Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hearing random mouse clicks, and generally slow performance [Solved]

Started by um96 , Jul 02 2014 02:59 PM

  • This topic is locked This topic is locked

#1
um96
Posted 02 July 2014 - 02:59 PM

um96

    New Member

  • Member
  • Pip
  • 6 posts

Since 2 days I have been hearing random mouse clicks while doing absolutely nothing.

Also my computers performance generally has slowed down.

 

Using MBAM Premium (paid) and AVG 2014 (paid) but neither of them have detected any infections.

 

I hope someone can help me figure out where this problem is coming from.

 

------------------------------------------------------------------------------------------------------------------

 

OTL logfile created on: 2-7-2014 22:46:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
3,75 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 30,66% Memory free
7,50 Gb Paging File | 4,15 Gb Available in Paging File | 55,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 260,45 Gb Free Space | 55,93% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-07-02 22:42:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.exe
PRC - [2014-06-05 15:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-06-02 10:17:53 | 002,567,192 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2014-06-02 10:17:53 | 001,808,408 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
PRC - [2014-06-02 10:17:53 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
PRC - [2014-05-18 19:52:47 | 001,516,496 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2014-05-13 14:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014-05-13 14:19:46 | 001,473,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
PRC - [2014-05-13 14:18:32 | 005,181,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014-05-13 14:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014-05-12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014-05-12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014-05-12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014-05-08 10:47:44 | 002,993,376 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe
PRC - [2013-11-21 22:07:24 | 000,022,016 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2013-02-19 22:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-03-26 17:35:16 | 000,449,168 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2009-02-23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-06-05 15:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014-06-05 15:58:37 | 014,612,296 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
MOD - [2014-06-05 15:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014-06-05 15:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014-06-05 15:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014-06-05 15:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014-06-02 10:17:53 | 002,567,192 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2014-06-02 10:17:53 | 001,640,472 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll
MOD - [2014-06-02 10:17:53 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll
MOD - [2014-06-01 11:08:56 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2014-05-24 18:41:24 | 000,892,416 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
MOD - [2014-05-24 18:41:24 | 000,091,648 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
MOD - [2010-01-21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010-01-09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-05-18 20:56:22 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014-05-15 10:40:52 | 000,064,624 | ---- | M] (CyberGhost S.R.L) [Auto | Running] -- C:\Program Files\CyberGhost 5\Service.exe -- (CGVPNCliService)
SRV:64bit: - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014-06-02 10:17:53 | 001,808,408 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe -- (vToolbarUpdater18.1.7)
SRV - [2014-05-13 14:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014-05-13 14:19:46 | 001,473,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe -- (avgfws)
SRV - [2014-05-13 14:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014-05-12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014-05-12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014-05-07 04:27:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-04-03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-11-21 22:07:24 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.4)
SRV - [2013-09-11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013-02-19 22:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-07-02 22:40:52 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014-06-02 10:17:53 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014-05-18 19:52:47 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2014-05-16 14:03:30 | 000,141,600 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2014-05-13 14:20:26 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014-05-13 14:20:06 | 000,273,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014-05-13 14:06:06 | 000,323,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014-05-13 14:05:40 | 000,191,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014-05-13 14:05:08 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014-05-13 14:05:06 | 000,130,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014-05-13 14:04:56 | 000,236,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014-05-13 14:04:30 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014-05-12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014-05-12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014-04-18 06:31:50 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2013-10-02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013-09-26 10:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2013-08-22 14:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012-08-23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-08-23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010-11-21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-08-12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-02-24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2005-03-29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-02-24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 57 77 63 BE 72 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={1B00E1B4-EC41-4984-A73E-5904AC4A4F78}&mid=85453390d0ce47d29236f186760266c2-625d5b56e1897d6790bea2a83e545e9991d0c5ca&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-05-20 09:38:23&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B8f8fe09b-0bd3-4470-bc1b-8cad42b8203a%7D:0.17
FF - prefs.js..extensions.enabledAddons: %7B9c51bd27-6ed8-4000-a2bf-36cb95c0c947%7D:11.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Fiddler2\FiddlerHook [2014-06-06 21:45:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014-06-08 00:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2014-06-08 00:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\aityad3w.default\extensions
[2014-06-08 00:08:29 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\aityad3w.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2014-06-08 00:13:53 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\aityad3w.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2014-06-08 00:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014-06-08 00:06:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: [ history, homepage, nativeMessaging, startupPages, tabs ]
CHR - homepage: [ browsingData, cookies, history, management, nativeMessaging, tabs, unlimitedStorage, webNavigation, webRequest, webRequestBlocking, webRequestInternal, homepage, startupPages ]
CHR - homepage: http://mysearch.avg.com?cid={1B00E1B4-EC41-4984-A73E-5904AC4A4F78}&mid=85453390d0ce47d29236f186760266c2-625d5b56e1897d6790bea2a83e545e9991d0c5ca&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-05-20 09:38:23&v=18.1.5.512&pid=safeguard&sg=&sap=hp
CHR - homepage: http://mysearch.avg.com?cid={1B00E1B4-EC41-4984-A73E-5904AC4A4F78}&mid=85453390d0ce47d29236f186760266c2-625d5b56e1897d6790bea2a83e545e9991d0c5ca&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-05-20 09:38:23&v=18.1.7.598&pid=safeguard&sg=&sap=hp
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: Google Search = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Cryptocat = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gonbigodpnfghidmnphnadhepmbabhij\2.2.2_0\
CHR - Extension: AVG SafeGuard = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\18.1.5.512_0\
CHR - Extension: Google Wallet = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9:64bit: - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.44.54 212.54.40.25 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55C15B1B-0363-436C-9D9E-D5C2D4CCFDE3}: DhcpNameServer = 212.54.44.54 212.54.40.25 168.95.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-07-01 19:26:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\.thumbnails
[2014-07-01 19:00:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\fontconfig
[2014-07-01 19:00:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\gegl-0.2
[2014-07-01 19:00:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\.gimp-2.8
[2014-07-01 18:56:28 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2014-06-17 19:05:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SketchUp
[2014-06-17 18:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2014
[2014-06-17 18:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SketchUp
[2014-06-17 18:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SketchUp
[2014-06-12 21:29:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Gyazo
[2014-06-12 21:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
[2014-06-12 21:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gyazo
[2014-06-09 13:52:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\.zenmap
[2014-06-09 13:51:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
[2014-06-09 13:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2014-06-09 13:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nmap
[2014-06-09 13:35:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Temporary Projects
[2014-06-08 00:06:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2014-06-08 00:06:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mozilla
[2014-06-08 00:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014-06-08 00:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014-06-08 00:06:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014-06-07 01:22:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\FUT_Auction_Purchaser
[2014-06-06 21:45:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Fiddler2
[2014-06-06 21:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fiddler2
[2014-06-06 21:12:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\GitHub
[2014-06-06 21:10:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\GitHub
[2014-06-06 21:10:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\GitHub
[2014-06-06 21:10:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
[2014-06-05 19:50:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2014-06-05 19:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2014-06-05 19:50:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2014-06-05 19:50:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Soldiers
[2014-06-05 10:56:15 | 000,000,000 | ---D | C] -- C:\sqlmap
[2014-06-05 10:49:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\CyberGhost
[2014-06-05 10:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\TAP-Windows
[2014-06-05 10:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
[2014-06-05 10:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost 5
[2014-06-05 10:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2014-06-05 10:44:30 | 000,000,000 | ---D | C] -- C:\Python27
[2014-06-05 00:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2014-06-05 00:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014-06-05 00:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2014-06-05 00:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2014-06-05 00:14:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Visual Studio 2010
[2014-06-05 00:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2014-06-05 00:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2014-06-05 00:13:06 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2014-06-05 00:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2014-06-05 00:13:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2014-06-05 00:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2014-06-04 23:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
[2014-06-04 23:46:11 | 000,000,000 | ---D | C] -- C:\xampp
 
========== Files - Modified Within 30 Days ==========
 
[2014-07-02 22:40:52 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014-07-02 22:38:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-07-02 22:18:27 | 000,020,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-07-02 22:18:27 | 000,020,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-07-02 18:18:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-07-02 11:38:01 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-07-02 11:21:43 | 3019,255,808 | -HS- | M] () -- C:\hiberfil.sys
[2014-07-01 19:51:15 | 000,001,772 | ---- | M] () -- C:\Users\Admin\Desktop\CyberGhost 5.lnk
[2014-07-01 19:47:05 | 000,244,955 | ---- | M] () -- C:\Users\Admin\Desktop\yoelle.png
[2014-07-01 19:40:29 | 000,002,101 | ---- | M] () -- C:\Users\Admin\AppData\Local\recently-used.xbel
[2014-07-01 19:40:05 | 003,867,741 | ---- | M] () -- C:\Users\Admin\Desktop\Untitled.xcf
[2014-06-17 18:22:16 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\ALLFSAF14a.ocx
[2014-06-17 18:22:06 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\Style Builder 2014.lnk
[2014-06-17 18:22:05 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\LayOut 2014.lnk
[2014-06-17 18:22:02 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\SketchUp 2014.lnk
[2014-06-12 21:28:53 | 000,001,006 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk
[2014-06-12 21:28:53 | 000,001,006 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo GIF.lnk
[2014-06-12 21:28:53 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2014-06-12 21:28:53 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\Gyazo GIF.lnk
[2014-06-11 23:35:55 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014-06-09 13:51:39 | 000,000,963 | ---- | M] () -- C:\Users\Admin\Desktop\Nmap - Zenmap GUI.lnk
[2014-06-08 00:06:27 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014-06-07 01:21:09 | 000,944,255 | ---- | M] () -- C:\Users\Admin\Documents\FUT_Auction_Purchaser.zip
[2014-06-06 21:15:19 | 000,000,000 | ---- | M] () -- C:\Users\Admin\.gitconfig
[2014-06-06 21:11:01 | 000,002,174 | ---- | M] () -- C:\Users\Admin\Desktop\Git Shell.lnk
[2014-06-06 21:10:24 | 000,000,308 | ---- | M] () -- C:\Users\Admin\Desktop\GitHub.appref-ms
[2014-06-05 19:50:45 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2014-06-05 10:47:26 | 000,000,874 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\CyberGhost 5.lnk
 
========== Files Created - No Company Name ==========
 
[2014-07-01 19:40:29 | 000,002,101 | ---- | C] () -- C:\Users\Admin\AppData\Local\recently-used.xbel
[2014-07-01 19:40:05 | 003,867,741 | ---- | C] () -- C:\Users\Admin\Desktop\Untitled.xcf
[2014-07-01 18:57:22 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2014-06-17 18:22:16 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\ALLFSAF14a.ocx
[2014-06-17 18:22:06 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\Style Builder 2014.lnk
[2014-06-17 18:22:05 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\LayOut 2014.lnk
[2014-06-17 18:22:02 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\SketchUp 2014.lnk
[2014-06-12 21:28:53 | 000,001,006 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk
[2014-06-12 21:28:53 | 000,001,006 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo GIF.lnk
[2014-06-12 21:28:53 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2014-06-12 21:28:53 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\Gyazo GIF.lnk
[2014-06-09 13:51:39 | 000,000,963 | ---- | C] () -- C:\Users\Admin\Desktop\Nmap - Zenmap GUI.lnk
[2014-06-08 00:06:27 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014-06-08 00:06:26 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014-06-07 01:20:59 | 000,944,255 | ---- | C] () -- C:\Users\Admin\Documents\FUT_Auction_Purchaser.zip
[2014-06-06 21:45:33 | 000,001,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler2.lnk
[2014-06-06 21:15:19 | 000,000,000 | ---- | C] () -- C:\Users\Admin\.gitconfig
[2014-06-06 21:11:01 | 000,002,174 | ---- | C] () -- C:\Users\Admin\Desktop\Git Shell.lnk
[2014-06-06 21:10:24 | 000,000,308 | ---- | C] () -- C:\Users\Admin\Desktop\GitHub.appref-ms
[2014-06-05 19:50:45 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2014-06-05 10:47:26 | 000,001,772 | ---- | C] () -- C:\Users\Admin\Desktop\CyberGhost 5.lnk
[2014-06-05 10:47:26 | 000,000,874 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\CyberGhost 5.lnk
[2014-06-02 15:24:10 | 000,007,610 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2014-05-18 21:11:49 | 000,749,404 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014-04-18 06:31:50 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
 
========== ZeroAccess Check ==========
 
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-03-25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-03-25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014-06-27 23:45:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.purple
[2014-05-18 19:46:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVG2014
[2014-07-02 19:50:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2014-06-06 21:15:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GitHub
[2014-06-12 21:29:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gyazo
[2014-05-28 21:54:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++
[2014-06-17 19:05:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SketchUp
[2014-05-19 07:48:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TrueCrypt
[2014-05-18 19:45:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2014-07-01 00:42:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements

#2
pystryker
Posted 04 July 2014 - 11:06 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:



Hi :)

There should be another log called Extras.txt that was produced when you ran OTL for the first time. It will be located in the same directory as where you ran OTL from, in this case here: C:\Users\Admin\Downloads

Please post that log in your next reply. I'm currently reviewing your OTL log and once I see the Extras log, we'll get started.
  • 0

#3
um96
Posted 04 July 2014 - 01:03 PM

um96

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hello,

 

Thanks for your help!

 

Below is the OTL Extras.txt file

 

OTL Extras logfile created on: 2-7-2014 22:46:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
3,75 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 30,66% Memory free
7,50 Gb Paging File | 4,15 Gb Available in Paging File | 55,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 260,45 Gb Free Space | 55,93% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01429AA5-E08A-4918-AC6B-78FCA024E5EC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{18028F53-562D-46BF-B8EE-BA147089CBFC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1E680553-C10B-49C9-B666-1426AD5FAD9F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{21D6A21B-D20E-46B2-8E73-1B3C2959414C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{37F1002D-F963-4297-80B3-FA43CF314EA3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{687F94D6-1BA6-47FF-AB11-14918BB58DCE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{691D91A3-CD7F-49CB-AFCA-5F2C763AF425}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7585ED2A-97B6-4B83-88C0-4915C6BA448B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7A78A98B-456A-4176-8E09-6797663281C2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{87D6FE20-DF38-4CC8-98B4-2811F531E461}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{90EBD82E-F9E2-4E49-A0BE-20D75D17AAE7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A616AEF2-93F7-4BC4-9278-8AC9FED76246}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B256B8BD-6E18-4BEE-8919-77DF34A1A6F5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B5769EBF-C66D-489F-87E7-892011EBA602}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CDD439E5-CF23-4B40-AE54-BC281551B4A8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D2090C61-1998-4E4D-8E59-06366067E26B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DDABCF33-AA1F-4164-BCB1-D1BB4C632113}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E62DCE91-5199-4E03-B61E-E8A0F3827ECF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EA39C1F7-8EC1-4835-875D-AA9505F56673}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F6EDCEE4-99A1-47F1-80D1-E2E8E2D1C3C9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F754D12D-82A8-4EE7-B2DC-FAC05E7C4A41}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{FE29D109-F592-45A3-A5C7-6B86F769165E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039DA2E4-9A80-49A8-A587-2F4311D3F723}" = protocol=1 | dir=in | [email protected],-28543 | 
"{17A9C15C-5B34-4A6D-A7FC-F982C9BB4724}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{19EDE200-8AE2-48D4-9C17-A3026A160D5F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{20E67F30-0154-49B2-A001-F2DB94B9AB14}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{25DEFF7F-3AEA-41FA-819F-5077F00CC9BE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{27423D80-AFE3-4B41-BD0C-22A8422ED9E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{28B48B51-E90B-4A9B-86AC-8C2C1488BFA8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{32FF6FA2-B617-407D-A349-8424BF2465E7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{36ABF5B5-C944-49A1-BFBD-EB9AD6F06025}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4B46CE2F-79C2-4FE2-B918-1F695FCBD8E2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4B8A1546-D782-48AD-B95A-2F89D751B19A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4C66E68C-DAC2-4CE3-B851-834DE8F17DEF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{4DD69DDC-8BBB-482F-9806-19E8D5AC4EF2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{4E21899E-96E3-4B49-B143-131DB1094A8D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{55A26D06-5935-40A9-A186-21BB26DD829C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{6999CA26-5C46-4B11-AD8D-6C06A9DC9592}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{6B0E27F4-C158-4CE8-A2F2-85528F0138BF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6F8BDA77-A7E3-462D-AB19-DD7D9B3B1F01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{766416D2-7E7A-46A4-BF9E-7647BA6B684B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7C14254F-386C-41B5-8425-668BE5B9E932}" = protocol=1 | dir=out | [email protected],-28544 | 
"{82712442-795A-4A10-A48D-6A00DA5E0241}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8537D1D8-AFB8-4790-A48B-2386C5093AA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{85F44623-8EE7-4578-800A-BB49E080B7BC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{8A5D6549-CA0D-492B-B8D4-77B34AC282FE}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\utorrent\utorrent.exe | 
"{8B369EE8-8827-45F0-ADB8-A8C6FE46E751}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9134C7D7-17DD-44B8-9701-57454083A04F}" = protocol=58 | dir=in | [email protected],-28545 | 
"{9CEF0FFD-7EE1-4DDB-9755-BF9D214F4686}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{9D895167-3BBC-415C-B998-8694355DC1C7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{A20DDA3F-DC78-4BD4-9378-23971A03E9BA}" = protocol=6 | dir=in | app=c:\program files (x86)\fiddler2\fiddler.exe | 
"{A478D59C-EC3A-4A41-8FD1-274147B279E6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{B4EAE7FE-B323-43E9-A6F0-04D1C04D3EB3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{BF515011-8229-43A7-8576-E7E7552B7EDE}" = protocol=58 | dir=out | [email protected],-28546 | 
"{C09BC0DE-0F6C-4D0B-90EC-B58F21552918}" = protocol=6 | dir=out | app=system | 
"{C8EAF724-DDD1-465E-8C85-77D7DC211388}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{CCD8A522-FE9B-43D5-BB76-25164BDEBC9D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{D553A8FA-87F9-40D1-92B4-B29E5CB7E189}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{E500B7A4-885A-45F6-BEB2-68FE230474FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EB6C37E2-D5D7-4B61-AD11-D1F4407414FE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{ECC8BD85-4B02-43F3-AB0D-0593BD8C515E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F37876C7-8D76-476F-8022-44728EA0D908}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FA235455-BDB0-4D16-B17C-3DA68EDEFF04}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\utorrent\utorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{049CA433-77A0-4e48-AC76-180A282C4E11}" = Python 2.7.7 (64-bit)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series" = Canon MG4200 series MP Drivers
"{6CB0C0FC-4F27-43F5-84CC-ABC231F045C4}" = AVG 2014
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}" = Oracle VM VirtualBox 4.3.12
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{CB21CD89-A4D3-4240-9AAA-55DCE7F3D076}" = AVG 2014
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"AVG" = AVG 2014
"CyberGhost 5_is1" = CyberGhost 5
"GIMP-2_is1" = GIMP 2.8.10
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"TAP-Windows" = TAP-Windows 9.9.2
"WinRAR archiver" = WinRAR 5.01 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 2.1
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F246092E-FA0B-47C8-9D3E-CF8C210293C8}" = SketchUp 2014
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"Fiddler2" = Fiddler
"FileZilla Client" = FileZilla Client 3.8.1
"Google Chrome" = Google Chrome
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Mozilla Firefox 29.0.1 (x86 nl)" = Mozilla Firefox 29.0.1 (x86 nl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nmap" = Nmap 6.46
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pidgin" = Pidgin
"pidgin-otr" = pidgin-otr 4.0.0-1
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 2.1.3
"WinPcapInst" = WinPcap 4.1.3
"xampp" = XAMPP
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f7eb300e2ea4ebf" = GitHub
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26-6-2014 10:00:24 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.1.3.0, time stamp: 
0x00000004  Faulting module name: vlc.exe, version: 2.1.3.0, time stamp: 0x00000004
Exception
 code: 0xc0000005  Fault offset: 0x000018c5  Faulting process id: 0x1abc  Faulting application
 start time: 0x01cf9141d5a9cad0  Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting
 module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Report Id: 37e8eff0-fd3a-11e3-9649-20cf30e68f31
 
Error - 26-6-2014 10:29:40 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.1.3.0, time stamp: 
0x00000004  Faulting module name: vlc.exe, version: 2.1.3.0, time stamp: 0x00000004
Exception
 code: 0xc0000005  Fault offset: 0x000018c5  Faulting process id: 0x4ac  Faulting application
 start time: 0x01cf9146fe977230  Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting
 module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Report Id: 4e5882b0-fd3e-11e3-9649-20cf30e68f31
 
Error - 26-6-2014 11:44:01 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.1.3.0, time stamp: 
0x00000004  Faulting module name: vlc.exe, version: 2.1.3.0, time stamp: 0x00000004
Exception
 code: 0xc0000005  Fault offset: 0x000018c5  Faulting process id: 0x1600  Faulting application
 start time: 0x01cf914b2efad940  Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting
 module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Report Id: b13b4110-fd48-11e3-9649-20cf30e68f31
 
Error - 27-6-2014 5:30:18 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28-6-2014 4:09:37 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29-6-2014 5:32:58 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30-6-2014 4:58:39 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 1-7-2014 6:13:06 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 1-7-2014 16:56:32 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = The program Skype.exe version 6.16.0.105 stopped interacting with 
Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: e1c    Start
 Time: 01cf9515053bba70    Termination Time: 148    Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Report
 Id: 2b84be21-0162-11e4-9b6e-20cf30e68f31  
 
Error - 2-7-2014 5:23:18 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 23-6-2014 17:36:20 | Computer Name = Admin-PC | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume F: encountered 
a non-retryable error and could not start.  The data contains the error code.
 
Error - 27-6-2014 5:29:22 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the CyberGhost
 5 Client Service service to connect.
 
Error - 27-6-2014 5:29:22 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = The CyberGhost 5 Client Service service failed to start due to the
 following error:   %%1053
 
Error - 27-6-2014 5:31:21 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27-6-2014 18:13:14 | Computer Name = Admin-PC | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume F: encountered 
a non-retryable error and could not start.  The data contains the error code.
 
Error - 28-6-2014 18:15:47 | Computer Name = Admin-PC | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume F: encountered 
a non-retryable error and could not start.  The data contains the error code.
 
Error - 29-6-2014 18:50:01 | Computer Name = Admin-PC | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume F: encountered 
a non-retryable error and could not start.  The data contains the error code.
 
Error - 30-6-2014 18:42:41 | Computer Name = Admin-PC | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume F: encountered 
a non-retryable error and could not start.  The data contains the error code.
 
Error - 1-7-2014 6:12:21 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the CyberGhost
 5 Client Service service to connect.
 
Error - 1-7-2014 6:12:21 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = The CyberGhost 5 Client Service service failed to start due to the
 following error:   %%1053
 
 
< End of report >

  • 0

#4
pystryker
Posted 04 July 2014 - 04:11 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Hello,

Thanks for your help!


You're very welcome. :) Let's get started


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Removal and P2P Warning


Please remove the following program from your computer as it is an adware/malware related program:

AVG SafeGuard Toolbar


The Dangers of P2P Programs

I noticed that you have a P2P file sharing program (uTorrent) on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Step 2: Chrome Changes

Please follow the instructions at the link below to change your homepage in Chrome as it shows a malware related site as the homepage.

Also, please use the instructions there to remove the AVG SafeGuard extension.

https://support.goog...765944?hl=en-GB



Step 3: Fix with OTL


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
otlrunfix.jpg



:Commands
[createrestorepoint]

:OTL
SRV - [2014-06-02 10:17:53 | 001,808,408 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe -- (vToolbarUpdater18.1.7)
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={1B00E1B4-EC41-4984-A73E-5904AC4A4F78}&mid=85453390d0ce47d29236f186760266c2-625d5b56e1897d6790bea2a83e545e9991d0c5ca&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-05-20 09:38:23&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)

:Files
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
ipconfig /flushdns /c
C:\Program Files (x86)\AVG SafeGuard toolbar
C:\Program Files (x86)\Common Files\AVG Secure Search

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 4: Scan with TDSSKiller


Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!


Things I need to see in your next post:

OTL Fixlog

TDSSKiller Log
  • 0

#5
um96
Posted 05 July 2014 - 03:52 AM

um96

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hello,

 

Thanks for your quick reply :)

 

OTL log

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named vToolbarUpdater18.1.7 was found to stop!
Service\Driver key vToolbarUpdater18.1.7 not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt not found.
File C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll not found.
========== FILES ==========
< netsh advfirewall reset /c >
Ok.
C:\Users\Admin\Downloads\cmd.bat deleted successfully.
C:\Users\Admin\Downloads\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Admin\Downloads\cmd.bat deleted successfully.
C:\Users\Admin\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Admin\Downloads\cmd.bat deleted successfully.
C:\Users\Admin\Downloads\cmd.txt deleted successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar folder moved successfully.
File\Folder C:\Program Files (x86)\Common Files\AVG Secure Search not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 206047904 bytes
->Temporary Internet Files folder emptied: 76145451 bytes
->FireFox cache emptied: 28376675 bytes
->Google Chrome cache emptied: 6385895 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 5234 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 170661350 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
RecycleBin emptied: 6002942 bytes
 
Total Files Cleaned = 471,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 07052014_113240
 
Files\Folders moved on Reboot...
C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
tdsskiller LOG
 

11:50:57.0655 0x17d8  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
11:51:00.0106 0x17d8  ============================================================
11:51:00.0106 0x17d8  Current date / time: 2014/07/05 11:51:00.0106
11:51:00.0106 0x17d8  SystemInfo:
11:51:00.0106 0x17d8  
11:51:00.0106 0x17d8  OS Version: 6.1.7601 ServicePack: 1.0
11:51:00.0106 0x17d8  Product type: Workstation
11:51:00.0106 0x17d8  ComputerName: ADMIN-PC
11:51:00.0107 0x17d8  UserName: Admin
11:51:00.0107 0x17d8  Windows directory: C:\Windows
11:51:00.0107 0x17d8  System windows directory: C:\Windows
11:51:00.0107 0x17d8  Running under WOW64
11:51:00.0107 0x17d8  Processor architecture: Intel x64
11:51:00.0107 0x17d8  Number of processors: 6
11:51:00.0107 0x17d8  Page size: 0x1000
11:51:00.0107 0x17d8  Boot type: Normal boot
11:51:00.0107 0x17d8  ============================================================
11:51:02.0184 0x17d8  KLMD registered as C:\Windows\system32\drivers\22075509.sys
11:51:02.0577 0x17d8  System UUID: {F4C9CAE5-36F7-A6D3-37AA-AD3BD2858CE8}
11:51:03.0185 0x17d8  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xCF0156, SectorsPerTrack: 0x4, TracksPerCylinder: 0x12, Type 'K0', Flags 0x00000040
11:51:03.0189 0x17d8  ============================================================
11:51:03.0189 0x17d8  \Device\Harddisk0\DR0:
11:51:03.0195 0x17d8  MBR partitions:
11:51:03.0195 0x17d8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:51:03.0195 0x17d8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
11:51:03.0195 0x17d8  ============================================================
11:51:03.0205 0x17d8  Initialize success
11:51:03.0205 0x17d8  ============================================================
11:51:12.0889 0x11f8  ============================================================
11:51:12.0889 0x11f8  Scan started
11:51:12.0889 0x11f8  Mode: Manual; SigCheck; TDLFS; 
11:51:12.0890 0x11f8  ============================================================
11:51:12.0890 0x11f8  KSN ping started
11:51:15.0582 0x11f8  KSN ping finished: true
11:51:16.0573 0x11f8  ================ Scan system memory ========================
11:51:16.0573 0x11f8  System memory - ok
11:51:16.0574 0x11f8  ================ Scan services =============================
11:51:16.0681 0x11f8  1394ohci - ok
11:51:16.0688 0x11f8  ACPI - ok
11:51:16.0694 0x11f8  AcpiPmi - ok
11:51:16.0704 0x11f8  adp94xx - ok
11:51:16.0731 0x11f8  adpahci - ok
11:51:16.0738 0x11f8  adpu320 - ok
11:51:16.0743 0x11f8  AeLookupSvc - ok
11:51:16.0770 0x11f8  AFD - ok
11:51:16.0794 0x11f8  agp440 - ok
11:51:16.0798 0x11f8  ALG - ok
11:51:16.0813 0x11f8  aliide - ok
11:51:16.0827 0x11f8  amdide - ok
11:51:16.0839 0x11f8  AmdK8 - ok
11:51:16.0859 0x11f8  AmdPPM - ok
11:51:16.0865 0x11f8  amdsata - ok
11:51:16.0869 0x11f8  amdsbs - ok
11:51:16.0877 0x11f8  amdxata - ok
11:51:16.0895 0x11f8  Apache2.4 - ok
11:51:16.0901 0x11f8  AppID - ok
11:51:16.0904 0x11f8  AppIDSvc - ok
11:51:16.0913 0x11f8  Appinfo - ok
11:51:16.0933 0x11f8  AppMgmt - ok
11:51:16.0940 0x11f8  arc - ok
11:51:16.0949 0x11f8  arcsas - ok
11:51:16.0961 0x11f8  aspnet_state - ok
11:51:16.0987 0x11f8  AsyncMac - ok
11:51:17.0001 0x11f8  atapi - ok
11:51:17.0054 0x11f8  AudioEndpointBuilder - ok
11:51:17.0057 0x11f8  AudioSrv - ok
11:51:17.0092 0x11f8  Avgdiska - ok
11:51:17.0105 0x11f8  Avgfwfd - ok
11:51:17.0118 0x11f8  avgfws - ok
11:51:17.0172 0x11f8  AVGIDSAgent - ok
11:51:17.0196 0x11f8  AVGIDSDriver - ok
11:51:17.0206 0x11f8  AVGIDSHA - ok
11:51:17.0222 0x11f8  Avgldx64 - ok
11:51:17.0227 0x11f8  Avgloga - ok
11:51:17.0231 0x11f8  Avgmfx64 - ok
11:51:17.0240 0x11f8  Avgrkx64 - ok
11:51:17.0244 0x11f8  Avgtdia - ok
11:51:17.0248 0x11f8  avgwd - ok
11:51:17.0267 0x11f8  AxInstSV - ok
11:51:17.0285 0x11f8  b06bdrv - ok
11:51:17.0326 0x11f8  b57nd60a - ok
11:51:17.0335 0x11f8  BDESVC - ok
11:51:17.0339 0x11f8  Beep - ok
11:51:17.0378 0x11f8  BFE - ok
11:51:17.0383 0x11f8  BITS - ok
11:51:17.0390 0x11f8  blbdrive - ok
11:51:17.0401 0x11f8  bowser - ok
11:51:17.0405 0x11f8  BrFiltLo - ok
11:51:17.0409 0x11f8  BrFiltUp - ok
11:51:17.0412 0x11f8  Browser - ok
11:51:17.0416 0x11f8  Brserid - ok
11:51:17.0419 0x11f8  BrSerWdm - ok
11:51:17.0423 0x11f8  BrUsbMdm - ok
11:51:17.0426 0x11f8  BrUsbSer - ok
11:51:17.0433 0x11f8  BTHMODEM - ok
11:51:17.0438 0x11f8  bthserv - ok
11:51:17.0448 0x11f8  cdfs - ok
11:51:17.0455 0x11f8  cdrom - ok
11:51:17.0469 0x11f8  CertPropSvc - ok
11:51:17.0487 0x11f8  CGVPNCliService - ok
11:51:17.0496 0x11f8  circlass - ok
11:51:17.0500 0x11f8  CLFS - ok
11:51:17.0503 0x11f8  clr_optimization_v2.0.50727_32 - ok
11:51:17.0506 0x11f8  clr_optimization_v2.0.50727_64 - ok
11:51:17.0520 0x11f8  clr_optimization_v4.0.30319_32 - ok
11:51:17.0555 0x11f8  clr_optimization_v4.0.30319_64 - ok
11:51:17.0559 0x11f8  CmBatt - ok
11:51:17.0562 0x11f8  cmdide - ok
11:51:17.0565 0x11f8  CNG - ok
11:51:17.0568 0x11f8  Compbatt - ok
11:51:17.0574 0x11f8  CompositeBus - ok
11:51:17.0579 0x11f8  COMSysApp - ok
11:51:17.0583 0x11f8  crcdisk - ok
11:51:17.0605 0x11f8  CryptSvc - ok
11:51:17.0608 0x11f8  CSC - ok
11:51:17.0616 0x11f8  CscService - ok
11:51:17.0623 0x11f8  DcomLaunch - ok
11:51:17.0632 0x11f8  defragsvc - ok
11:51:17.0635 0x11f8  DfsC - ok
11:51:17.0643 0x11f8  Dhcp - ok
11:51:17.0646 0x11f8  discache - ok
11:51:17.0649 0x11f8  Disk - ok
11:51:17.0652 0x11f8  dmvsc - ok
11:51:17.0667 0x11f8  Dnscache - ok
11:51:17.0670 0x11f8  dot3svc - ok
11:51:17.0675 0x11f8  DPS - ok
11:51:17.0694 0x11f8  drmkaud - ok
11:51:17.0698 0x11f8  DXGKrnl - ok
11:51:17.0703 0x11f8  EapHost - ok
11:51:17.0706 0x11f8  ebdrv - ok
11:51:17.0710 0x11f8  EFS - ok
11:51:17.0712 0x11f8  ehRecvr - ok
11:51:17.0715 0x11f8  ehSched - ok
11:51:17.0718 0x11f8  elxstor - ok
11:51:17.0721 0x11f8  ErrDev - ok
11:51:17.0740 0x11f8  EventSystem - ok
11:51:17.0742 0x11f8  exfat - ok
11:51:17.0746 0x11f8  fastfat - ok
11:51:17.0763 0x11f8  Fax - ok
11:51:17.0772 0x11f8  fdc - ok
11:51:17.0775 0x11f8  fdPHost - ok
11:51:17.0778 0x11f8  FDResPub - ok
11:51:17.0781 0x11f8  FileInfo - ok
11:51:17.0785 0x11f8  Filetrace - ok
11:51:17.0789 0x11f8  flpydisk - ok
11:51:17.0792 0x11f8  FltMgr - ok
11:51:17.0797 0x11f8  FontCache - ok
11:51:17.0800 0x11f8  FontCache3.0.0.0 - ok
11:51:17.0803 0x11f8  FsDepends - ok
11:51:17.0806 0x11f8  Fs_Rec - ok
11:51:17.0815 0x11f8  fvevol - ok
11:51:17.0818 0x11f8  gagp30kx - ok
11:51:17.0828 0x11f8  gpsvc - ok
11:51:17.0856 0x11f8  gupdate - ok
11:51:17.0862 0x11f8  gupdatem - ok
11:51:17.0866 0x11f8  hcw85cir - ok
11:51:17.0874 0x11f8  HdAudAddService - ok
11:51:17.0900 0x11f8  HDAudBus - ok
11:51:17.0903 0x11f8  HidBatt - ok
11:51:17.0907 0x11f8  HidBth - ok
11:51:17.0911 0x11f8  HidIr - ok
11:51:17.0914 0x11f8  hidserv - ok
11:51:17.0921 0x11f8  HidUsb - ok
11:51:17.0925 0x11f8  hkmsvc - ok
11:51:17.0928 0x11f8  HomeGroupListener - ok
11:51:17.0931 0x11f8  HomeGroupProvider - ok
11:51:17.0935 0x11f8  HpSAMD - ok
11:51:17.0939 0x11f8  HTTP - ok
11:51:17.0942 0x11f8  hwpolicy - ok
11:51:17.0947 0x11f8  i8042prt - ok
11:51:17.0951 0x11f8  iaStorV - ok
11:51:17.0954 0x11f8  idsvc - ok
11:51:17.0957 0x11f8  IEEtwCollectorService - ok
11:51:17.0960 0x11f8  iirsp - ok
11:51:17.0964 0x11f8  IKEEXT - ok
11:51:17.0969 0x11f8  intelide - ok
11:51:17.0983 0x11f8  intelppm - ok
11:51:17.0986 0x11f8  IPBusEnum - ok
11:51:17.0990 0x11f8  IpFilterDriver - ok
11:51:17.0993 0x11f8  iphlpsvc - ok
11:51:17.0996 0x11f8  IPMIDRV - ok
11:51:17.0999 0x11f8  IPNAT - ok
11:51:18.0003 0x11f8  IRENUM - ok
11:51:18.0007 0x11f8  isapnp - ok
11:51:18.0010 0x11f8  iScsiPrt - ok
11:51:18.0020 0x11f8  kbdclass - ok
11:51:18.0034 0x11f8  kbdhid - ok
11:51:18.0038 0x11f8  KeyIso - ok
11:51:18.0041 0x11f8  KSecDD - ok
11:51:18.0044 0x11f8  KSecPkg - ok
11:51:18.0065 0x11f8  ksthunk - ok
11:51:18.0068 0x11f8  KtmRm - ok
11:51:18.0072 0x11f8  LanmanServer - ok
11:51:18.0083 0x11f8  LanmanWorkstation - ok
11:51:18.0103 0x11f8  lltdio - ok
11:51:18.0106 0x11f8  lltdsvc - ok
11:51:18.0109 0x11f8  lmhosts - ok
11:51:18.0113 0x11f8  LSI_FC - ok
11:51:18.0116 0x11f8  LSI_SAS - ok
11:51:18.0119 0x11f8  LSI_SAS2 - ok
11:51:18.0127 0x11f8  LSI_SCSI - ok
11:51:18.0134 0x11f8  luafv - ok
11:51:18.0181 0x11f8  MBAMProtector - ok
11:51:18.0223 0x11f8  MBAMScheduler - ok
11:51:18.0234 0x11f8  MBAMService - ok
11:51:18.0349 0x11f8  MBAMSwissArmy - ok
11:51:18.0360 0x11f8  MBAMWebAccessControl - ok
11:51:18.0370 0x11f8  mcdbus - ok
11:51:18.0380 0x11f8  Mcx2Svc - ok
11:51:18.0386 0x11f8  megasas - ok
11:51:18.0390 0x11f8  MegaSR - ok
11:51:18.0399 0x11f8  Microsoft SharePoint Workspace Audit Service - ok
11:51:18.0403 0x11f8  MMCSS - ok
11:51:18.0407 0x11f8  Modem - ok
11:51:18.0411 0x11f8  monitor - ok
11:51:18.0424 0x11f8  mouclass - ok
11:51:18.0434 0x11f8  mouhid - ok
11:51:18.0437 0x11f8  mountmgr - ok
11:51:18.0456 0x11f8  MozillaMaintenance - ok
11:51:18.0460 0x11f8  mpio - ok
11:51:18.0491 0x11f8  mpsdrv - ok
11:51:18.0495 0x11f8  MpsSvc - ok
11:51:18.0498 0x11f8  MRxDAV - ok
11:51:18.0501 0x11f8  mrxsmb - ok
11:51:18.0504 0x11f8  mrxsmb10 - ok
11:51:18.0507 0x11f8  mrxsmb20 - ok
11:51:18.0510 0x11f8  msahci - ok
11:51:18.0513 0x11f8  msdsm - ok
11:51:18.0516 0x11f8  MSDTC - ok
11:51:18.0527 0x11f8  Msfs - ok
11:51:18.0530 0x11f8  mshidkmdf - ok
11:51:18.0533 0x11f8  msisadrv - ok
11:51:18.0537 0x11f8  MSiSCSI - ok
11:51:18.0540 0x11f8  msiserver - ok
11:51:18.0552 0x11f8  MSKSSRV - ok
11:51:18.0559 0x11f8  MSPCLOCK - ok
11:51:18.0563 0x11f8  MSPQM - ok
11:51:18.0566 0x11f8  MsRPC - ok
11:51:18.0570 0x11f8  mssmbios - ok
11:51:18.0578 0x11f8  MSTEE - ok
11:51:18.0581 0x11f8  MTConfig - ok
11:51:18.0609 0x11f8  MTsensor - ok
11:51:18.0612 0x11f8  Mup - ok
11:51:18.0615 0x11f8  napagent - ok
11:51:18.0618 0x11f8  NativeWifiP - ok
11:51:18.0621 0x11f8  NDIS - ok
11:51:18.0632 0x11f8  NdisCap - ok
11:51:18.0649 0x11f8  NdisTapi - ok
11:51:18.0665 0x11f8  Ndisuio - ok
11:51:18.0668 0x11f8  NdisWan - ok
11:51:18.0671 0x11f8  NDProxy - ok
11:51:18.0677 0x11f8  NetBIOS - ok
11:51:18.0680 0x11f8  NetBT - ok
11:51:18.0683 0x11f8  Netlogon - ok
11:51:18.0686 0x11f8  Netman - ok
11:51:18.0689 0x11f8  NetMsmqActivator - ok
11:51:18.0692 0x11f8  NetPipeActivator - ok
11:51:18.0695 0x11f8  netprofm - ok
11:51:18.0698 0x11f8  NetTcpActivator - ok
11:51:18.0701 0x11f8  NetTcpPortSharing - ok
11:51:18.0704 0x11f8  nfrd960 - ok
11:51:18.0707 0x11f8  NlaSvc - ok
11:51:18.0710 0x11f8  npf - ok
11:51:18.0713 0x11f8  Npfs - ok
11:51:18.0716 0x11f8  nsi - ok
11:51:18.0719 0x11f8  nsiproxy - ok
11:51:18.0724 0x11f8  Ntfs - ok
11:51:18.0726 0x11f8  Null - ok
11:51:18.0738 0x11f8  NVENETFD - ok
11:51:18.0741 0x11f8  nvlddmkm - ok
11:51:18.0744 0x11f8  NVNET - ok
11:51:18.0783 0x11f8  nvraid - ok
11:51:18.0794 0x11f8  nvstor - ok
11:51:18.0813 0x11f8  nvsvc - ok
11:51:18.0816 0x11f8  nvUpdatusService - ok
11:51:18.0819 0x11f8  nv_agp - ok
11:51:18.0822 0x11f8  ohci1394 - ok
11:51:18.0841 0x11f8  ose - ok
11:51:18.0844 0x11f8  osppsvc - ok
11:51:18.0855 0x11f8  p2pimsvc - ok
11:51:18.0858 0x11f8  p2psvc - ok
11:51:18.0860 0x11f8  Parport - ok
11:51:18.0863 0x11f8  partmgr - ok
11:51:18.0866 0x11f8  PcaSvc - ok
11:51:18.0869 0x11f8  pci - ok
11:51:18.0872 0x11f8  pciide - ok
11:51:18.0875 0x11f8  pcmcia - ok
11:51:18.0878 0x11f8  pcw - ok
11:51:18.0881 0x11f8  PEAUTH - ok
11:51:18.0884 0x11f8  PeerDistSvc - ok
11:51:18.0889 0x11f8  PerfHost - ok
11:51:18.0896 0x11f8  pla - ok
11:51:18.0911 0x11f8  PlugPlay - ok
11:51:18.0915 0x11f8  PNRPAutoReg - ok
11:51:18.0918 0x11f8  PNRPsvc - ok
11:51:18.0921 0x11f8  PolicyAgent - ok
11:51:18.0925 0x11f8  Power - ok
11:51:18.0930 0x11f8  PptpMiniport - ok
11:51:18.0933 0x11f8  Processor - ok
11:51:18.0955 0x11f8  ProfSvc - ok
11:51:18.0958 0x11f8  ProtectedStorage - ok
11:51:18.0968 0x11f8  Psched - ok
11:51:18.0971 0x11f8  ql2300 - ok
11:51:18.0981 0x11f8  ql40xx - ok
11:51:18.0984 0x11f8  QWAVE - ok
11:51:18.0987 0x11f8  QWAVEdrv - ok
11:51:18.0990 0x11f8  RasAcd - ok
11:51:18.0993 0x11f8  RasAgileVpn - ok
11:51:18.0996 0x11f8  RasAuto - ok
11:51:19.0005 0x11f8  Rasl2tp - ok
11:51:19.0008 0x11f8  RasMan - ok
11:51:19.0014 0x11f8  RasPppoe - ok
11:51:19.0023 0x11f8  RasSstp - ok
11:51:19.0026 0x11f8  rdbss - ok
11:51:19.0029 0x11f8  rdpbus - ok
11:51:19.0032 0x11f8  RDPCDD - ok
11:51:19.0036 0x11f8  RDPDR - ok
11:51:19.0049 0x11f8  RDPENCDD - ok
11:51:19.0054 0x11f8  RDPREFMP - ok
11:51:19.0058 0x11f8  RdpVideoMiniport - ok
11:51:19.0061 0x11f8  RDPWD - ok
11:51:19.0064 0x11f8  rdyboost - ok
11:51:19.0067 0x11f8  RemoteAccess - ok
11:51:19.0070 0x11f8  RemoteRegistry - ok
11:51:19.0080 0x11f8  RpcEptMapper - ok
11:51:19.0083 0x11f8  RpcLocator - ok
11:51:19.0086 0x11f8  RpcSs - ok
11:51:19.0091 0x11f8  rspndr - ok
11:51:19.0094 0x11f8  s3cap - ok
11:51:19.0097 0x11f8  SamSs - ok
11:51:19.0100 0x11f8  sbp2port - ok
11:51:19.0103 0x11f8  SCardSvr - ok
11:51:19.0106 0x11f8  scfilter - ok
11:51:19.0109 0x11f8  Schedule - ok
11:51:19.0112 0x11f8  SCPolicySvc - ok
11:51:19.0115 0x11f8  SDRSVC - ok
11:51:19.0124 0x11f8  secdrv - ok
11:51:19.0127 0x11f8  seclogon - ok
11:51:19.0130 0x11f8  SENS - ok
11:51:19.0132 0x11f8  SensrSvc - ok
11:51:19.0150 0x11f8  Serenum - ok
11:51:19.0153 0x11f8  Serial - ok
11:51:19.0156 0x11f8  sermouse - ok
11:51:19.0163 0x11f8  SessionEnv - ok
11:51:19.0167 0x11f8  sffdisk - ok
11:51:19.0169 0x11f8  sffp_mmc - ok
11:51:19.0172 0x11f8  sffp_sd - ok
11:51:19.0185 0x11f8  sfloppy - ok
11:51:19.0188 0x11f8  SharedAccess - ok
11:51:19.0191 0x11f8  ShellHWDetection - ok
11:51:19.0194 0x11f8  SiSRaid2 - ok
11:51:19.0199 0x11f8  SiSRaid4 - ok
11:51:19.0230 0x11f8  SkypeUpdate - ok
11:51:19.0236 0x11f8  Smb - ok
11:51:19.0244 0x11f8  SNMPTRAP - ok
11:51:19.0248 0x11f8  spldr - ok
11:51:19.0251 0x11f8  Spooler - ok
11:51:19.0255 0x11f8  sppsvc - ok
11:51:19.0259 0x11f8  sppuinotify - ok
11:51:19.0263 0x11f8  srv - ok
11:51:19.0266 0x11f8  srv2 - ok
11:51:19.0270 0x11f8  srvnet - ok
11:51:19.0273 0x11f8  SSDPSRV - ok
11:51:19.0277 0x11f8  SstpSvc - ok
11:51:19.0280 0x11f8  stexstor - ok
11:51:19.0288 0x11f8  stisvc - ok
11:51:19.0292 0x11f8  storflt - ok
11:51:19.0295 0x11f8  StorSvc - ok
11:51:19.0309 0x11f8  storvsc - ok
11:51:19.0313 0x11f8  swenum - ok
11:51:19.0316 0x11f8  swprv - ok
11:51:19.0319 0x11f8  SysMain - ok
11:51:19.0322 0x11f8  TabletInputService - ok
11:51:19.0337 0x11f8  tap0901 - ok
11:51:19.0341 0x11f8  TapiSrv - ok
11:51:19.0345 0x11f8  TBS - ok
11:51:19.0349 0x11f8  Tcpip - ok
11:51:19.0352 0x11f8  TCPIP6 - ok
11:51:19.0357 0x11f8  tcpipreg - ok
11:51:19.0362 0x11f8  TDPIPE - ok
11:51:19.0366 0x11f8  TDTCP - ok
11:51:19.0370 0x11f8  tdx - ok
11:51:19.0374 0x11f8  TermDD - ok
11:51:19.0378 0x11f8  TermService - ok
11:51:19.0381 0x11f8  Themes - ok
11:51:19.0385 0x11f8  THREADORDER - ok
11:51:19.0388 0x11f8  TrkWks - ok
11:51:19.0393 0x11f8  truecrypt - ok
11:51:19.0397 0x11f8  TrustedInstaller - ok
11:51:19.0401 0x11f8  tssecsrv - ok
11:51:19.0411 0x11f8  TsUsbFlt - ok
11:51:19.0414 0x11f8  TsUsbGD - ok
11:51:19.0426 0x11f8  tunnel - ok
11:51:19.0429 0x11f8  uagp35 - ok
11:51:19.0433 0x11f8  udfs - ok
11:51:19.0438 0x11f8  UI0Detect - ok
11:51:19.0441 0x11f8  uliagpkx - ok
11:51:19.0459 0x11f8  umbus - ok
11:51:19.0462 0x11f8  UmPass - ok
11:51:19.0465 0x11f8  UmRdpService - ok
11:51:19.0468 0x11f8  upnphost - ok
11:51:19.0471 0x11f8  usbccgp - ok
11:51:19.0493 0x11f8  usbcir - ok
11:51:19.0496 0x11f8  usbehci - ok
11:51:19.0499 0x11f8  usbhub - ok
11:51:19.0502 0x11f8  usbohci - ok
11:51:19.0505 0x11f8  usbprint - ok
11:51:19.0508 0x11f8  USBSTOR - ok
11:51:19.0512 0x11f8  usbuhci - ok
11:51:19.0515 0x11f8  UxSms - ok
11:51:19.0517 0x11f8  VaultSvc - ok
11:51:19.0557 0x11f8  VBoxDrv - ok
11:51:19.0568 0x11f8  VBoxNetAdp - ok
11:51:19.0584 0x11f8  VBoxNetFlt - ok
11:51:19.0627 0x11f8  VBoxUSBMon - ok
11:51:19.0635 0x11f8  vdrvroot - ok
11:51:19.0639 0x11f8  vds - ok
11:51:19.0660 0x11f8  vga - ok
11:51:19.0664 0x11f8  VgaSave - ok
11:51:19.0667 0x11f8  vhdmp - ok
11:51:19.0671 0x11f8  viaide - ok
11:51:19.0674 0x11f8  vmbus - ok
11:51:19.0678 0x11f8  VMBusHID - ok
11:51:19.0681 0x11f8  volmgr - ok
11:51:19.0685 0x11f8  volmgrx - ok
11:51:19.0688 0x11f8  volsnap - ok
11:51:19.0692 0x11f8  vsmraid - ok
11:51:19.0696 0x11f8  VSS - ok
11:51:19.0701 0x11f8  vwifibus - ok
11:51:19.0705 0x11f8  W32Time - ok
11:51:19.0712 0x11f8  WacomPen - ok
11:51:19.0722 0x11f8  WANARP - ok
11:51:19.0728 0x11f8  Wanarpv6 - ok
11:51:19.0733 0x11f8  wbengine - ok
11:51:19.0737 0x11f8  WbioSrvc - ok
11:51:19.0741 0x11f8  wcncsvc - ok
11:51:19.0744 0x11f8  WcsPlugInService - ok
11:51:19.0747 0x11f8  Wd - ok
11:51:19.0750 0x11f8  Wdf01000 - ok
11:51:19.0766 0x11f8  WdiServiceHost - ok
11:51:19.0770 0x11f8  WdiSystemHost - ok
11:51:19.0773 0x11f8  WebClient - ok
11:51:19.0777 0x11f8  Wecsvc - ok
11:51:19.0780 0x11f8  wercplsupport - ok
11:51:19.0783 0x11f8  WerSvc - ok
11:51:19.0797 0x11f8  WfpLwf - ok
11:51:19.0801 0x11f8  WIMMount - ok
11:51:19.0804 0x11f8  WinDefend - ok
11:51:19.0811 0x11f8  WinHttpAutoProxySvc - ok
11:51:19.0814 0x11f8  Winmgmt - ok
11:51:19.0818 0x11f8  WinRM - ok
11:51:19.0836 0x11f8  Wlansvc - ok
11:51:19.0839 0x11f8  WmiAcpi - ok
11:51:19.0844 0x11f8  wmiApSrv - ok
11:51:19.0864 0x11f8  WMPNetworkSvc - ok
11:51:19.0868 0x11f8  WPCSvc - ok
11:51:19.0871 0x11f8  WPDBusEnum - ok
11:51:19.0875 0x11f8  ws2ifsl - ok
11:51:19.0878 0x11f8  wscsvc - ok
11:51:19.0882 0x11f8  WSearch - ok
11:51:19.0887 0x11f8  wuauserv - ok
11:51:19.0890 0x11f8  WudfPf - ok
11:51:19.0900 0x11f8  WUDFRd - ok
11:51:19.0904 0x11f8  wudfsvc - ok
11:51:19.0908 0x11f8  WwanSvc - ok
11:51:19.0937 0x11f8  ================ Scan global ===============================
11:51:19.0938 0x11f8  [ Global ] - ok
11:51:19.0939 0x11f8  ================ Scan MBR ==================================
11:51:19.0960 0x11f8  [ 422AF79487A55C27CE4BFD48D84CE830 ] \Device\Harddisk0\DR0
11:51:20.0453 0x11f8  \Device\Harddisk0\DR0 - ok
11:51:20.0454 0x11f8  ================ Scan VBR ==================================
11:51:20.0456 0x11f8  [ 6A7E9EF157C49F92121A429D38648D1F ] \Device\Harddisk0\DR0\Partition1
11:51:20.0456 0x11f8  \Device\Harddisk0\DR0\Partition1 - ok
11:51:20.0479 0x11f8  [ E4D11365198FD12876E006905AE7BBB0 ] \Device\Harddisk0\DR0\Partition2
11:51:20.0491 0x11f8  \Device\Harddisk0\DR0\Partition2 - ok
11:51:20.0492 0x11f8  ================ Scan generic autorun ======================
11:51:20.0492 0x11f8  AVG_UI - ok
11:51:20.0494 0x11f8  IJNetworkScannerSelectorEX - ok
11:51:20.0495 0x11f8  Sidebar - ok
11:51:20.0497 0x11f8  mctadmin - ok
11:51:20.0499 0x11f8  Sidebar - ok
11:51:20.0501 0x11f8  mctadmin - ok
11:51:20.0502 0x11f8  TrueCrypt - ok
11:51:20.0504 0x11f8  Skype - ok
11:51:20.0506 0x11f8  Gyazo - ok
11:51:20.0507 0x11f8  Sidebar - ok
11:51:20.0509 0x11f8  mctadmin - ok
11:51:20.0532 0x11f8  AV detected via SS2: AVG Internet Security 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4714 ), 0x42000 ( disabled : updated )
11:51:20.0533 0x11f8  FW detected via SS2: AVG Internet Security 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4714 ), 0x41010 ( enabled )
11:51:23.0217 0x11f8  ============================================================
11:51:23.0217 0x11f8  Scan finished
11:51:23.0217 0x11f8  ============================================================
11:51:23.0224 0x19e4  Detected object count: 0
11:51:23.0224 0x19e4  Actual detected object count: 0
 

  • 0

#6
pystryker
Posted 05 July 2014 - 06:10 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Thanks for your quick reply :)


:thumbsup: Let's continue. :)


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 2: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: Fresh OTL Scan
  • Close any open windows and then double click (Vista, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  • Please make sure the following boxes are checked.
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name Whitelist
  • LOP Check
  • Purity Check
  • Please check Use Safelist is checked under Extra Registry.
  • Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.

    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    rpcss.dll
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C

  • Click the Run Scan button.
firstscangraphic.jpg
  • Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient. :)
  • When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
  • Please post each log in your next reply.
Things I need to see in your next post:

AdwCleaner Log

Junkware Removal Tool Log

OTL Log

Extras.txt Log

Question: Are you still hearing the noise?
  • 0

#7
um96
Posted 05 July 2014 - 09:26 AM

um96

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hey,

 

I am no longer hearing the mouse clicks (I wasn't hearing them constantly just sometimes a couple clicks) so I hope the problem is resolved

 

Adwcleaner

 

# AdwCleaner v3.214 - Report created 05/07/2014 at 16:54:08
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Security Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v29.0.1 (nl)
 
[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\aityad3w.default\prefs.js ]
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://nl.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://www.chrono24.nl/search/index.htm?query={searchTerms}&suchen=Zoeken&dosearch=true&searchexplain=1&resultview=list
 
*************************
 
AdwCleaner[R0].txt - [1736 octets] - [05/07/2014 16:52:37]
AdwCleaner[S0].txt - [1675 octets] - [05/07/2014 16:54:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1735 octets] ##########
 
 
 
 
JRT
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Admin on za 05-07-2014 at 17:01:20,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2885692730-146157721-164726647-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on za 05-07-2014 at 17:07:11,39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
OTL
 

OTL logfile created on: 5-7-2014 17:09:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
3,75 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 54,32% Memory free
7,50 Gb Paging File | 5,19 Gb Available in Paging File | 69,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 260,65 Gb Free Space | 55,97% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-07-05 17:00:24 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Admin\Desktop\JRT.exe
PRC - [2014-07-02 22:42:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.exe
PRC - [2014-06-17 16:18:02 | 005,179,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014-06-17 16:17:36 | 001,417,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
PRC - [2014-06-17 16:13:54 | 000,318,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
PRC - [2014-06-17 16:11:46 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014-06-05 15:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-05-18 22:16:48 | 001,912,832 | ---- | M] (Don HO [email protected]) -- C:\Program Files (x86)\Notepad++\notepad++.exe
PRC - [2014-05-18 19:52:47 | 001,516,496 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2014-05-12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014-05-12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014-05-12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014-05-08 10:47:44 | 002,993,376 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe
PRC - [2013-11-21 22:07:24 | 000,022,016 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2013-02-19 22:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-03-26 17:35:16 | 000,449,168 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010-11-21 05:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009-02-23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-06-05 15:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014-06-05 15:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014-06-05 15:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014-06-05 15:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014-06-05 15:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014-06-01 11:08:56 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2014-05-24 18:41:24 | 000,892,416 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
MOD - [2014-05-24 18:41:24 | 000,091,648 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
MOD - [2014-01-07 01:42:32 | 001,611,264 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
MOD - [2011-07-18 23:07:28 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
MOD - [2010-01-21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010-01-09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-05-18 20:56:22 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014-05-15 10:40:52 | 000,064,624 | ---- | M] (CyberGhost S.R.L) [Auto | Running] -- C:\Program Files\CyberGhost 5\Service.exe -- (CGVPNCliService)
SRV:64bit: - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014-06-27 15:20:18 | 003,241,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014-06-17 16:17:36 | 001,417,160 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe -- (avgfws)
SRV - [2014-06-17 16:11:46 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014-05-12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014-05-12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014-05-07 04:27:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-04-03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-11-21 22:07:24 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.4)
SRV - [2013-09-11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013-02-19 22:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-07-05 16:58:10 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014-06-17 16:21:34 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014-06-17 16:07:12 | 000,328,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014-06-17 16:06:58 | 000,269,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014-06-17 16:06:24 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014-06-17 16:06:22 | 000,242,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014-06-17 16:06:22 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014-06-17 16:06:20 | 000,123,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014-06-17 16:06:06 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014-05-18 19:52:47 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2014-05-16 14:03:30 | 000,141,600 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2014-05-12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014-05-12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014-04-18 06:31:50 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2013-10-02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013-09-26 10:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2013-08-22 14:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012-08-23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-08-23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010-11-21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-08-12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-02-24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2005-03-29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-02-24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2885692730-146157721-164726647-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2885692730-146157721-164726647-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2885692730-146157721-164726647-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-2885692730-146157721-164726647-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 57 77 63 BE 72 CF 01  [binary data]
IE - HKU\S-1-5-21-2885692730-146157721-164726647-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2885692730-146157721-164726647-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-2885692730-146157721-164726647-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2885692730-146157721-164726647-1003\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B8f8fe09b-0bd3-4470-bc1b-8cad42b8203a%7D:0.17
FF - prefs.js..extensions.enabledAddons: %7B9c51bd27-6ed8-4000-a2bf-36cb95c0c947%7D:11.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Fiddler2\FiddlerHook [2014-06-06 21:45:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014-06-08 00:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2014-06-08 00:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\aityad3w.default\extensions
[2014-06-08 00:08:29 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\aityad3w.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2014-06-08 00:13:53 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\aityad3w.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2014-06-08 00:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014-06-08 00:06:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://mysearch.avg.com?cid={1B00E1B4-EC41-4984-A73E-5904AC4A4F78}&mid=85453390d0ce47d29236f186760266c2-625d5b56e1897d6790bea2a83e545e9991d0c5ca&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-05-20 09:38:23&v=18.1.7.598&pid=safeguard&sg=&sap=hp
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: Google Search = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Cryptocat = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gonbigodpnfghidmnphnadhepmbabhij\2.2.2_0\
CHR - Extension: Google Wallet = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014-07-05 11:35:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2885692730-146157721-164726647-1001..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.)
O4 - HKU\S-1-5-21-2885692730-146157721-164726647-1001..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKU\S-1-5-21-2885692730-146157721-164726647-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2885692730-146157721-164726647-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9:64bit: - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.44.54 212.54.40.25 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55C15B1B-0363-436C-9D9E-D5C2D4CCFDE3}: DhcpNameServer = 212.54.44.54 212.54.40.25 168.95.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-07-05 17:01:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014-07-05 17:00:19 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Admin\Desktop\JRT.exe
[2014-07-05 16:53:09 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014-07-05 16:52:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-07-05 12:38:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Tartustraat 2 FUNDA
[2014-07-05 11:40:37 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2014-07-05 11:32:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-07-05 11:27:26 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\EmieUserList
[2014-07-05 11:27:26 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\EmieSiteList
[2014-07-05 11:24:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\VPN Management Script
[2014-07-04 21:33:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Tor Browser1
[2014-07-02 22:49:14 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014-07-01 19:26:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\.thumbnails
[2014-07-01 19:00:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\fontconfig
[2014-07-01 19:00:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\gegl-0.2
[2014-07-01 19:00:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\.gimp-2.8
[2014-07-01 18:56:28 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2014-06-17 19:05:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SketchUp
[2014-06-17 18:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2014
[2014-06-17 18:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SketchUp
[2014-06-17 18:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SketchUp
[2014-06-17 16:21:34 | 000,235,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2014-06-17 16:07:12 | 000,328,984 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2014-06-17 16:06:58 | 000,269,080 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2014-06-17 16:06:24 | 000,190,744 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2014-06-17 16:06:22 | 000,242,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2014-06-17 16:06:22 | 000,153,368 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgdiska.sys
[2014-06-17 16:06:20 | 000,123,672 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2014-06-17 16:06:06 | 000,031,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2014-06-12 21:29:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Gyazo
[2014-06-12 21:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
[2014-06-12 21:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gyazo
[2014-06-09 13:52:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\.zenmap
[2014-06-09 13:51:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
[2014-06-09 13:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2014-06-09 13:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nmap
[2014-06-09 13:35:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Temporary Projects
[2014-06-08 00:06:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2014-06-08 00:06:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mozilla
[2014-06-08 00:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014-06-08 00:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014-06-08 00:06:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014-06-07 01:22:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\FUT_Auction_Purchaser
[2014-06-06 21:45:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Fiddler2
[2014-06-06 21:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fiddler2
[2014-06-06 21:12:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\GitHub
[2014-06-06 21:10:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\GitHub
[2014-06-06 21:10:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\GitHub
[2014-06-06 21:10:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
[2014-06-05 19:50:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2014-06-05 19:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2014-06-05 19:50:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2014-06-05 19:50:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Soldiers
 
========== Files - Modified Within 30 Days ==========
 
[2014-07-05 17:00:24 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Admin\Desktop\JRT.exe
[2014-07-05 16:58:10 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014-07-05 16:57:34 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-07-05 16:56:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-07-05 16:56:53 | 3019,255,808 | -HS- | M] () -- C:\hiberfil.sys
[2014-07-05 16:55:25 | 000,020,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-07-05 16:55:25 | 000,020,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-07-05 16:50:59 | 001,346,519 | ---- | M] () -- C:\Users\Admin\Desktop\AdwCleaner.exe
[2014-07-05 16:38:17 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-07-05 11:40:47 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2014-07-05 11:35:39 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014-07-03 11:27:24 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014-07-01 19:51:15 | 000,001,772 | ---- | M] () -- C:\Users\Admin\Desktop\CyberGhost 5.lnk
[2014-07-01 19:47:05 | 000,244,955 | ---- | M] () -- C:\Users\Admin\Desktop\yoelle.png
[2014-07-01 19:40:29 | 000,002,101 | ---- | M] () -- C:\Users\Admin\AppData\Local\recently-used.xbel
[2014-07-01 19:40:05 | 003,867,741 | ---- | M] () -- C:\Users\Admin\Desktop\Untitled.xcf
[2014-06-17 18:22:16 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\ALLFSAF14a.ocx
[2014-06-17 18:22:06 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\Style Builder 2014.lnk
[2014-06-17 18:22:05 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\LayOut 2014.lnk
[2014-06-17 18:22:02 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\SketchUp 2014.lnk
[2014-06-17 16:21:34 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2014-06-17 16:07:12 | 000,328,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2014-06-17 16:06:58 | 000,269,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2014-06-17 16:06:24 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2014-06-17 16:06:22 | 000,242,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2014-06-17 16:06:22 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgdiska.sys
[2014-06-17 16:06:20 | 000,123,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2014-06-17 16:06:06 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2014-06-12 21:28:53 | 000,001,006 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk
[2014-06-12 21:28:53 | 000,001,006 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo GIF.lnk
[2014-06-12 21:28:53 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2014-06-12 21:28:53 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\Gyazo GIF.lnk
[2014-06-11 23:35:55 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014-06-09 13:51:39 | 000,000,963 | ---- | M] () -- C:\Users\Admin\Desktop\Nmap - Zenmap GUI.lnk
[2014-06-08 00:06:27 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014-06-07 01:21:09 | 000,944,255 | ---- | M] () -- C:\Users\Admin\Documents\FUT_Auction_Purchaser.zip
[2014-06-06 21:15:19 | 000,000,000 | ---- | M] () -- C:\Users\Admin\.gitconfig
[2014-06-06 21:11:01 | 000,002,174 | ---- | M] () -- C:\Users\Admin\Desktop\Git Shell.lnk
[2014-06-06 21:10:24 | 000,000,308 | ---- | M] () -- C:\Users\Admin\Desktop\GitHub.appref-ms
[2014-06-05 19:50:45 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
 
========== Files Created - No Company Name ==========
 
[2014-07-05 16:50:32 | 001,346,519 | ---- | C] () -- C:\Users\Admin\Desktop\AdwCleaner.exe
[2014-07-01 19:40:29 | 000,002,101 | ---- | C] () -- C:\Users\Admin\AppData\Local\recently-used.xbel
[2014-07-01 19:40:27 | 000,244,955 | ---- | C] () -- C:\Users\Admin\Desktop\yoelle.png
[2014-07-01 19:40:05 | 003,867,741 | ---- | C] () -- C:\Users\Admin\Desktop\Untitled.xcf
[2014-07-01 18:57:22 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2014-06-17 18:22:16 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\ALLFSAF14a.ocx
[2014-06-17 18:22:06 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\Style Builder 2014.lnk
[2014-06-17 18:22:05 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\LayOut 2014.lnk
[2014-06-17 18:22:02 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\SketchUp 2014.lnk
[2014-06-12 21:28:53 | 000,001,006 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk
[2014-06-12 21:28:53 | 000,001,006 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Gyazo GIF.lnk
[2014-06-12 21:28:53 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\Gyazo.lnk
[2014-06-12 21:28:53 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\Gyazo GIF.lnk
[2014-06-09 13:51:39 | 000,000,963 | ---- | C] () -- C:\Users\Admin\Desktop\Nmap - Zenmap GUI.lnk
[2014-06-08 00:06:27 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014-06-08 00:06:26 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014-06-07 01:20:59 | 000,944,255 | ---- | C] () -- C:\Users\Admin\Documents\FUT_Auction_Purchaser.zip
[2014-06-06 21:45:33 | 000,001,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler2.lnk
[2014-06-06 21:15:19 | 000,000,000 | ---- | C] () -- C:\Users\Admin\.gitconfig
[2014-06-06 21:11:01 | 000,002,174 | ---- | C] () -- C:\Users\Admin\Desktop\Git Shell.lnk
[2014-06-06 21:10:24 | 000,000,308 | ---- | C] () -- C:\Users\Admin\Desktop\GitHub.appref-ms
[2014-06-05 19:50:45 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2014-06-02 15:24:10 | 000,007,610 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2014-05-18 21:11:49 | 000,749,404 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014-04-18 06:31:50 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
 
========== ZeroAccess Check ==========
 
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-03-25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-03-25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014-07-04 23:22:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.purple
[2014-05-18 19:46:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVG2014
[2014-07-04 15:33:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2014-06-06 21:15:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GitHub
[2014-06-12 21:29:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gyazo
[2014-05-28 21:54:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++
[2014-06-17 19:05:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SketchUp
[2014-05-19 07:48:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TrueCrypt
[2014-05-18 19:45:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2014-07-05 01:07:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2014-05-20 10:39:18 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2014-05-20 10:39:18 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
[2007-11-07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: EXPLORER.EXE  >
[2010-11-21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010-11-21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010-11-21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010-11-21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: RPCSS.DLL  >
[2010-11-21 05:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010-11-21 05:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
 
< MD5 for: SERVICES  >
[2009-06-10 23:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.DAT  >
[2014-04-06 06:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Admin\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009-07-14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009-07-14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2010-11-21 09:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010-11-21 09:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.H  >
[2014-01-14 17:38:00 | 000,001,124 | ---- | M] () MD5=3E3742C81D3173F4469F85050E4C5AAD -- C:\xampp\mysql\include\mysql\services.h
 
< MD5 for: SERVICES.LNK  >
[2009-07-14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009-07-14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009-06-10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009-06-10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2010-11-21 09:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009-06-10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010-11-21 09:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009-06-10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010-11-21 09:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009-06-10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010-11-21 09:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009-06-10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009-07-13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009-07-13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2014-05-12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009-07-14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009-07-14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010-11-21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010-11-21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010-11-21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010-11-21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2014-05-12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2010-11-21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014-03-04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014-03-04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014-03-04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is D06D-9FE4
 Directory of C:\
14-07-2009  07:08    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
14-07-2009  07:08    <JUNCTION>     Application Data [C:\ProgramData]
14-07-2009  07:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14-07-2009  07:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14-07-2009  07:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14-07-2009  07:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14-07-2009  07:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
14-07-2009  07:08    <SYMLINKD>     All Users [C:\ProgramData]
14-07-2009  07:08    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\Admin
18-05-2014  19:19    <JUNCTION>     Application Data [C:\Users\Admin\AppData\Roaming]
18-05-2014  19:19    <JUNCTION>     Cookies [C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies]
18-05-2014  19:19    <JUNCTION>     Local Settings [C:\Users\Admin\AppData\Local]
18-05-2014  19:19    <JUNCTION>     My Documents [C:\Users\Admin\Documents]
18-05-2014  19:19    <JUNCTION>     NetHood [C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
18-05-2014  19:19    <JUNCTION>     PrintHood [C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
18-05-2014  19:19    <JUNCTION>     Recent [C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent]
18-05-2014  19:19    <JUNCTION>     SendTo [C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo]
18-05-2014  19:19    <JUNCTION>     Start Menu [C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu]
18-05-2014  19:19    <JUNCTION>     Templates [C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Admin\AppData\Local
18-05-2014  19:19    <JUNCTION>     Application Data [C:\Users\Admin\AppData\Local]
18-05-2014  19:19    <JUNCTION>     History [C:\Users\Admin\AppData\Local\Microsoft\Windows\History]
18-05-2014  19:19    <JUNCTION>     Temporary Internet Files [C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Admin\Documents
18-05-2014  19:19    <JUNCTION>     My Music [C:\Users\Admin\Music]
18-05-2014  19:19    <JUNCTION>     My Pictures [C:\Users\Admin\Pictures]
18-05-2014  19:19    <JUNCTION>     My Videos [C:\Users\Admin\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
14-07-2009  07:08    <JUNCTION>     Application Data [C:\ProgramData]
14-07-2009  07:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14-07-2009  07:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14-07-2009  07:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14-07-2009  07:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14-07-2009  07:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
14-07-2009  07:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14-07-2009  07:08    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14-07-2009  07:08    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14-07-2009  07:08    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14-07-2009  07:08    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14-07-2009  07:08    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14-07-2009  07:08    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14-07-2009  07:08    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14-07-2009  07:08    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14-07-2009  07:08    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
14-07-2009  07:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14-07-2009  07:08    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14-07-2009  07:08    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
14-07-2009  07:08    <JUNCTION>     My Music [C:\Users\Default\Music]
14-07-2009  07:08    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14-07-2009  07:08    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
14-07-2009  07:08    <JUNCTION>     My Music [C:\Users\Public\Music]
14-07-2009  07:08    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14-07-2009  07:08    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\UpdatusUser
18-05-2014  20:20    <JUNCTION>     Application Data [C:\Users\UpdatusUser\AppData\Roaming]
18-05-2014  20:20    <JUNCTION>     Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
18-05-2014  20:20    <JUNCTION>     Local Settings [C:\Users\UpdatusUser\AppData\Local]
18-05-2014  20:20    <JUNCTION>     My Documents [C:\Users\UpdatusUser\Documents]
18-05-2014  20:20    <JUNCTION>     NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
18-05-2014  20:20    <JUNCTION>     PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
18-05-2014  20:20    <JUNCTION>     Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
18-05-2014  20:20    <JUNCTION>     SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
18-05-2014  20:20    <JUNCTION>     Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
18-05-2014  20:20    <JUNCTION>     Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\UpdatusUser\AppData\Local
18-05-2014  20:20    <JUNCTION>     Application Data [C:\Users\UpdatusUser\AppData\Local]
18-05-2014  20:20    <JUNCTION>     History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
18-05-2014  20:20    <JUNCTION>     Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\UpdatusUser\Documents
18-05-2014  20:20    <JUNCTION>     My Music [C:\Users\UpdatusUser\Music]
18-05-2014  20:20    <JUNCTION>     My Pictures [C:\Users\UpdatusUser\Pictures]
18-05-2014  20:20    <JUNCTION>     My Videos [C:\Users\UpdatusUser\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              66 Dir(s)  279.956.619.264 bytes free
 
< End of report >
 
 
 
 
Extras
 

OTL Extras logfile created on: 5-7-2014 17:09:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
3,75 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 54,32% Memory free
7,50 Gb Paging File | 5,19 Gb Available in Paging File | 69,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 260,65 Gb Free Space | 55,97% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2885692730-146157721-164726647-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{73DDFBC1-1A11-4EFC-8917-7C9A7EBAC5BD}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{76B321D1-A731-4B1D-BB5E-1E47110D374D}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{0213AAC0-B5CB-4FF6-9FE0-7FF33475C627}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{C1B699CE-5069-4D55-B0D6-D8A79972A172}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{049CA433-77A0-4e48-AC76-180A282C4E11}" = Python 2.7.7 (64-bit)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series" = Canon MG4200 series MP Drivers
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}" = Oracle VM VirtualBox 4.3.12
"{B5BBEF15-44B1-43FA-A4B7-3AFE501B5949}" = AVG 2014
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{D1C0C574-6385-4ED1-BBD9-2B62FCECE0EF}" = AVG 2014
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"AVG" = AVG 2014
"CyberGhost 5_is1" = CyberGhost 5
"GIMP-2_is1" = GIMP 2.8.10
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"TAP-Windows" = TAP-Windows 9.9.2
"WinRAR archiver" = WinRAR 5.01 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 2.1
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F246092E-FA0B-47C8-9D3E-CF8C210293C8}" = SketchUp 2014
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"Fiddler2" = Fiddler
"FileZilla Client" = FileZilla Client 3.8.1
"Google Chrome" = Google Chrome
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Mozilla Firefox 29.0.1 (x86 nl)" = Mozilla Firefox 29.0.1 (x86 nl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nmap" = Nmap 6.46
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pidgin" = Pidgin
"pidgin-otr" = pidgin-otr 4.0.0-1
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 2.1.3
"WinPcapInst" = WinPcap 4.1.3
"xampp" = XAMPP
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2885692730-146157721-164726647-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f7eb300e2ea4ebf" = GitHub
"uTorrent" = µTorrent
 
< End of report >
 
 
 
 
 
 

  • 0

#8
pystryker
Posted 05 July 2014 - 10:06 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

I am no longer hearing the mouse clicks (I wasn't hearing them constantly just sometimes a couple clicks) so I hope the problem is resolved


That's good :) I do see a few things in the latest OTL log that need to go, but we're going to run a sweep for remnants and check for out of date programs before I eliminate those.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#9
um96
Posted 05 July 2014 - 01:24 PM

um96

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
MBAM
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5-7-2014
Scan Time: 18:37:09
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.05.08
Rootkit Database: v2014.07.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Admin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305926
Time Elapsed: 9 min, 13 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
ESET
 
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=05305ec599bc1a4d99f1b421b0735caa
# engine=19037
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-05 06:35:10
# local_time=2014-07-05 08:35:10 (+0100, W. Europe Daylight Time)
# country="Netherlands"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG Internet Security 2014'
# compatibility_mode=1049 16777213 100 100 33542 91719294 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4142656 156215160 0 0
# scanned=133817
# found=0
# cleaned=0
# scan_time=3209
 
 
 
 
 
Securitycheck
 
 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG Internet Security 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Mozilla Firefox 29.0.1 Firefox out of Date!  
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 

  • 0

#10
pystryker
Posted 05 July 2014 - 01:36 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Very good! Let's tidy up the few items OTL found earlier.


Step 1: Chrome Changes and Windows Sidebar Fix

Your homepage in Chrome is still set to an adware related page. Please change it by following the instructions below.
  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under On Startup and then click Open a specific set of pages and click Set Pages
  • When the window opens, type in any page you wish as your new start page.
  • Once you have typed in your new home page, close the window.
Windows Fix It

You have Windows Sidebar running on your machine and it is known to have some security problems. Microsoft Corporation has an article about these issues, and you can read it by clicking here . Please disable it by using Fix It.

You can download Fix It by clicking here.

NOTE: Please make absolutely sure you reboot the machine after performing this step and before proceeding with my next instructions.


Step 2: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
otlrunfix.jpg


:Commands
[createrestorepoint]

:OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

:Commands
[reboot]

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply. If the log doesn't open upon reboot, a copy of it can be found here: C:\_OTL\MovedFiles
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Things I need to see in your next post:

OTL Fix Log
  • 0

#11
um96
Posted 06 July 2014 - 04:33 AM

um96

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

OTL

 

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.69.0 log created on 07062014_121147

  • 0

#12
pystryker
Posted 06 July 2014 - 05:44 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

Great news, your logs are CLEAN! :thumbsup: :) but we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.
Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.



Step 2: Program Update and Installation of FileHippo


Your version of FireFox is out of date. Please update it by starting Firefox, clicking Help and then clicking About FireFox. FireFox will automatically update itself.


Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker



Step 3: Tips, Information, and Installation of Unchecky


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.


unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:
  • 0

#13
pystryker
Posted 07 July 2014 - 05:43 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP