-09-25 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-25 09:28 - 2014-09-25 23:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-25 09:28 - 2014-09-25 09:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-25 09:26 - 2014-09-25 09:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Duarte\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-25 00:29 - 2014-09-25 22:10 - 00000000 ____D () C:\Users\Duarte\AppData\Roaming\gen64
2014-09-24 14:32 - 2014-09-25 23:16 - 00000000 ____D () C:\Users\Duarte\AppData\Roaming\amdc
2014-09-24 12:53 - 2014-09-25 10:01 - 00000000 ____D () C:\Users\Duarte\AppData\Roaming\E118B746-E251-4AF0-B973-A6622ABC1DC2
2014-09-24 12:52 - 2014-09-25 09:25 - 00000000 __SHD () C:\Users\Duarte\AppData\Roaming\FolderName
2014-09-16 14:49 - 2014-09-16 14:50 - 70588616 _____ () C:\Users\Duarte\Downloads\PS_AIO_06_B109n-z_USW_Basic_Win_ptb_140_175.exe
2014-09-14 23:25 - 2014-09-14 23:25 - 00003128 _____ () C:\Windows\System32\Tasks\{0C96553A-4940-4C9D-9AD4-0CF1F500B74D}
2014-09-13 12:08 - 2014-09-13 12:08 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-09-12 19:05 - 2014-09-13 12:08 - 00000000 ____D () C:\Users\Duarte\AppData\Local\CAPCOM
2014-09-10 17:05 - 2014-08-19 19:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 17:05 - 2014-08-19 18:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 17:05 - 2014-08-19 00:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 17:05 - 2014-08-18 23:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 17:05 - 2014-08-18 23:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 17:05 - 2014-08-18 23:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 17:05 - 2014-08-18 23:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 17:05 - 2014-08-18 23:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 17:05 - 2014-08-18 23:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 17:05 - 2014-08-18 23:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 17:05 - 2014-08-18 23:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 17:05 - 2014-08-18 23:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 17:05 - 2014-08-18 23:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 17:05 - 2014-08-18 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 17:05 - 2014-08-18 22:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 17:05 - 2014-08-18 22:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 17:05 - 2014-08-18 22:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 17:05 - 2014-08-18 22:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 17:05 - 2014-08-18 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 17:05 - 2014-08-18 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 17:05 - 2014-08-18 22:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 17:05 - 2014-08-18 22:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 17:05 - 2014-08-18 22:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 17:05 - 2014-08-18 22:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 17:05 - 2014-08-18 22:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 17:05 - 2014-08-18 22:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 17:05 - 2014-08-18 22:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 17:05 - 2014-08-18 22:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 17:05 - 2014-08-18 22:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 17:05 - 2014-08-18 22:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 17:05 - 2014-08-18 22:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 17:05 - 2014-08-18 22:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 17:05 - 2014-08-18 22:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 17:05 - 2014-08-18 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 17:05 - 2014-08-18 22:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 17:05 - 2014-08-18 22:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 17:05 - 2014-08-18 21:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 17:04 - 2014-08-18 23:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 17:04 - 2014-08-18 23:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 17:04 - 2014-08-18 23:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 17:04 - 2014-08-18 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 17:04 - 2014-08-18 23:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 17:04 - 2014-08-18 23:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 17:04 - 2014-08-18 22:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 17:04 - 2014-08-18 22:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 17:04 - 2014-08-18 22:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 17:04 - 2014-08-18 22:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 17:04 - 2014-08-18 22:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 17:04 - 2014-08-18 22:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 17:04 - 2014-08-18 22:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 17:04 - 2014-08-18 22:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 17:04 - 2014-08-18 22:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 17:04 - 2014-08-18 21:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 17:04 - 2014-08-18 21:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 17:04 - 2014-08-18 21:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 17:04 - 2014-08-18 21:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 16:50 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 16:50 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 16:50 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 16:50 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 16:50 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-09 20:02 - 2014-09-09 20:03 - 00000000 ____D () C:\Users\Duarte\Documents\FIFA 15 Demo
2014-09-08 11:04 - 2014-05-17 03:35 - 00044744 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2014-09-08 11:03 - 2014-09-08 11:04 - 00000000 ____D () C:\ProgramData\Hotspot Shield
2014-09-08 11:03 - 2014-09-08 11:04 - 00000000 ____D () C:\Program Files (x86)\Hotspot Shield
2014-09-08 11:03 - 2014-09-08 11:03 - 00000000 ____D () C:\Users\Duarte\AppData\Roaming\Hotspot Shield
2014-09-08 11:03 - 2014-09-08 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2014-09-08 02:25 - 2014-09-08 02:26 - 07787136 _____ () C:\Users\Duarte\Downloads\HSS-3.42-install-e-550-plain.exe
2014-08-28 12:26 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 12:26 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 12:26 - 2014-08-23 01:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 12:17 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-28 12:17 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-28 12:17 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-28 12:17 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-28 12:16 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-28 12:16 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-28 12:16 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-28 12:16 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-28 12:16 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-28 12:16 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-28 12:16 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-28 12:16 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-28 12:16 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-28 12:16 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-26 00:39 - 2010-09-30 20:01 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 00:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 00:38 - 2013-03-16 11:55 - 00107466 _____ () C:\Windows\setupact.log
2014-09-26 00:31 - 2013-08-26 19:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-26 00:31 - 2013-08-11 13:16 - 00242232 _____ () C:\Windows\PFRO.log
2014-09-26 00:30 - 2011-06-06 14:29 - 00000000 ___RD () C:\Users\Duarte\Dropbox
2014-09-26 00:30 - 2010-04-29 18:05 - 01597223 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 00:30 - 2010-04-01 07:59 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-09-26 00:26 - 2010-09-05 12:38 - 00001022 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2600478130-2163005085-2260933331-1001UA.job
2014-09-26 00:08 - 2013-08-26 19:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-26 00:08 - 2013-08-26 19:10 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-26 00:08 - 2013-08-26 19:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-25 23:50 - 2010-09-30 20:01 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 23:26 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 23:26 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 23:20 - 2011-06-06 14:28 - 00000000 ____D () C:\Users\Duarte\AppData\Roaming\Dropbox
2014-09-25 23:18 - 2010-09-05 12:14 - 00000000 ____D () C:\Users\Duarte
2014-09-25 23:16 - 2014-04-24 13:35 - 00000000 ____D () C:\Users\Duarte\Downloads\genie14_setup_14.3.1_b418
2014-09-25 23:16 - 2013-09-29 19:57 - 00000000 ____D () C:\Users\Duarte\Documents\FIFA 14
2014-09-25 23:16 - 2012-04-22 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-25 23:16 - 2011-04-23 22:41 - 00000000 ____D () C:\Users\Convidado
2014-09-25 23:16 - 2010-11-17 19:47 - 00000000 ____D () C:\Windows\Minidump
2014-09-25 23:16 - 2010-09-26 22:56 - 00000000 ____D () C:\Users\Duarte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-25 23:16 - 2010-09-26 22:56 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2014-09-25 23:16 - 2010-09-05 17:51 - 00000000 ____D () C:\Users\Duarte\AppData\Roaming\Azureus
2014-09-25 23:16 - 2009-07-14 19:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-25 23:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-25 23:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-09-25 23:14 - 2011-06-08 01:41 - 00000000 ____D () C:\Users\Duarte\AppData\Roaming\TeamViewer
2014-09-25 09:31 - 2010-09-05 13:14 - 00000000 ____D () C:\Users\Duarte\Tracing
2014-09-25 09:31 - 2010-04-01 06:01 - 00000000 ____D () C:\Windows\Panther
2014-09-23 17:08 - 2012-02-02 23:58 - 00001056 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2600478130-2163005085-2260933331-1001UA.job
2014-09-23 04:24 - 2010-09-12 21:46 - 00000000 ___RD () C:\Users\Duarte\Desktop\Programas
2014-09-23 01:47 - 2012-09-11 21:45 - 00000000 ____D () C:\ProgramData\Origin
2014-09-22 23:08 - 2012-02-02 23:58 - 00001034 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2600478130-2163005085-2260933331-1001Core.job
2014-09-22 22:26 - 2010-09-05 12:38 - 00000970 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2600478130-2163005085-2260933331-1001Core.job
2014-09-22 19:24 - 2011-06-06 14:28 - 00000000 ____D () C:\Users\Duarte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-22 14:57 - 2012-09-11 22:01 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-22 07:42 - 2011-11-30 13:02 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 20:51 - 2012-03-22 09:33 - 00000000 ____D () C:\Users\Duarte\Desktop\Jogos
2014-09-21 20:49 - 2010-04-01 07:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-21 20:45 - 2013-08-26 18:58 - 00000000 ____D () C:\Casino
2014-09-21 20:37 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-21 17:23 - 2010-09-05 17:47 - 00000000 ____D () C:\Users\Duarte\Desktop\EU
2014-09-20 12:34 - 2012-01-19 21:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-20 11:38 - 2010-10-11 23:11 - 00023441 _____ () C:\ProgramData\hpzinstall.log
2014-09-20 11:25 - 2012-12-12 00:04 - 00000000 ____D () C:\Users\Duarte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-20 11:25 - 2012-12-11 19:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-19 20:31 - 2009-07-14 18:58 - 00802834 _____ () C:\Windows\system32\prfh0816.dat
2014-09-19 20:31 - 2009-07-14 18:58 - 00180550 _____ () C:\Windows\system32\prfc0816.dat
2014-09-19 20:31 - 2009-07-14 06:13 - 01878534 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-19 14:12 - 2013-06-07 16:28 - 00000000 ____D () C:\Users\Duarte\AppData\Roaming\Nitro PDF
2014-09-13 12:08 - 2012-08-14 11:19 - 00000000 ____D () C:\Users\Duarte\Documents\CAPCOM
2014-09-13 12:03 - 2013-03-24 01:54 - 00243295 _____ () C:\Windows\DirectX.log
2014-09-12 18:59 - 2013-08-18 23:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-10 21:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-09-10 17:04 - 2013-08-16 02:41 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-09-10 17:04 - 2010-04-29 18:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 17:03 - 2013-08-16 02:38 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-10 17:03 - 2013-08-16 02:38 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 17:03 - 2013-08-16 02:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-10 17:02 - 2013-07-14 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 16:54 - 2010-09-08 12:10 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 22:04 - 2012-03-22 09:34 - 00000000 ____D () C:\Users\Duarte\Desktop\Vários
2014-08-28 17:29 - 2012-08-14 02:25 - 00000000 ____D () C:\Users\Duarte\AppData\Roaming\Skype
2014-08-28 15:24 - 2013-02-12 00:57 - 00000000 ____D () C:\Users\Duarte\Desktop\Bearded Dragon
2014-08-28 14:01 - 2009-07-14 05:45 - 00456176 _____ () C:\Windows\system32\FNTCACHE.DAT
 
Some content of TEMP:
====================
C:\Users\Duarte\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdzjbbr.dll
C:\Users\Duarte\AppData\Local\Temp\i4jdel0.exe
C:\Users\Duarte\AppData\Local\Temp\i4jdel1.exe
C:\Users\Duarte\AppData\Local\Temp\i4jdel2.exe
C:\Users\Duarte\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Duarte\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Duarte\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Duarte\AppData\Local\Temp\PCSpeedMaximizer_new.exe
C:\Users\Duarte\AppData\Local\Temp\Quarantine.exe
C:\Users\Duarte\AppData\Local\Temp\SRLDetectionLibrary4299812364852154402.dll
C:\Users\Duarte\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Duarte\AppData\Local\Temp\System.Data.SQLite51264.dll
C:\Users\Duarte\AppData\Local\Temp\System.Data.SQLite60632.dll
C:\Users\Duarte\AppData\Local\Temp\System.Data.SQLite80320.dll
C:\Users\Duarte\AppData\Local\Temp\System.Data.SQLite86222.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-16 15:15
 
==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Try to boot to normal mode, then continue:

 

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

 

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

 

 


  •  

     


  • Double-click on the Rkill desktop icon to run the tool.

     

     


  • If using Vista or Windows 7/8, right-click on it and Run As Administrator.

     

     


  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

     

     


  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.

     

     


  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.

     

     


  • If the tool does not run from any of the links provided, please let me know.

     

     



 

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Kevin...

 

 

Fixlist.txt

Link to post
Share on other sites

Malware did not find anything...here is the log:

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 26-09-2014

Scan Time: 11:41:03

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.26.04

Rootkit Database: v2014.09.19.01

License: Trial

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Duarte

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 370808

Time Elapsed: 21 min, 37 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Fixlist.txt

Link to post
Share on other sites

Yes no fix was done, it was only to check a specific registry key. Key is good, so no issue found....

 

Do you have a USB memory stick (flash drive) i`d like you to run FRST via the recovery environment to look at the system outside of windows.... Can you do this:

 

Please download Farbar Recovery Scan Tool from here:                                                                  

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Plug the flash drive into the infected PC.

 

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

 

If you are using Vista or Windows 7 enter System Recovery Options.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options I give two methods, use whichever is convenient for you.

 

To enter System Recovery Options from the Advanced Boot Options:


Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

 

To enter System Recovery Options by using Windows installation disc:


Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

 

On the System Recovery Options menu you may get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

 


Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

Thanks,

 

Kevin..

Link to post
Share on other sites

Really depends if your system is infected and what with, up to now system appears to be clean....

 

Save the attached file fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the log.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

When the above completes see if your system will boot to normal mode...

Fixlist.txt

Link to post
Share on other sites

Thanks for the update and the log, We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

 

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the following options are checked:
 
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
 
Select "Change" next to Current scan targets A new window will open, select any extra drives, Flash drives etc as required.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Cheers,

 

Kevin...

Link to post
Share on other sites

Ok, thanks.... :)

 

So, it found sone threats, here is the log:

 

C:\FRST\Quarantine\C\Users\Duarte\AppData\Local\Temp\PCSpeedMaximizer_new.exe.xBAD a variant of Win32/SpeedingUpMyPC application
C:\Users\Duarte\Downloads\genie14_setup_14.3.1_b418\genie14_setup_14.3.1_b418.exe Win32/Somoto.E potentially unwanted application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Link to post
Share on other sites

Only the second item on the list needs attention, you can delete that item from the "Downloads" folder..

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if there are any remaining issues or concerns, if non are we ok to close out....

 

Regards,

 

Kevin...

Link to post
Share on other sites

Only the second item on the list needs attention, you can delete that item from the "Downloads" folder..

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

  •    

  • Activate UAC

       

  • Remove disinfection tools

       

  • Create registry backup

       

  • Purge System Restore

       

  • Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if there are any remaining issues or concerns, if non are we ok to close out....

 

Regards,

 

Kevin...

Something really strange happened! The minute I reconnect my laptop to the Ethernet cable (where it was connected to when it all happened) it froze! I restarted it and I now I get this message "error saving file (...) RegCreateKeyEx: 5 access denied"

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.