93.170.123.36 keeps popping up

[sebseb]

So after trying to visit a trusted website that sells tyres, Malware Bytes blocked it. Ok, so far so good, only that now I get a pop-up every 10-15 seconds that Malware bytes blocked this ip adress 93.170.123.36, type outbound, from a different port every time. The process is in svchost.exe. 
The thing is AVG antivirus, Kaspersky online scan, Malware Bytes, Malware Root-kit, Bitdefender online scan, did not manage to find any type of virus or malware on my laptop and the thing keeps popping up. 

[sebseb]

Remembered one thing, after Malware Bytes blocked the website, my wireless router disconnected and connected back and after that the popups started.

[kevinf80]

Hello and welcome to Malwarebytes.org

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Next,

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.

• On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
• Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• With some infections, you may or may not see this message box.
  
          'Could not load DDA driver'
• Click 'Yes' to this message, to allow the driver to load after a restart.
• Allow the computer to restart. Continue with the rest of these instructions.
• When the scan is complete, click Apply Actions.
• Wait for the prompt to restart the computer to appear, then click on Yes.
• After the restart once you are back at your desktop, open MBAM once more.
  

To get the log from Malwarebytes do the following:

• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click Export > From export you have three options:
  
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
• Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
  

If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

• Double-click mbam-setup and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish. Follow the instructions above....
  

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
• Post back the report which should also be located here:
  

C:\Programdata\RogueKiller\Logs <-------- W7/8
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP


Let me see those logs in your reply....

Thank you,

Kevin...
 

[sebseb]

so this are my Twilight Zone reports
I don't seem to find the add file button and I don't know how to open the rogue killer report, but I did export it in txt format, so here they are
 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 21-Aug-15

Scan Time: 11:30 PM

Logfile: malware bytes scan.txt

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.08.21.09

Rootkit Database: v2015.08.16.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: sebseb

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 408557

Time Elapsed: 17 min, 49 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Deep Rootkit Scan: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-08-2015 02

Ran by sebseb (administrator) on SAMOYED (22-08-2015 00:20:45)

Running from C:\Users\sebseb\Desktop

Loaded Profiles: sebseb (Available Profiles: sebseb)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe

(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-20] (TOSHIBA Corporation)

HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-20] ()

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-11] (Synaptics Incorporated)

HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)

HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)

HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-10] (TOSHIBA Corporation)

HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)

HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-27] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780520 2015-07-31] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [smartBillSys] => "C:\Smart Bill Standard 2014\Smart Bill Standard.exe" /s

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)

HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd)

HKLM-x32\...\Run: [ACPW05EN] => C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe [822384 2011-11-17] (ACD Systems)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKU\S-1-5-21-145485975-1998042031-899343709-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)

HKU\S-1-5-21-145485975-1998042031-899343709-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)

HKU\S-1-5-21-145485975-1998042031-899343709-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [328568 2015-03-04] (BitTorrent, Inc.)

HKU\S-1-5-21-145485975-1998042031-899343709-1000\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-145485975-1998042031-899343709-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-145485975-1998042031-899343709-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

SearchScopes: HKU\S-1-5-21-145485975-1998042031-899343709-1000 -> DefaultScope {02CA8B96-86C9-4DA4-ADDE-5406533F7520} URL = hxxps://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-145485975-1998042031-899343709-1000 -> {02CA8B96-86C9-4DA4-ADDE-5406533F7520} URL = hxxps://www.google.com/search?q={searchTerms}

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-03] (Oracle Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-03] (Oracle Corporation)

DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 93.170.123.36 8.8.8.8

Tcpip\..\Interfaces\{1B57B31B-F51E-4EA6-A472-101DA28592E8}: [DhcpNameServer] 93.170.123.36 8.8.8.8

Tcpip\..\Interfaces\{68B43A52-0EC0-4FDD-8619-D1E4090964DD}: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-03] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-03] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

 

Chrome: 

=======

CHR Profile: C:\Users\sebseb\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\sebseb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-03]

CHR Extension: (Google Docs) - C:\Users\sebseb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-03]

CHR Extension: (Google Drive) - C:\Users\sebseb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-03]

CHR Extension: (YouTube) - C:\Users\sebseb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-03]

CHR Extension: (Google Search) - C:\Users\sebseb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-03]

CHR Extension: (Canadian Wood Theme) - C:\Users\sebseb\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgkdanlgpiliplalikekhmhfgmmbhbg [2015-03-03]

CHR Extension: (Google Sheets) - C:\Users\sebseb\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-03]

CHR Extension: (AdBlock) - C:\Users\sebseb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-03]

CHR Extension: (Chrome Web Store Payments) - C:\Users\sebseb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]

CHR Extension: (Bitdefender QuickScan) - C:\Users\sebseb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-03-04]

CHR Extension: (Gmail) - C:\Users\sebseb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-03]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3633576 2015-07-31] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-07-31] (AVG Technologies CZ, s.r.o.)

S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)

R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed]

S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-08-16] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-21] (Microsoft Corporation)

R5 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2014-08-16] (Advanced Micro Devices)

R5 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-14] (Microsoft Corporation)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-07-28] (AVG Technologies CZ, s.r.o.)

R5 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)

R5 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)

R5 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [245680 2015-07-28] (AVG Technologies CZ, s.r.o.)

R5 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)

R5 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] (Microsoft Corporation)

R5 CNG; C:\Windows\System32\Drivers\cng.sys [458712 2014-08-16] (Microsoft Corporation)

R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.)

R5 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-14] (Microsoft Corporation)

R5 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-14] (Microsoft Corporation)

R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] (Microsoft Corporation)

R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-21] (Microsoft Corporation)

U5 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2014-08-16] (Microsoft Corporation)

R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2014-08-16] (Microsoft Corporation)

R5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-21] (Microsoft Corporation)

R5 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [538136 2010-01-15] (Intel Corporation)

R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2014-08-16] (Microsoft Corporation)

R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155072 2014-08-16] (Microsoft Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-21] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)

R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] (Microsoft Corporation)

R5 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-21] (Microsoft Corporation)

R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] (Microsoft Corporation)

R5 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] (Microsoft Corporation)

R5 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2014-08-16] (Microsoft Corporation)

R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2014-08-16] (Microsoft Corporation)

R5 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] (Microsoft Corporation)

R5 pciide; C:\Windows\System32\DRIVERS\pciide.sys [12352 2009-07-14] (Microsoft Corporation)

R5 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] (Microsoft Corporation)

R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] (Microsoft Corporation)

R5 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] (Microsoft Corporation)

R5 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2015-03-04] (Duplex Secure Ltd.)

R5 storflt; C:\Windows\System32\drivers\vmstorfl.sys [46464 2010-11-21] (Microsoft Corporation)

R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-08-16] (Microsoft Corporation)

R5 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [26840 2009-07-15] (TOSHIBA Corporation)

R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] (Microsoft Corporation)

R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] (Microsoft Corporation)

R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Microsoft Corporation)

R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-21] (Microsoft Corporation)

R5 Wd; C:\Windows\System32\drivers\wd.sys [21056 2009-07-14] (Microsoft Corporation)

R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2014-08-16] (Microsoft Corporation)

U3 ac5s1ojp; C:\Windows\System32\Drivers\ac5s1ojp.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-08-22 00:20 - 2015-08-22 00:21 - 00020555 _____ C:\Users\sebseb\Desktop\FRST.txt

2015-08-22 00:19 - 2015-08-22 00:19 - 02173952 _____ (Farbar) C:\Users\sebseb\Desktop\FRST64.exe

2015-08-22 00:19 - 2015-08-22 00:19 - 00001097 _____ C:\Users\sebseb\Desktop\malware bytes scan.txt

2015-08-21 22:18 - 2015-08-21 22:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-08-21 22:17 - 2015-08-21 22:17 - 00000000 ____D C:\program files new

2015-08-21 22:15 - 2015-08-21 22:16 - 16563304 _____ (Malwarebytes Corp.) C:\Users\sebseb\Downloads\mbar-1.09.2.1008.exe

2015-08-21 22:13 - 2015-08-21 22:14 - 00026357 _____ C:\Users\sebseb\Downloads\Addition.txt

2015-08-21 22:11 - 2015-08-22 00:20 - 00000000 ____D C:\FRST

2015-08-21 22:11 - 2015-08-21 22:14 - 00027574 _____ C:\Users\sebseb\Downloads\FRST.txt

2015-08-21 20:36 - 2015-08-21 20:36 - 00001055 _____ C:\Users\Public\Desktop\Kaspersky Security Scan.lnk

2015-08-21 20:36 - 2015-08-21 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan

2015-08-21 20:36 - 2015-08-21 20:36 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2015-08-21 20:36 - 2015-08-21 20:36 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab

2015-08-21 19:20 - 2015-08-21 19:20 - 00891741 _____ C:\Users\sebseb\Downloads\a1Y1Gwb_460sv.mp4

2015-08-20 02:01 - 2015-08-20 02:01 - 00000000 ____D C:\Users\sebseb\Downloads\Darling Violetta

2015-08-20 01:05 - 2015-08-20 18:16 - 00000000 ____D C:\Users\sebseb\Desktop\920

2015-08-18 23:34 - 2015-08-18 23:34 - 00000000 ____D C:\Users\sebseb\Desktop\hachiman

2015-08-10 18:40 - 2015-08-10 18:41 - 00000000 ____D C:\Users\sebseb\Desktop\derp

2015-08-09 23:35 - 2015-08-09 23:35 - 00945342 _____ C:\Users\sebseb\Downloads\anB4wYB_460sv.mp4

2015-08-07 21:59 - 2015-08-07 21:59 - 00771481 _____ C:\Users\sebseb\Downloads\23016390

2015-08-06 22:27 - 2015-08-06 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone

2015-08-06 22:27 - 2015-08-06 22:27 - 00000000 ____D C:\Program Files (x86)\Windows Phone

2015-08-06 22:23 - 2015-08-06 22:23 - 06745792 _____ (Microsoft Corporation) C:\Users\sebseb\Downloads\WindowsPhone (1).exe

2015-08-06 22:16 - 2015-08-06 22:16 - 00772430 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2015-08-06 22:07 - 2015-08-06 22:07 - 06745792 _____ (Microsoft Corporation) C:\Users\sebseb\Downloads\WindowsPhone.exe

2015-08-06 22:07 - 2015-08-06 22:07 - 00889416 _____ (Microsoft Corporation) C:\Users\sebseb\Downloads\dotNetFx40_Full_setup.exe

2015-08-06 22:07 - 2015-08-06 22:07 - 00000000 ____D C:\ProgramData\Applications

2015-08-06 19:11 - 2015-08-21 22:16 - 00000000 ____D C:\Users\sebseb\Desktop\New folder

2015-08-04 16:13 - 2015-08-04 16:13 - 00721613 _____ C:\Users\sebseb\Downloads\aXXjVPP_460sv.mp4

2015-08-02 15:17 - 2015-08-04 15:57 - 00000965 _____ C:\Users\Public\Desktop\AVG 2015.lnk

2015-07-31 16:11 - 2015-07-31 16:11 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7AE925BA.sys

2015-07-28 11:02 - 2015-07-28 11:02 - 00312752 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys

2015-07-28 11:01 - 2015-07-28 11:01 - 00245680 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys

2015-07-27 18:05 - 2015-07-27 18:05 - 00395784 _____ C:\Users\sebseb\Downloads\aOmrgnv_460sv.mp4

2015-07-26 00:44 - 2015-07-26 00:44 - 00345880 _____ C:\Users\sebseb\Downloads\a4LGOB1_460sv.mp4

2015-07-25 17:47 - 2015-08-18 15:43 - 00000000 ____D C:\Users\sebseb\Desktop\proiect oliver

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-08-21 23:48 - 2015-03-03 12:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-08-21 23:30 - 2015-03-03 12:18 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-08-21 23:26 - 2015-03-04 11:58 - 00000000 ____D C:\Users\sebseb\AppData\Roaming\uTorrent

2015-08-21 23:20 - 2015-03-03 10:15 - 01819381 _____ C:\Windows\WindowsUpdate.log

2015-08-21 22:17 - 2015-03-03 12:13 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-08-21 22:00 - 2009-07-14 07:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-08-21 22:00 - 2009-07-14 07:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-08-21 21:54 - 2015-03-20 21:00 - 00000000 ____D C:\Program Files (x86)\Steam

2015-08-21 21:53 - 2015-03-03 12:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-08-21 21:52 - 2015-03-05 21:36 - 00030924 _____ C:\Windows\setupact.log

2015-08-21 21:52 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-08-21 20:44 - 2015-03-04 02:30 - 00000000 ____D C:\Users\sebseb\AppData\Roaming\QuickScan

2015-08-21 15:51 - 2015-03-03 12:03 - 00000000 ____D C:\ProgramData\MFAData

2015-08-21 15:46 - 2009-07-14 07:45 - 05037928 _____ C:\Windows\system32\FNTCACHE.DAT

2015-08-13 14:59 - 2015-03-12 03:25 - 00000000 ____D C:\Windows\system32\MRT

2015-08-13 14:52 - 2015-03-03 10:20 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-08-10 19:34 - 2015-05-09 14:52 - 00000000 ___HD C:\Users\sebseb\Desktop\[Originals]

2015-08-06 22:16 - 2009-07-14 08:13 - 00772430 _____ C:\Windows\system32\PerfStringBackup.INI

2015-08-04 15:57 - 2015-03-03 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2015-08-02 15:20 - 2015-04-26 01:14 - 00002370 _____ C:\Windows\PFRO.log

2015-07-31 17:43 - 2015-03-16 18:37 - 00000000 ____D C:\Users\sebseb\Downloads\Outlook.com

 

Some files in TEMP:

====================

C:\Users\sebseb\AppData\Local\Temp\Actualizare Smart Bill Standard 2539794953251104561.exe

C:\Users\sebseb\AppData\Local\Temp\AVG.exe

C:\Users\sebseb\AppData\Local\Temp\ose00000.exe

C:\Users\sebseb\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\sebseb\AppData\Local\Temp\uttCCB1.tmp.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

nointegritychecks: ==> "IntegrityChecks" is disabled. <===== ATTENTION

 

 

LastRegBack: 2015-08-13 21:15

 

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-08-2015 02

Ran by sebseb (2015-08-22 00:21:30)

Running from C:\Users\sebseb\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-145485975-1998042031-899343709-500 - Administrator - Disabled)

Guest (S-1-5-21-145485975-1998042031-899343709-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-145485975-1998042031-899343709-1002 - Limited - Enabled)

sebseb (S-1-5-21-145485975-1998042031-899343709-1000 - Administrator - Enabled) => C:\Users\sebseb

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.4 - )

µTorrent (HKU\S-1-5-21-145485975-1998042031-899343709-1000\...\uTorrent) (Version: 3.4.3.40097 - BitTorrent Inc.)

ACDSee Pro 5 (HKLM-x32\...\{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}) (Version: 5.3.168 - ACD Systems International Inc.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.12) - Romanian (HKLM-x32\...\{AC76BA86-7AD7-1048-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)

ATI Catalyst Install Manager (HKLM\...\{61D4B846-49F8-2639-A4EB-977875265F37}) (Version: 3.0.769.0 - ATI Technologies, Inc.)

AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6125 - AVG Technologies)

AVG 2015 (Version: 15.0.4401 - AVG Technologies) Hidden

AVG 2015 (Version: 15.0.6125 - AVG Technologies) Hidden

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.67.1076 - AB Team, d.o.o.)

ccc-core-static (x32 Version: 2010.0426.2136.36953 - ATI) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)

Conexant Audio Driver For AMD HDMI Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.26.0 - Conexant)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)

DFX for Winamp (HKLM-x32\...\DFX for Winamp) (Version: 9.103.0.0 - Power Technology)

Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)

Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden

Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)

Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)

Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.740 - Kaspersky Lab)

Kaspersky Security Scan (x32 Version: 15.0.0.740 - Kaspersky Lab) Hidden

League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)

League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden

Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Games for Windows - LIVE (HKLM-x32\...\{B45FABE7-D101-4D99-A671-E16DA40AF7F0}) (Version: 3.0.86.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{B578C85A-A84C-4230-A177-C5B2AF565B8C}) (Version: 3.0.17.0 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)

Mozilla Thunderbird 24.6.0 (x86 ro) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 ro)) (Version: 24.6.0 - Mozilla)

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)

Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)

Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)

Smart Bill Standard 2014 (HKLM-x32\...\Smart Bill Standard) (Version: 2.0.2 - Intelligent IT)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)

Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)

TOSHIBA ConfigFree (HKLM-x32\...\{E0FAA369-B0E3-48B8-9447-4873103B0012}) (Version: 8.0.34 - TOSHIBA CORPORATION)

TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)

TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)

TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)

TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)

TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)

Winamp Detector Plug-in (HKU\S-1-5-21-145485975-1998042031-899343709-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)

WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Restore Points =========================

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {107CD789-D0FC-41B0-98FA-E8653AB975D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)

Task: {14D576B5-371F-4009-B3A3-4BE3B17025B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-03] (Google Inc.)

Task: {69CA6C37-1533-4BFA-A573-97B410C11160} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-06-04] (TOSHIBA CORPORATION)

Task: {9AD4BC67-2D55-4417-BDB5-2F99BE8B77A8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

Task: {D6864AEB-4256-4208-8A2B-53B5FDCF3266} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe [2015-02-17] ()

Task: {FBDA8699-00BA-411F-97D2-C99B52E29C4C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-03] (Google Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\0215avUpdateInfo.job => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2010-04-08 03:07 - 2010-04-08 03:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll

2009-11-04 00:26 - 2009-11-04 00:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll

2010-03-04 01:15 - 2010-03-04 01:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll

2010-03-04 01:15 - 2010-03-04 01:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll

2015-03-03 10:28 - 2009-06-23 01:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll

2009-03-13 06:08 - 2009-03-13 06:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll

2009-10-13 21:00 - 2009-10-13 21:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2015-03-03 10:39 - 2015-03-03 10:39 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2015-06-03 13:44 - 2015-06-03 13:44 - 00315648 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll

2015-06-03 13:50 - 2015-06-03 13:50 - 00267264 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\webcore.dll

2015-06-03 13:50 - 2015-06-03 13:50 - 41268224 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libcef.dll

2015-06-03 13:50 - 2015-06-03 13:50 - 01402368 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libglesv2.dll

2015-06-03 13:50 - 2015-06-03 13:50 - 00212992 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libegl.dll

2015-03-20 21:02 - 2015-07-03 19:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2015-03-20 21:02 - 2015-07-03 19:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll

2015-03-20 21:02 - 2015-07-03 19:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll

2015-03-20 21:02 - 2015-07-03 19:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll

2015-03-20 21:02 - 2015-08-19 23:39 - 02413248 _____ () C:\Program Files (x86)\Steam\video.dll

2015-03-20 21:02 - 2014-12-02 00:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2015-03-20 21:02 - 2014-12-02 00:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2015-03-20 21:02 - 2014-12-02 00:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2015-03-20 21:02 - 2014-12-02 00:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2015-03-20 21:02 - 2014-12-02 00:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2015-03-20 21:02 - 2015-08-19 23:39 - 00704192 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2015-07-22 16:48 - 2015-07-27 04:13 - 00171008 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll

2015-03-20 21:02 - 2015-07-03 19:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2015-08-21 15:49 - 2015-08-18 08:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll

2015-08-21 15:49 - 2015-08-18 08:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-145485975-1998042031-899343709-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\sebseb\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 93.170.123.36 - 8.8.8.8

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [TCP Query User{9713D1F2-AF42-4905-92F8-1D3458C0582F}C:\smart bill standard 2014\libj\launch4j-tmp\smart bill standard.exe] => (Allow) C:\smart bill standard 2014\libj\launch4j-tmp\smart bill standard.exe

FirewallRules: [uDP Query User{18C886F6-985C-4BD5-BE94-B26A0431008A}C:\smart bill standard 2014\libj\launch4j-tmp\smart bill standard.exe] => (Allow) C:\smart bill standard 2014\libj\launch4j-tmp\smart bill standard.exe

FirewallRules: [{8D5E76F5-1634-4B6D-A869-9AFDFA33AE0C}] => (Allow) C:\Smart Bill Standard 2014\libj\launch4j-tmp\Smart Bill Standard.exe

FirewallRules: [TCP Query User{0FB143E0-E03C-45DD-8758-CD1B3FE94EC9}C:\smart bill standard 2015\libj\launch4j-tmp\smart bill standard.exe] => (Allow) C:\smart bill standard 2015\libj\launch4j-tmp\smart bill standard.exe

FirewallRules: [uDP Query User{9692EEA5-A740-4273-A8ED-19A88355CB88}C:\smart bill standard 2015\libj\launch4j-tmp\smart bill standard.exe] => (Allow) C:\smart bill standard 2015\libj\launch4j-tmp\smart bill standard.exe

FirewallRules: [{26205FFD-921F-4007-B40A-07433B39B4B7}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe

FirewallRules: [{4C6F40C7-CAD0-455F-8B0D-16FA1D6A659C}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe

FirewallRules: [TCP Query User{8C50F038-86D9-4736-83E3-0A9DECA246C1}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe

FirewallRules: [uDP Query User{2FE5FF0B-C46E-4C22-94A0-F13EA9DF5565}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe

FirewallRules: [{663DAA57-AF0E-4A85-82D1-CBAACAB64468}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{0D66D07B-1F93-443D-AC30-8605D8B050DC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{41372711-6C77-4241-968E-A4A45E79A709}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{1979ECAF-F6F2-4B2B-A600-4C3B3CA5C211}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{0792E106-8B5F-40F7-B03B-ACAF37EAB88A}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{7DE95AA9-6C0E-43DF-AC75-D4CEF1BE5B72}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{C3BFEA85-8068-4496-92A9-FE6209FBA12F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{831E9EE1-3CEC-457A-A5B9-7A84A4521CC0}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe

FirewallRules: [uDP Query User{EF2F94A3-64B6-49DF-BED3-6D5DFEB27317}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe

FirewallRules: [{D6FAAAFA-C15D-4A62-9C6C-35F6FB06F774}] => (Allow) D:\Program Files (x86)\battlenet\Battle.net\Battle.net.exe

FirewallRules: [{3D175A2E-24FC-4A13-A257-76518969A476}] => (Allow) D:\Program Files (x86)\battlenet\Battle.net\Battle.net.exe

FirewallRules: [TCP Query User{E56531BC-BAEC-41C5-A402-8D40EC3168DF}D:\games (x86)\heroes of the storm\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) D:\games (x86)\heroes of the storm\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe

FirewallRules: [uDP Query User{638F06E3-5A7A-48B4-93A0-D9936A987545}D:\games (x86)\heroes of the storm\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) D:\games (x86)\heroes of the storm\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe

FirewallRules: [{5F99DF7B-107C-492D-975E-A5990F839D6D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{35ADD663-943C-4CFD-8AE8-90A8C6F2AE03}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{CC119F7B-17D2-451B-9298-4C8EC6BB4C50}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

FirewallRules: [{4BCAED69-7F80-46F5-B02F-478168C03102}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

FirewallRules: [{FE6E1152-01F5-4541-BA72-6653D10CBEB7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{267A6339-C9E5-4BDD-8271-215DA0CA80EF}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{F6EE0269-F47D-4ADF-AC15-6EB8386165CB}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

FirewallRules: [{C1E54E9A-36CB-4BC5-8B79-A3CECFF7EFCC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

FirewallRules: [{896841F7-2AA1-46BC-B726-26BB77E6D5C7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/21/2015 09:54:02 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/21/2015 03:48:06 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/20/2015 03:45:06 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/19/2015 05:21:35 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/18/2015 03:14:29 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/17/2015 04:15:12 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/16/2015 01:28:49 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/15/2015 02:33:56 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/14/2015 06:49:18 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/13/2015 02:46:36 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (08/21/2015 09:55:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Steam Client Service service failed to start due to the following error: 

%%1053

 

Error: (08/21/2015 09:55:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

 

Error: (08/21/2015 08:36:13 PM) (Source: volsnap) (EventID: 36) (User: )

Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

 

Error: (08/21/2015 04:26:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

 

Error: (08/20/2015 04:48:35 PM) (Source: volsnap) (EventID: 36) (User: )

Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

 

Error: (08/19/2015 01:54:52 AM) (Source: volsnap) (EventID: 36) (User: )

Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

 

Error: (08/17/2015 10:03:43 PM) (Source: volsnap) (EventID: 36) (User: )

Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

 

Error: (08/16/2015 11:04:28 PM) (Source: volsnap) (EventID: 36) (User: )

Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

 

Error: (08/15/2015 08:50:38 PM) (Source: volsnap) (EventID: 36) (User: )

Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

 

Error: (08/15/2015 03:41:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

 

 

Microsoft Office:

=========================

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5 CPU M 450 @ 2.40GHz

Percentage of memory in use: 78%

Total physical RAM: 3957.86 MB

Available physical RAM: 844.26 MB

Total Virtual: 7913.9 MB

Available Virtual: 3918 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:34.08 GB) (Free:3.45 GB) NTFS

Drive d: () (Fixed) (Total:263.91 GB) (Free:24.23 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 18938AD1)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=34.1 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=263.9 GB) - (Type=07 NTFS)

 

==================== End of log ============================

RogueKiller V10.10.1.0 [Aug 17 2015] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : sebseb [Administrator]

Started from : C:\Users\sebseb\Desktop\RogueKiller.exe

Mode : Scan -- Date : 08/22/2015 00:46:00

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 6 ¤¤¤

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 93.170.123.36 8.8.8.8 ([CZ][-])  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 93.170.123.36 8.8.8.8 ([CZ][-])  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 93.170.123.36 8.8.8.8 ([CZ][-])  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1B57B31B-F51E-4EA6-A472-101DA28592E8} | DhcpNameServer : 93.170.123.36 8.8.8.8 ([CZ][-])  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1B57B31B-F51E-4EA6-A472-101DA28592E8} | DhcpNameServer : 93.170.123.36 8.8.8.8 ([CZ][-])  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1B57B31B-F51E-4EA6-A472-101DA28592E8} | DhcpNameServer : 93.170.123.36 8.8.8.8 ([CZ][-])  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++

--- User ---

[MBR] 481350206ee1861da549dcf8cd7cc011

[bSP] 7707e08fd20096851f6401b0d00bd206 : Windows Vista/7/8|VT.Unknown MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 34899 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 71680000 | Size: 270244 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

User = LL2 ... OK

[sebseb]

found the button 

Addition.txt

FRST.txt

malware bytes scan.txt

rogue killer.txt

[sebseb]

And this is the daily protection log

daily log.txt

[kevinf80]

Double-click RogueKiller.exe to run again. (Vista/7/8 right-click and select Run as Administrator)

When "initializing/pre-scan” completes  press the Scan button, this may take a few minutes to complete.

When the scan completes open the Registry tab and locate the following detections:


[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 93.170.123.36 8.8.8.8 ([CZ][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 93.170.123.36 8.8.8.8 ([CZ][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 93.170.123.36 8.8.8.8 ([CZ][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1B57B31B-F51E-4EA6-A472-101DA28592E8} | DhcpNameServer : 93.170.123.36 8.8.8.8 ([CZ][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1B57B31B-F51E-4EA6-A472-101DA28592E8} | DhcpNameServer : 93.170.123.36 8.8.8.8 ([CZ][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1B57B31B-F51E-4EA6-A472-101DA28592E8} | DhcpNameServer : 93.170.123.36 8.8.8.8 ([CZ][-])  -> Found

Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked.

Hit the Delete button, when complete select "Report" post that log...

 

Next,

 

Reset your Router, use the instructions from the feollowing link:

 

http://setuprouter.com/networking/how-to-reset-your-router/

 

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....
 

Thanks,

 

Kevin....

[sebseb]

here they are

Addition.txt

FRST.txt

rogue killer new.txt

[kevinf80]

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Please open Malwarebytes Anti-Malware.

• On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
• Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• With some infections, you may or may not see this message box.
  
          'Could not load DDA driver'
• Click 'Yes' to this message, to allow the driver to load after a restart.
• Allow the computer to restart. Continue with the rest of these instructions.
• When the scan is complete, click Apply Actions.
• Wait for the prompt to restart the computer to appear, then click on Yes.
• After the restart once you are back at your desktop, open MBAM once more.
  

To get the log from Malwarebytes do the following:

• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click Export > From export you have three options:
  
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
• Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
  

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

• Double click on Adwcleaner.exe to run the tool.
• Click on the Scan in the Actions box
• Please wait fot the scan to finish..
• When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
• Click on the Cleaning box.
• Next click OK on the "Closing Programs" pop up box.
• Click OK on the Information box & again OK to allow the necessary reboot
• After restart the AdwCleaner(C2)-Notepad log will appear, please copy/paste it in your next reply.
  

Next,
 
Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts. (re-enable when done)
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.
  

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Post those logs, also let me know if any remaining issues or concerns.....

 

Thank you,

 

Kevin.


 

Fixlist.txt

[sebseb]

# AdwCleaner v5.003 - Logfile created 22/08/2015 at 18:52:07

# Updated 20/08/2015 by Xplode

# Database : 2015-08-20.1 [server]

# Operating system : Windows 7 Ultimate Service Pack 1 (x64)

# Username : sebseb - SAMOYED

# Running from : C:\Users\sebseb\Desktop\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\ProgramData\Avg_Update_0215av

 

***** [ Files ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

[-] Task Deleted : 0215avUpdateInfo

[-] Task Deleted : 0215avUpdateInfo

 

***** [ Registry ] *****

 

[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update

[-] Key Deleted : HKCU\Software\Conduit

[-] Key Deleted : HKCU\Software\Avg Secure Update

[!] Key Not Deleted : [x64] HKCU\Software\Conduit

[!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update

 

***** [ Web browsers ] *****

 

 

*************************

 

:: Proxy settings cleared

:: Winsock settings cleared

:: IE policies deleted

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1014 bytes] ##########

[sebseb]

Signatures: 1.195.1215.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 16 15:54:15 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.24, May 2015 (build 5.24.11401.0)

Started On Wed May 13 15:05:48 2015

 

Engine: 1.1.11602.0

Signatures: 1.197.1100.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed May 13 15:11:58 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.25, June 2015 (build 5.25.11502.0)

Started On Wed Jun 10 17:42:30 2015

 

Engine: 1.1.11701.0

Signatures: 1.199.892.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 10 17:50:42 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.26, July 2015 (build 5.26.11604.0)

Started On Sat Jul 18 15:19:02 2015

 

Engine: 1.1.11804.0

Signatures: 1.201.883.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sat Jul 18 15:25:32 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)

Started On Thu Aug 13 14:52:19 2015

 

Engine: 1.1.11903.0

Signatures: 1.203.693.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 13 14:59:52 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.27, August 2015 (build 5.27.11700.0)

Started On Sat Aug 22 19:12:07 2015

 

Engine: 1.1.11903.0

Signatures: 1.203.693.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 22 19:18:32 2015

 

 

Return code: 0 (0x0)

[sebseb]

the final reports

JRT report.txt

JRT.txt

malware bytes new scan (final).txt

[sebseb]

did I mention that Malware Bytes stopped with the notifications?

[kevinf80]

Where is the log from FRST fix? Step one from my last reply...

[sebseb]

 

 

sorry, forgot about that one

Fixlog.txt

[kevinf80]

What is the current status of your system, are there any remaining issues or concerns?

[sebseb]

No, after I deleted the 6 registry entries with rogue killer, the Malware Bytes notifications that the ip 93... stopped. There wasn't any other issue, but this one, that I could see, but I was afraid it would cause some sort of problems in the near future. 

[kevinf80]

Yes you had picked up DNSChanger infection, it is very important that where passwords are needed you change them maybe every week. Also use strong passwords that are not easily cracked... That includes your Router.

 

Also is a good idea to enable Router Firewall if present... Read at following link: http://www.howtogeek.com/122065/htg-explains-i-have-a-router-do-i-need-a-firewall/

 

Read here for password tips: http://windows.microsoft.com/en-gb/windows-vista/tips-for-creating-a-strong-password

 

If issues are cleared run the following to clean up...

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

• 
     
• Remove disinfection tools
     
• Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
     
• Reset system settings
  

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629
 

Thank you,

 

Kevin..

[sebseb]

Thanks a lot!

[kevinf80]

You`re very welcome, take care and surf safe...

 

Kevin....

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!