Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple chrome.exe*32 and virus detection [Solved]

Started by Beban96 , Mar 10 2015 08:09 AM
chrome 32 virus process

  • This topic is locked This topic is locked

#1
Beban96
Posted 10 March 2015 - 08:09 AM

Beban96

    Member

  • Member
  • PipPip
  • 17 posts

Hello there, my first post. :)

 

I have Google Chrome installed on my laptop. In the beginning of my activities in the browser, I get Avast detection pop-ups after every few minutes, several times, prompting me that some harmful website is found, with the path to chrome.exe. After few times it stops. I've also noticed multiple chrome.exe*32 processes in task manager. 

 

I've tried avast and Malwarebytes scans, nothing was found, at least nothing connected to chrome. Even BSOD happened 2 times. Help will be highly appreciated. :) Thanks.

 

2rclduc.jpg  24dldt1.jpg


  • 0

Advertisements

#2
Biscuithd
Posted 10 March 2015 - 08:12 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Yes, looks familiar. Sorry to hear, however, it can be set to right. :)

 

Let's have look with this tool.

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.


  • 0

#3
Beban96
Posted 10 March 2015 - 08:25 AM

Beban96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Rapid response, nice. 

 

FRST

 

Spoiler

 

ADDITIONAL

 

Spoiler


  • 0

#4
Biscuithd
Posted 10 March 2015 - 08:28 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Rapid response, nice. 

I just happened to be close by. Typical response is 24 hours.

 

Next, please just Cut/Paste the response or logs. Don't place them in text boxes (or any other kind of box) or "attach" them, etc. Could you please re-do.


  • 0

#5
Beban96
Posted 10 March 2015 - 08:32 AM

Beban96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2015 01
Ran by Igor (administrator) on IGOR-PC on 10-03-2015 15:16:25
Running from C:\Users\Igor\Downloads
Loaded Profiles: Igor (Available profiles: Igor)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Farbar) C:\Users\Igor\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531984 2015-01-07] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5513424 2015-03-09] (Avast Software s.r.o.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2014-08-31] (Intel Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2503704 2015-03-06] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3363385342-2374591123-549723091-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3363385342-2374591123-549723091-1000\...\Run: [uTorrent] => C:\Users\Igor\AppData\Roaming\uTorrent\uTorrent.exe [1677904 2015-01-26] (BitTorrent Inc.)
HKU\S-1-5-21-3363385342-2374591123-549723091-1000\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-3363385342-2374591123-549723091-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-3363385342-2374591123-549723091-1000\...\MountPoints2: {1564bcc3-3169-11e4-8e99-806e6f6e6963} - E:\AsInsWiz.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3363385342-2374591123-549723091-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={8CBFE59E-C5BD-4E7D-9929-5D1AB5361AC0}&mid=9249a77a673547d2b913856e58e0f47d-59648bc3688073c2f87776a4aa764f5c1ada1f46&lang=en&ds=px011&coid=avgtbdispx&cmpid=&pr=sa&d=2014-11-30 14:39:20&v=18.3.0.885&pid=safeguard&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-3363385342-2374591123-549723091-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={8CBFE59E-C5BD-4E7D-9929-5D1AB5361AC0}&mid=9249a77a673547d2b913856e58e0f47d-59648bc3688073c2f87776a4aa764f5c1ada1f46&lang=en&ds=px011&coid=avgtbdispx&cmpid=&pr=sa&d=2014-11-30 14:39:20&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: Iosaaver -> {4796ee63-e948-4487-b7d0-2be2e9b61079} -> C:\Program Files (x86)\Iosaaver\6sglP68o9BJ9WO.x64.dll No File
BHO: ExstruASavingoss -> {77e6e736-2c47-4764-81ba-d79a3ff85b0f} -> C:\Program Files (x86)\ExstruASavingoss\dUSWuWPa7Fk2hu.x64.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-09] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Iosaaver -> {4796ee63-e948-4487-b7d0-2be2e9b61079} -> C:\Program Files (x86)\Iosaaver\6sglP68o9BJ9WO.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-09] (Oracle Corporation)
BHO-x32: ExstruASavingoss -> {77e6e736-2c47-4764-81ba-d79a3ff85b0f} -> C:\Program Files (x86)\ExstruASavingoss\dUSWuWPa7Fk2hu.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-09] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-06] (AVG Secure Search)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-09] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-06] (AVG Secure Search)
Toolbar: HKU\S-1-5-21-3363385342-2374591123-549723091-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-03-06] (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-31]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> https://www.google.rs/
CHR StartupUrls: Default -> "https://www.google.rs/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-31]
CHR Extension: (Google Drive) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-31]
CHR Extension: (YouTube) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-31]
CHR Extension: (Google Search) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-31]
CHR Extension: (Heroes & Generals) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2015-01-29]
CHR Extension: (Avast Online Security) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-31]
CHR Extension: (ClipConverter) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\njjjgjlocdhecpgdcfjblcnfebfnmhpp [2015-03-05]
CHR Extension: (Google Wallet) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-31]
CHR Extension: (Gmail) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-09] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-09] (Avast Software)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-12-14] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-07] (NVIDIA Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2015-01-07] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19822736 2015-01-07] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-22] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
R2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-03-06] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 1f7a5585; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\ToolSupport\ToolSupport.dll",serv
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-09] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-09] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-09] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-09] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-09] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-09] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-14] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-07] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-09] (Avast Software)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-10 15:16 - 2015-03-10 15:16 - 00021082 _____ () C:\Users\Igor\Downloads\FRST.txt
2015-03-10 15:13 - 2015-03-10 15:13 - 02095104 _____ (Farbar) C:\Users\Igor\Downloads\FRST64 (1).exe
2015-03-09 15:26 - 2015-03-09 15:27 - 00000240 _____ () C:\Users\Igor\Downloads\Search.txt
2015-03-09 15:25 - 2015-03-10 15:16 - 00000000 ____D () C:\FRST
2015-03-09 14:38 - 2015-03-09 14:38 - 02095104 _____ (Farbar) C:\Users\Igor\Downloads\FRST64.exe
2015-03-09 14:33 - 2015-03-10 14:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 14:20 - 2015-03-09 14:20 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-09 14:20 - 2015-03-09 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-09 14:20 - 2015-03-09 14:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-09 14:20 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-09 14:20 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-09 14:20 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-09 13:54 - 2015-03-09 13:54 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-09 13:54 - 2015-03-09 13:54 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-09 13:51 - 2015-03-09 13:51 - 00000197 _____ () C:\Windows\system32\2015-03-09-12-51-21.052-AvastVBoxSVC.exe-5040.log
2015-03-08 10:28 - 2015-03-08 10:28 - 00000247 _____ () C:\Windows\system32\2015-03-08-09-28-35.036-aswFe.exe-3520.log
2015-03-08 10:25 - 2015-03-08 10:28 - 00000247 _____ () C:\Windows\system32\2015-03-08-09-25-21.003-aswFe.exe-168.log
2015-03-08 10:25 - 2015-03-08 10:25 - 00000197 _____ () C:\Windows\system32\2015-03-08-09-25-14.085-AvastVBoxSVC.exe-6636.log
2015-03-08 08:19 - 2015-03-08 08:19 - 00000197 _____ () C:\Windows\system32\2015-03-08-07-19-37.050-AvastVBoxSVC.exe-4060.log
2015-03-08 08:18 - 2015-03-09 15:40 - 686623985 _____ () C:\Windows\MEMORY.DMP
2015-03-08 08:18 - 2015-03-09 15:40 - 00000000 ____D () C:\Windows\Minidump
2015-03-07 12:05 - 2015-03-07 15:57 - 00000828 _____ () C:\Users\Igor\Desktop\Handbrake.lnk
2015-03-07 12:05 - 2015-03-07 12:06 - 00000000 ____D () C:\Program Files\Handbrake
2015-03-07 12:05 - 2015-03-07 12:05 - 00000000 ____D () C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2015-03-07 11:39 - 2015-03-07 11:39 - 16724942 _____ () C:\Users\Igor\Downloads\HandBrake-0.10.0-x86_64-Win_GUI.exe
2015-03-06 19:32 - 2015-03-06 19:32 - 00508424 _____ () C:\Users\Igor\Desktop\Untitled2.camproj
2015-03-06 14:20 - 2015-03-07 19:44 - 00515918 _____ () C:\Users\Igor\Desktop\Untitled.camproj
2015-03-06 13:30 - 2015-03-06 13:30 - 00006748 _____ () C:\Users\Igor\Desktop\Pinkove Zvezde - Emisija 21 - Cela Emisija.mp4.lvix
2015-03-06 13:30 - 2015-03-06 13:30 - 00005072 _____ () C:\Users\Igor\Desktop\Pinkove Zvezde - Emisija 21 - Cela Emisija(1).mp4.lvix
2015-03-06 13:29 - 2015-03-06 13:29 - 00001265 _____ () C:\Users\Igor\Desktop\Edit #1(1).mp4.lvix
2015-03-06 13:29 - 2015-03-06 13:29 - 00001256 _____ () C:\Users\Igor\Desktop\Edit #1.mp4.lvix
2015-03-06 13:29 - 2015-03-06 13:29 - 00000256 _____ () C:\Users\Igor\Desktop\Pinkove Zvezde - Emisija 21 - Cela Emisija (1).mov.lvix
2015-03-06 11:05 - 2015-03-06 11:46 - 1559996601 _____ () C:\Users\Igor\Desktop\Pinkove Zvezde - Emisija 21 - Cela Emisija (1).mov
2015-03-06 11:00 - 2015-03-06 11:00 - 00000197 _____ () C:\Windows\system32\2015-03-06-10-00-18.049-AvastVBoxSVC.exe-4852.log
2015-03-05 23:44 - 2015-03-05 23:48 - 00861120 _____ () C:\Users\Igor\Downloads\Pinkove Zvezde - Emisija 21 - Cela Emisija (2).mp4
2015-03-05 23:43 - 2015-03-05 21:42 - 1560007462 _____ () C:\Users\Igor\Desktop\Pinkove Zvezde - Emisija 21 - Cela Emisija(1).mp4
2015-03-05 23:33 - 2015-03-05 23:33 - 00019709 _____ () C:\Users\Igor\Desktop\clipconverter_132.crx
2015-03-05 23:23 - 2015-03-05 23:30 - 05394240 _____ () C:\Users\Igor\Downloads\Pinkove Zvezde - Emisija 21 - Cela Emisija.mov
2015-03-05 21:17 - 2015-03-04 21:57 - 1074761122 _____ () C:\Users\Igor\Desktop\Pinkove Zvezde - Emisija 21 - Cela Emisija.mp4
2015-03-05 21:15 - 2015-03-05 21:15 - 00000000 ____D () C:\Users\Igor\AppData\Roaming\Thinstall
2015-03-05 21:15 - 2015-03-05 21:15 - 00000000 ____D () C:\Users\Igor\AppData\Local\Thinstall
2015-03-05 21:11 - 2015-03-05 21:11 - 00006336 _____ () C:\Users\Igor\Downloads\[kickass.to]orbit.downloader.4.0.0.6.final.portable.torrent
2015-03-05 21:11 - 2015-03-05 21:11 - 00000000 ____D () C:\Users\Igor\Downloads\Orbit Downloader 4.0.0.6 Final Portable
2015-03-05 20:58 - 2015-03-05 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2015-03-05 20:58 - 2015-03-05 20:58 - 00000000 ____D () C:\Program Files (x86)\GreenTree Applications
2015-03-05 20:55 - 2015-03-05 20:56 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2015-03-05 20:51 - 2015-03-05 20:52 - 00000000 ____D () C:\Users\Igor\Downloads\YouTube Downloader Pro YTD 4.8.1.0 Final (2-click run)(Registered)
2015-03-05 20:51 - 2015-03-05 20:51 - 00001921 _____ () C:\Users\Igor\Downloads\[kickass.to]youtube.downloader.pro.ytd.4.8.1.0.final.2.click.run.registered.torrent
2015-03-05 20:41 - 2015-03-08 08:24 - 00000000 ____D () C:\2-click run
2015-03-05 17:11 - 2015-03-05 17:11 - 00000247 _____ () C:\Windows\system32\2015-03-05-16-11-56.083-aswFe.exe-6008.log
2015-03-05 17:08 - 2015-03-05 17:11 - 00000247 _____ () C:\Windows\system32\2015-03-05-16-08-53.075-aswFe.exe-5172.log
2015-03-05 17:08 - 2015-03-05 17:08 - 00000197 _____ () C:\Windows\system32\2015-03-05-16-08-48.017-AvastVBoxSVC.exe-5180.log
2015-03-05 15:27 - 2015-03-05 15:27 - 00000197 _____ () C:\Windows\system32\2015-03-05-14-27-18.047-AvastVBoxSVC.exe-4924.log
2015-03-04 22:07 - 2015-03-04 22:07 - 00006748 _____ () C:\Users\Igor\Downloads\Pinkove Zvezde - Emisija 21 - Cela Emisija.mp4.lvix
2015-03-04 21:37 - 2015-03-04 21:57 - 1074761122 _____ () C:\Users\Igor\Downloads\Pinkove Zvezde - Emisija 21 - Cela Emisija.mp4
2015-03-04 20:34 - 2015-03-04 20:39 - 00004608 _____ () C:\Users\Igor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-04 20:31 - 2015-03-04 20:31 - 00000401 _____ () C:\Users\Igor\Documents\Horror Project.mp4.lvix
2015-03-04 20:26 - 2015-03-04 20:26 - 00000197 _____ () C:\Windows\system32\2015-03-04-19-26-20.062-AvastVBoxSVC.exe-5416.log
2015-03-04 16:11 - 2015-03-04 16:11 - 00000197 _____ () C:\Windows\system32\2015-03-04-15-11-25.042-AvastVBoxSVC.exe-5304.log
2015-03-04 11:08 - 2015-03-04 11:08 - 00000197 _____ () C:\Windows\system32\2015-03-04-10-08-01.093-AvastVBoxSVC.exe-4524.log
2015-03-02 21:46 - 2015-03-02 21:46 - 00000197 _____ () C:\Windows\system32\2015-03-02-20-46-09.022-AvastVBoxSVC.exe-2564.log
2015-03-01 23:32 - 2015-03-01 23:32 - 00000197 _____ () C:\Windows\system32\2015-03-01-22-32-50.044-AvastVBoxSVC.exe-4816.log
2015-03-01 19:18 - 2015-03-01 19:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-01 19:16 - 2015-03-01 19:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Igor\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-01 17:08 - 2015-03-01 17:08 - 00000197 _____ () C:\Windows\system32\2015-03-01-16-08-28.014-AvastVBoxSVC.exe-4580.log
2015-02-28 13:59 - 2015-02-28 13:59 - 00000197 _____ () C:\Windows\system32\2015-02-28-12-59-35.095-AvastVBoxSVC.exe-4736.log
2015-02-26 14:51 - 2015-02-26 14:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-26 14:40 - 2015-02-26 14:41 - 00000197 _____ () C:\Windows\system32\2015-02-26-13-40-50.032-AvastVBoxSVC.exe-4712.log
2015-02-26 14:33 - 2015-02-26 14:38 - 00000000 ___SD () C:\ComboFix
2015-02-26 14:33 - 2015-02-26 14:33 - 00000000 ____D () C:\Windows\erdnt
2015-02-26 14:33 - 2015-02-26 14:33 - 00000000 ____D () C:\Qoobox
2015-02-26 14:33 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-26 14:33 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-26 14:33 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-26 14:33 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-26 14:33 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-26 14:33 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-26 14:33 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-26 14:33 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-26 14:20 - 2015-02-26 14:20 - 00000197 _____ () C:\Windows\system32\2015-02-26-13-20-05.040-AvastVBoxSVC.exe-2036.log
2015-02-26 14:09 - 2015-02-28 13:51 - 00003860 _____ () C:\Windows\system32\.crusader
2015-02-26 14:01 - 2015-02-26 14:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-25 18:43 - 2015-02-25 18:43 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-24 18:26 - 2015-02-24 18:27 - 00000197 _____ () C:\Windows\system32\2015-02-24-17-26-46.077-AvastVBoxSVC.exe-3848.log
2015-02-23 14:49 - 2015-02-23 14:49 - 00000197 _____ () C:\Windows\system32\2015-02-23-13-49-23.026-AvastVBoxSVC.exe-4352.log
2015-02-22 19:07 - 2015-02-22 19:07 - 00000222 _____ () C:\Users\Igor\Desktop\The Expendabros.url
2015-02-22 18:56 - 2015-02-22 18:57 - 00000000 ____D () C:\Users\Igor\AppData\Roaming\SpaceEngineers
2015-02-22 08:17 - 2015-02-22 08:17 - 00000197 _____ () C:\Windows\system32\2015-02-22-07-17-10.030-AvastVBoxSVC.exe-4676.log
2015-02-21 19:26 - 2015-03-07 22:11 - 00000000 ____D () C:\Program Files (x86)\AlllSavver
2015-02-21 19:26 - 2015-03-01 20:08 - 00000000 ____D () C:\Program Files (x86)\FindBestDeaal
2015-02-21 18:03 - 2015-02-21 18:03 - 00000000 ____D () C:\Users\Igor\AppData\Local\Steam
2015-02-21 18:01 - 2015-02-21 18:01 - 00000197 _____ () C:\Windows\system32\2015-02-21-17-01-24.051-AvastVBoxSVC.exe-3848.log
2015-02-20 11:34 - 2015-02-20 11:34 - 00000197 _____ () C:\Windows\system32\2015-02-20-10-34-52.034-AvastVBoxSVC.exe-4416.log
2015-02-18 14:29 - 2015-02-18 14:29 - 00000197 _____ () C:\Windows\system32\2015-02-18-13-29-26.048-AvastVBoxSVC.exe-5080.log
2015-02-18 12:54 - 2015-02-18 12:55 - 00000197 _____ () C:\Windows\system32\2015-02-18-11-54-57.003-AvastVBoxSVC.exe-4792.log
2015-02-18 09:47 - 2015-02-18 09:47 - 00000197 _____ () C:\Windows\system32\2015-02-18-08-47-26.085-AvastVBoxSVC.exe-4300.log
2015-02-17 17:00 - 2015-02-17 17:01 - 00000197 _____ () C:\Windows\system32\2015-02-17-16-00-45.021-AvastVBoxSVC.exe-4368.log
2015-02-16 17:24 - 2015-02-16 17:24 - 00001600 _____ () C:\Users\Igor\Desktop\Besiege_v0.03.lnk
2015-02-16 17:23 - 2015-02-16 17:23 - 00000000 ____D () C:\Games
2015-02-16 15:52 - 2015-03-01 20:08 - 00000000 ____D () C:\Program Files (x86)\Financial Times News Feed
2015-02-16 15:52 - 2015-03-01 20:08 - 00000000 ____D () C:\Program Files (x86)\CheoapMe
2015-02-16 15:12 - 2015-03-01 20:08 - 00000000 ____D () C:\Program Files (x86)\SavENeewaAppZ
2015-02-16 15:12 - 2015-02-16 15:12 - 00000000 ____D () C:\ProgramData\kpofmhbkbihcnjdcnkeibnaogbldncce
2015-02-16 09:50 - 2015-03-07 22:11 - 00000000 ____D () C:\Program Files (x86)\Iosaaver
2015-02-16 00:12 - 2015-03-07 22:11 - 00000000 ____D () C:\Program Files (x86)\ExstruASavingoss
2015-02-15 10:20 - 2015-03-01 20:08 - 00000000 ____D () C:\Program Files (x86)\RoeguLarDeaLs
2015-02-15 09:42 - 2015-02-15 09:42 - 00000197 _____ () C:\Windows\system32\2015-02-15-08-42-05.055-AvastVBoxSVC.exe-4516.log
2015-02-14 11:13 - 2015-02-14 11:13 - 00000197 _____ () C:\Windows\system32\2015-02-14-10-13-47.020-AvastVBoxSVC.exe-5124.log
2015-02-13 14:45 - 2015-02-13 14:46 - 00000197 _____ () C:\Windows\system32\2015-02-13-13-45-59.032-AvastVBoxSVC.exe-5052.log
2015-02-12 14:36 - 2015-03-08 23:33 - 00000020 _____ () C:\Users\Igor\AppData\Roaming\appdataFr3.bin
2015-02-12 13:33 - 2015-02-12 13:34 - 00000197 _____ () C:\Windows\system32\2015-02-12-12-33-54.065-AvastVBoxSVC.exe-4404.log
2015-02-12 13:30 - 2015-02-12 13:30 - 00000197 _____ () C:\Windows\system32\2015-02-12-12-30-14.070-AvastVBoxSVC.exe-2276.log
2015-02-11 14:20 - 2015-02-11 14:20 - 00000197 _____ () C:\Windows\system32\2015-02-11-13-20-26.083-AvastVBoxSVC.exe-5132.log
2015-02-10 15:36 - 2015-02-10 15:36 - 00000197 _____ () C:\Windows\system32\2015-02-10-14-36-23.041-AvastVBoxSVC.exe-5072.log
2015-02-08 10:06 - 2015-02-08 10:06 - 00000197 _____ () C:\Windows\system32\2015-02-08-09-06-45.093-AvastVBoxSVC.exe-5156.log
2015-02-08 09:09 - 2015-02-08 09:09 - 00000197 _____ () C:\Windows\system32\2015-02-08-08-09-47.022-AvastVBoxSVC.exe-5536.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-10 15:04 - 2014-08-31 11:24 - 00000000 ____D () C:\Users\Igor\AppData\Roaming\Skype
2015-03-10 14:55 - 2014-08-31 16:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 14:49 - 2014-09-01 00:49 - 01367606 _____ () C:\Windows\WindowsUpdate.log
2015-03-10 14:40 - 2014-09-05 12:45 - 00000000 ____D () C:\Users\Igor\AppData\Roaming\uTorrent
2015-03-10 14:34 - 2014-08-31 16:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-10 14:34 - 2014-08-31 10:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-10 14:34 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-10 14:34 - 2009-07-14 05:51 - 00100688 _____ () C:\Windows\setupact.log
2015-03-09 23:16 - 2014-10-07 19:47 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-09 23:12 - 2014-11-22 09:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-09 23:11 - 2014-11-22 09:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-09 23:07 - 2014-12-14 18:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-09 15:40 - 2014-08-31 15:54 - 00000000 ____D () C:\Users\Igor
2015-03-09 15:39 - 2010-11-21 04:47 - 00478998 _____ () C:\Windows\PFRO.log
2015-03-09 13:54 - 2014-08-31 10:56 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-09 13:54 - 2014-08-31 10:56 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-09 13:54 - 2014-08-31 10:38 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-09 13:54 - 2014-08-31 10:38 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-09 13:54 - 2014-08-31 10:38 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-09 13:54 - 2014-08-31 10:38 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-09 13:54 - 2014-08-31 10:38 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-09 13:53 - 2014-08-31 10:38 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-08 23:37 - 2009-07-14 05:45 - 00020832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 23:37 - 2009-07-14 05:45 - 00020832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 08:27 - 2014-12-04 13:12 - 00000000 ____D () C:\Users\Igor\GameMaker 8.1
2015-03-08 08:27 - 2014-08-31 11:46 - 00000000 ____D () C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-03-08 08:27 - 2014-08-31 11:31 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-07 19:46 - 2015-01-06 16:58 - 00000000 ____D () C:\Users\Igor\AppData\Roaming\HandBrake
2015-03-07 19:44 - 2014-08-31 16:28 - 00000000 ____D () C:\Users\Igor\AppData\Roaming\vlc
2015-03-06 16:00 - 2014-11-30 14:39 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2015-03-06 06:51 - 2014-09-02 17:45 - 00000000 ____D () C:\Users\Igor\AppData\Local\CrashDumps
2015-03-05 18:14 - 2014-09-26 14:08 - 00000000 ___RD () C:\Users\Igor\Desktop\fusion of confusion
2015-03-04 23:06 - 2015-02-07 23:37 - 00000000 ____D () C:\Program Files (x86)\ToolSupport
2015-03-04 20:34 - 2014-10-09 21:00 - 00000000 ____D () C:\Users\Igor\Downloads\Poltergeist (1982) [1080p]
2015-03-04 20:33 - 2014-10-25 18:06 - 00000000 ____D () C:\Users\Igor\Downloads\The Fog (1980)
2015-03-04 20:27 - 2014-11-01 09:15 - 00000000 ____D () C:\Users\Public\Documents\Lightworks
2015-03-04 13:16 - 2015-01-14 20:24 - 00000000 ____D () C:\Users\Igor\Desktop\New folder (3)
2015-02-28 13:51 - 2015-02-07 23:39 - 00000000 ____D () C:\ProgramData\{6a9fcfac-85af-ff5e-6a9f-fcfac85a3eb2}
2015-02-28 13:51 - 2015-02-07 23:36 - 00000000 ____D () C:\ProgramData\{3e7e58b9-27cc-4c04-3e7e-e58b927c62e4}
2015-02-28 13:51 - 2015-02-07 23:36 - 00000000 ____D () C:\ProgramData\{1b9592e9-62da-a800-1b95-592e962d4ba5}
2015-02-26 14:41 - 2014-08-31 11:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-26 14:41 - 2014-08-31 11:24 - 00000000 ____D () C:\ProgramData\Skype
2015-02-26 14:09 - 2015-02-07 23:37 - 00000000 ____D () C:\Program Files (x86)\uunisaLes
2015-02-22 09:01 - 2015-01-14 21:59 - 00003334 _____ () C:\Users\Igor\Desktop\x360ce.ini
2015-02-22 08:44 - 2014-11-02 11:24 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-21 19:26 - 2015-02-07 23:37 - 00000000 ____D () C:\ProgramData\16636727094880123102
2015-02-20 16:33 - 2014-08-31 10:40 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 11:21 - 2009-07-14 06:13 - 00779724 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 20:38 - 2014-12-14 16:52 - 00000000 ____D () C:\Program Files (x86)\Adobe
 
==================== Files in the root of some directories =======
 
2015-02-12 14:36 - 2015-03-08 23:33 - 0000020 _____ () C:\Users\Igor\AppData\Roaming\appdataFr3.bin
2015-03-04 20:34 - 2015-03-04 20:39 - 0004608 _____ () C:\Users\Igor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-04 22:06 - 2014-11-04 22:06 - 0000000 _____ () C:\Users\Igor\AppData\Local\{BB33B456-FC6B-48FB-9662-1A42FAF61B61}
2014-10-04 14:03 - 2014-10-04 14:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Igor\AppData\Local\Temp\HitmanPro.exe
C:\Users\Igor\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Igor\AppData\Local\Temp\_is32F1.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-05 21:54
 
==================== End Of Log ============================

  • 0

#6
Beban96
Posted 10 March 2015 - 08:32 AM

Beban96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2015 01
Ran by Igor at 2015-03-10 15:17:02
Running from C:\Users\Igor\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3363385342-2374591123-549723091-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.19.2 - Mirillis)
Adobe Dreamweaver CS3 (HKLM-x32\...\Adobe_435a6af7459cb02a9c1138113a26e93) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AlllSavver (HKLM-x32\...\{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62}) (Version:  - "") <==== ATTENTION
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2214 - AVAST Software)
Avast License by ZeNiX [2012-03-14] (HKLM-x32\...\Avast_2050_ZeNiX [2012-03-14]_is1) (Version:  - )
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.3.0.885 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Camtasia Studio 8 (HKLM-x32\...\{765AD29A-7EF5-4456-8F6F-83467E52AB52}) (Version: 8.4.3.1792 - TechSmith Corporation)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Electronic Piano 2.5 (HKLM-x32\...\Electronic Piano 2.5_is1) (Version:  - Maurício Antunes Oliveira)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
HF pAppLoc version 1.0 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.0 - Inquisitor)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3114 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.0.1.0 - Lightworks)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version:  - Kojima Productions)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
NVIDIA GeForce Experience 2.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.0 - Power Software Ltd)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0030 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.27030 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.14 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
StarCraft II - Heart of the Swarm v2.0.7 (HKLM-x32\...\StarCraft II - Heart of the Swarm_is1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Expendabros (HKLM-x32\...\Steam App 312990) (Version:  - Free Lives)
Tunngle version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wolfenstein - The New Order (HKLM-x32\...\Wolfenstein - The New Order_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
YTD Video Downloader 4.8.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.9 - GreenTree Applications SRL) <==== ATTENTION
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3363385342-2374591123-549723091-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Igor\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
 
==================== Restore Points  =========================
 
08-03-2015 13:59:23 Scheduled Checkpoint
09-03-2015 13:51:47 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2014-10-18 15:43 - 00001148 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1C75CC82-FF26-49A2-AF89-FD36F621B157} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-09] (Avast Software s.r.o.)
Task: {52DD73AD-38AC-4584-91DD-CB81F531E277} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {595044DA-BD3F-4E9A-95C6-CE4069F4D85F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {A8E2BCC4-0216-471D-9617-89590D698210} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-05-09] (Realtek Semiconductor)
Task: {AA08E43B-502E-4872-BC0D-EDF580D55C08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-31] (Google Inc.)
Task: {B43CB531-EAA4-4AA0-B399-BE62D8AFB97B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-31] (Google Inc.)
Task: {CFAD73CC-FA71-4BA3-B5AB-E32B508515DC} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.c...ard&#38;lang=en
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeF--new-window http:/toolbar.avg.com/
 
==================== Loaded Modules (whitelisted) ==============
 
2014-09-13 13:52 - 2014-07-02 21:48 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-01-15 15:49 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-31 16:11 - 2013-06-04 04:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-30 14:39 - 2015-03-06 16:00 - 02503704 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2014-09-22 14:20 - 2014-09-22 14:20 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-03-06 16:00 - 2015-03-06 16:00 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
2015-03-09 13:54 - 2015-03-09 13:54 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-09 13:54 - 2015-03-09 13:54 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-09 23:08 - 2015-03-09 23:08 - 02920960 _____ () C:\Program Files\AVAST Software\Avast\defs\15030901\algo.dll
2015-03-10 14:35 - 2015-03-10 14:35 - 02920960 _____ () C:\Program Files\AVAST Software\Avast\defs\15031000\algo.dll
2014-09-13 13:52 - 2014-07-02 21:48 - 00013272 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-03-09 13:54 - 2015-03-09 13:54 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-06 16:00 - 2015-03-06 16:00 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\log4cplusU.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-09 13:54 - 2015-03-09 13:54 - 01359872 _____ () C:\Program Files\AVAST Software\Avast\libglesv2.dll
2015-03-09 13:54 - 2015-03-09 13:54 - 00212992 _____ () C:\Program Files\AVAST Software\Avast\libegl.dll
2014-08-31 16:03 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3363385342-2374591123-549723091-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: uTorrent => "C:\Users\Igor\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3363385342-2374591123-549723091-500 - Administrator - Disabled)
Guest (S-1-5-21-3363385342-2374591123-549723091-501 - Limited - Disabled)
Igor (S-1-5-21-3363385342-2374591123-549723091-1000 - Administrator - Enabled) => C:\Users\Igor
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/10/2015 02:34:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/10/2015 02:34:00 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (03/09/2015 09:29:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/09/2015 09:28:48 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (03/09/2015 03:41:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/09/2015 03:40:15 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (03/09/2015 01:58:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/09/2015 01:57:32 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (03/09/2015 01:50:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/09/2015 01:49:05 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
 
System errors:
=============
Error: (03/10/2015 02:34:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ToolSupport service to connect.
 
Error: (03/09/2015 09:29:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ToolSupport service to connect.
 
Error: (03/09/2015 05:15:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {49BD2028-1523-11D1-AD79-00C04FD8FDFF}
 
Error: (03/09/2015 05:15:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (03/09/2015 05:15:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}
 
Error: (03/09/2015 03:40:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ToolSupport service to connect.
 
Error: (03/09/2015 03:40:11 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000019 (0x0000000000000020, 0xfffffa800a9044e0, 0xfffffa800a904500, 0x0000000004020005)C:\Windows\MEMORY.DMP
 
Error: (03/09/2015 03:40:11 PM) (Source: BugCheck) (EventID: 1005) (User: )
Description: 
 
Error: (03/09/2015 03:40:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:36:19 PM on ‎3/‎9/‎2015 was unexpected.
 
Error: (03/09/2015 01:58:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ToolSupport service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (03/10/2015 02:34:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/10/2015 02:34:00 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (03/09/2015 09:29:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/09/2015 09:28:48 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (03/09/2015 03:41:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/09/2015 03:40:15 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (03/09/2015 01:58:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/09/2015 01:57:32 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (03/09/2015 01:50:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/09/2015 01:49:05 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 26%
Total physical RAM: 6029.69 MB
Available physical RAM: 4437.36 MB
Total Pagefile: 12057.57 MB
Available Pagefile: 10335.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:439.36 GB) (Free:215.73 GB) NTFS
Drive d: () (Fixed) (Total:492.06 GB) (Free:316.48 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2BFB4DC8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=439.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=492.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#7
Biscuithd
Posted 11 March 2015 - 06:49 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hello,
 
Sorry that this took so long, but there was much in your scans to research. Let be clear up front, your issue are directly caused by your use of Peer to Peer programs and the associated infections that have bee downloaded with the games and movies that I see on your Desktop and throughout your computer.
 
Enough lecture. In this first fix we will remove everything that I saw in that scan. Frankly, I didn't see the infection that usually causes your problem, but it could be hiding in one of the infections that I am removing. Let's cross our fingers. If I've missed it, don't worry, I'll get it next time.
 
What follows is my P2P warning along with the first fix. Follow the instructions and take a few moments to test the machine and let me know how it looks (i.e. are the Chrome *32 gone?) and post back the fix log too.
 
warning.gif P2P warning!

  •   uTorrent     

P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected. There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

I Please uninstall the indicated program. To do so:

 

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for previously mentioned program(s), right-click the entry and click Uninstall.

FRST.gif Fix with Farbar Recovery Scan Tool



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
CreateRestorePoint:

CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKU\S-1-5-21-3363385342-2374591123-549723091-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={8CBFE59E-C5BD-4E7D-9929-5D1AB5361AC0}&mid=9249a77a673547d2b913856e58e0f47d-59648bc3688073c2f87776a4aa764f5c1ada1f46&lang=en&ds=px011&coid=avgtbdispx&cmpid=&pr=sa&d=2014-11-30 14:39:20&v=18.3.0.885&pid=safeguard&sg=&sap=hp

SearchScopes: HKU\S-1-5-21-3363385342-2374591123-549723091-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={8CBFE59E-C5BD-4E7D-9929-5D1AB5361AC0}&mid=9249a77a673547d2b913856e58e0f47d-59648bc3688073c2f87776a4aa764f5c1ada1f46&lang=en&ds=px011&coid=avgtbdispx&cmpid=&pr=sa&d=2014-11-30 14:39:20&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}

BHO: Iosaaver -> {4796ee63-e948-4487-b7d0-2be2e9b61079} -> C:\Program Files (x86)\Iosaaver\6sglP68o9BJ9WO.x64.dll No File

BHO: ExstruASavingoss -> {77e6e736-2c47-4764-81ba-d79a3ff85b0f} -> C:\Program Files (x86)\ExstruASavingoss\dUSWuWPa7Fk2hu.x64.dll No File

BHO-x32: Iosaaver -> {4796ee63-e948-4487-b7d0-2be2e9b61079} -> C:\Program Files (x86)\Iosaaver\6sglP68o9BJ9WO.dll No File

BHO-x32: ExstruASavingoss -> {77e6e736-2c47-4764-81ba-d79a3ff85b0f} -> C:\Program Files (x86)\ExstruASavingoss\dUSWuWPa7Fk2hu.dll No File

Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

Toolbar: HKU\S-1-5-21-3363385342-2374591123-549723091-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

CHR dev: Chrome dev build detected! <======= ATTENTION

S2 1f7a5585; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\ToolSupport\ToolSupport.dll",serv

2015-02-12 14:36 - 2015-03-08 23:33 - 0000020 _____ () C:\Users\Igor\AppData\Roaming\appdataFr3.bin

2015-03-04 20:34 - 2015-03-04 20:39 - 0004608 _____ () C:\Users\Igor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-11-04 22:06 - 2014-11-04 22:06 - 0000000 _____ () C:\Users\Igor\AppData\Local\{BB33B456-FC6B-48FB-9662-1A42FAF61B61}

2014-10-04 14:03 - 2014-10-04 14:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2015-02-21 19:26 - 2015-03-07 22:11 - 00000000 ____D () C:\Program Files (x86)\AlllSavver

2015-02-21 19:26 - 2015-03-01 20:08 - 00000000 ____D () C:\Program Files (x86)\FindBestDeaal

Emptytemp:



end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!


  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 

 

Also, rerun FRST as you originally did and post the fresh scan.


  • 0

#8
Beban96
Posted 11 March 2015 - 08:19 AM

Beban96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Okay, here are the files:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Igor at 2015-03-11 15:10:56 Run:1
Running from C:\Users\Igor\Downloads
Loaded Profiles: Igor (Available profiles: Igor)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CreateRestorePoint:
 
CloseProcesses:
 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
 
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
HKU\S-1-5-21-3363385342-2374591123-549723091-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={8CBFE59E-C5BD-4E7D-9929-5D1AB5361AC0}&mid=9249a77a673547d2b913856e58e0f47d-59648bc3688073c2f87776a4aa764f5c1ada1f46&lang=en&ds=px011&coid=avgtbdispx&cmpid=&pr=sa&d=2014-11-30 14:39:20&v=18.3.0.885&pid=safeguard&sg=&sap=hp
 
SearchScopes: HKU\S-1-5-21-3363385342-2374591123-549723091-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={8CBFE59E-C5BD-4E7D-9929-5D1AB5361AC0}&mid=9249a77a673547d2b913856e58e0f47d-59648bc3688073c2f87776a4aa764f5c1ada1f46&lang=en&ds=px011&coid=avgtbdispx&cmpid=&pr=sa&d=2014-11-30 14:39:20&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
 
BHO: Iosaaver -> {4796ee63-e948-4487-b7d0-2be2e9b61079} -> C:\Program Files (x86)\Iosaaver\6sglP68o9BJ9WO.x64.dll No File
 
BHO: ExstruASavingoss -> {77e6e736-2c47-4764-81ba-d79a3ff85b0f} -> C:\Program Files (x86)\ExstruASavingoss\dUSWuWPa7Fk2hu.x64.dll No File
 
BHO-x32: Iosaaver -> {4796ee63-e948-4487-b7d0-2be2e9b61079} -> C:\Program Files (x86)\Iosaaver\6sglP68o9BJ9WO.dll No File
 
BHO-x32: ExstruASavingoss -> {77e6e736-2c47-4764-81ba-d79a3ff85b0f} -> C:\Program Files (x86)\ExstruASavingoss\dUSWuWPa7Fk2hu.dll No File
 
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
 
Toolbar: HKU\S-1-5-21-3363385342-2374591123-549723091-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
 
FF Plugin: @microsoft.com/GENUINE -> disabled No File
 
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
 
CHR dev: Chrome dev build detected! <======= ATTENTION
 
S2 1f7a5585; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\ToolSupport\ToolSupport.dll",serv
 
2015-02-12 14:36 - 2015-03-08 23:33 - 0000020 _____ () C:\Users\Igor\AppData\Roaming\appdataFr3.bin
 
2015-03-04 20:34 - 2015-03-04 20:39 - 0004608 _____ () C:\Users\Igor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
2014-11-04 22:06 - 2014-11-04 22:06 - 0000000 _____ () C:\Users\Igor\AppData\Local\{BB33B456-FC6B-48FB-9662-1A42FAF61B61}
 
2014-10-04 14:03 - 2014-10-04 14:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
2015-02-21 19:26 - 2015-03-07 22:11 - 00000000 ____D () C:\Program Files (x86)\AlllSavver
 
2015-02-21 19:26 - 2015-03-01 20:08 - 00000000 ____D () C:\Program Files (x86)\FindBestDeaal
 
Emptytemp:
 
 
 
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-3363385342-2374591123-549723091-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKU\S-1-5-21-3363385342-2374591123-549723091-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4796ee63-e948-4487-b7d0-2be2e9b61079}" => Key deleted successfully.
"HKCR\CLSID\{4796ee63-e948-4487-b7d0-2be2e9b61079}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77e6e736-2c47-4764-81ba-d79a3ff85b0f}" => Key deleted successfully.
"HKCR\CLSID\{77e6e736-2c47-4764-81ba-d79a3ff85b0f}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4796ee63-e948-4487-b7d0-2be2e9b61079}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{4796ee63-e948-4487-b7d0-2be2e9b61079}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77e6e736-2c47-4764-81ba-d79a3ff85b0f}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{77e6e736-2c47-4764-81ba-d79a3ff85b0f}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found. 
HKU\S-1-5-21-3363385342-2374591123-549723091-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
1f7a5585 => Service deleted successfully.
C:\Users\Igor\AppData\Roaming\appdataFr3.bin => Moved successfully.
C:\Users\Igor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Users\Igor\AppData\Local\{BB33B456-FC6B-48FB-9662-1A42FAF61B61} => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\Program Files (x86)\AlllSavver => Moved successfully.
C:\Program Files (x86)\FindBestDeaal => Moved successfully.
EmptyTemp: => Removed 774.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 15:11:52 ====

  • 0

#9
Beban96
Posted 11 March 2015 - 08:20 AM

Beban96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Igor (administrator) on IGOR-PC on 11-03-2015 15:19:38
Running from C:\Users\Igor\Downloads
Loaded Profiles: Igor (Available profiles: Igor)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531984 2015-01-07] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-10] (Avast Software s.r.o.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2014-08-31] (Intel Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2503704 2015-03-06] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3363385342-2374591123-549723091-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3363385342-2374591123-549723091-1000\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-3363385342-2374591123-549723091-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-3363385342-2374591123-549723091-1000\...\MountPoints2: {1564bcc3-3169-11e4-8e99-806e6f6e6963} - E:\AsInsWiz.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-09] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-09] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-09] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-06] (AVG Secure Search)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-09] (Oracle Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-06] (AVG Secure Search)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-03-06] (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-09] (Oracle Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-31]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> https://www.google.rs/
CHR StartupUrls: Default -> "https://www.google.rs/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-31]
CHR Extension: (Google Drive) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-31]
CHR Extension: (YouTube) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-31]
CHR Extension: (Google Search) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-31]
CHR Extension: (Heroes & Generals) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2015-01-29]
CHR Extension: (Avast Online Security) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-31]
CHR Extension: (ClipConverter) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\njjjgjlocdhecpgdcfjblcnfebfnmhpp [2015-03-05]
CHR Extension: (Google Wallet) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-31]
CHR Extension: (Gmail) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-09] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-09] (Avast Software)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-12-14] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-07] (NVIDIA Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2015-01-07] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19822736 2015-01-07] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-22] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
R2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-03-06] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-09] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-09] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-09] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-09] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-09] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-09] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-14] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-07] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-09] (Avast Software)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-11 15:15 - 2015-03-11 15:15 - 00000020 _____ () C:\Users\Igor\AppData\Roaming\appdataFr3.bin
2015-03-11 15:09 - 2015-03-11 15:09 - 00000000 ____D () C:\Users\Igor\Downloads\FRST-OlderVersion
2015-03-10 15:17 - 2015-03-10 15:17 - 00023628 _____ () C:\Users\Igor\Downloads\Addition.txt
2015-03-10 15:16 - 2015-03-11 15:19 - 00018983 _____ () C:\Users\Igor\Downloads\FRST.txt
2015-03-09 15:26 - 2015-03-09 15:27 - 00000240 _____ () C:\Users\Igor\Downloads\Search.txt
2015-03-09 15:25 - 2015-03-11 15:19 - 00000000 ____D () C:\FRST
2015-03-09 14:38 - 2015-03-11 15:09 - 02095616 _____ (Farbar) C:\Users\Igor\Downloads\FRST64.exe
2015-03-09 14:33 - 2015-03-11 15:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 14:20 - 2015-03-09 14:20 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-09 14:20 - 2015-03-09 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-09 14:20 - 2015-03-09 14:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-09 14:20 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-09 14:20 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-09 14:20 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-09 13:54 - 2015-03-09 13:54 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-09 13:54 - 2015-03-09 13:54 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-09 13:51 - 2015-03-09 13:51 - 00000197 _____ () C:\Windows\system32\2015-03-09-12-51-21.052-AvastVBoxSVC.exe-5040.log
2015-03-08 10:28 - 2015-03-08 10:28 - 00000247 _____ () C:\Windows\system32\2015-03-08-09-28-35.036-aswFe.exe-3520.log
2015-03-08 10:25 - 2015-03-08 10:28 - 00000247 _____ () C:\Windows\system32\2015-03-08-09-25-21.003-aswFe.exe-168.log
2015-03-08 10:25 - 2015-03-08 10:25 - 00000197 _____ () C:\Windows\system32\2015-03-08-09-25-14.085-AvastVBoxSVC.exe-6636.log
2015-03-08 08:19 - 2015-03-08 08:19 - 00000197 _____ () C:\Windows\system32\2015-03-08-07-19-37.050-AvastVBoxSVC.exe-4060.log
2015-03-08 08:18 - 2015-03-09 15:40 - 686623985 _____ () C:\Windows\MEMORY.DMP
2015-03-08 08:18 - 2015-03-09 15:40 - 00000000 ____D () C:\Windows\Minidump
2015-03-07 12:05 - 2015-03-07 15:57 - 00000828 _____ () C:\Users\Igor\Desktop\Handbrake.lnk
2015-03-07 12:05 - 2015-03-07 12:06 - 00000000 ____D () C:\Program Files\Handbrake
2015-03-07 12:05 - 2015-03-07 12:05 - 00000000 ____D () C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2015-03-07 11:39 - 2015-03-07 11:39 - 16724942 _____ () C:\Users\Igor\Downloads\HandBrake-0.10.0-x86_64-Win_GUI.exe
2015-03-06 19:32 - 2015-03-06 19:32 - 00508424 _____ () C:\Users\Igor\Desktop\Untitled2.camproj
2015-03-06 14:20 - 2015-03-07 19:44 - 00515918 _____ () C:\Users\Igor\Desktop\Untitled.camproj
2015-03-06 13:30 - 2015-03-06 13:30 - 00006748 _____ () C:\Users\Igor\Desktop\Pinkove Zvezde - Emisija 21 - Cela Emisija.mp4.lvix
2015-03-06 13:30 - 2015-03-06 13:30 - 00005072 _____ () C:\Users\Igor\Desktop\Pinkove Zvezde - Emisija 21 - Cela Emisija(1).mp4.lvix
2015-03-06 13:29 - 2015-03-06 13:29 - 00001265 _____ () C:\Users\Igor\Desktop\Edit #1(1).mp4.lvix
2015-03-06 13:29 - 2015-03-06 13:29 - 00001256 _____ () C:\Users\Igor\Desktop\Edit #1.mp4.lvix
2015-03-06 13:29 - 2015-03-06 13:29 - 00000256 _____ () C:\Users\Igor\Desktop\Pinkove Zvezde - Emisija 21 - Cela Emisija (1).mov.lvix
2015-03-06 11:05 - 2015-03-06 11:46 - 1559996601 _____ () C:\Users\Igor\Desktop\Pinkove Zvezde - Emisija 21 - Cela Emisija (1).mov
2015-03-06 11:00 - 2015-03-06 11:00 - 00000197 _____ () C:\Windows\system32\2015-03-06-10-00-18.049-AvastVBoxSVC.exe-4852.log
2015-03-05 23:44 - 2015-03-05 23:48 - 00861120 _____ () C:\Users\Igor\Downloads\Pinkove Zvezde - Emisija 21 - Cela Emisija (2).mp4
2015-03-05 23:43 - 2015-03-05 21:42 - 1560007462 _____ () C:\Users\Igor\Desktop\Pinkove Zvezde - Emisija 21 - Cela Emisija(1).mp4
2015-03-05 23:33 - 2015-03-05 23:33 - 00019709 _____ () C:\Users\Igor\Desktop\clipconverter_132.crx
2015-03-05 23:23 - 2015-03-05 23:30 - 05394240 _____ () C:\Users\Igor\Downloads\Pinkove Zvezde - Emisija 21 - Cela Emisija.mov
2015-03-05 21:17 - 2015-03-04 21:57 - 1074761122 _____ () C:\Users\Igor\Desktop\Pinkove Zvezde - Emisija 21 - Cela Emisija.mp4
2015-03-05 21:15 - 2015-03-05 21:15 - 00000000 ____D () C:\Users\Igor\AppData\Roaming\Thinstall
2015-03-05 21:15 - 2015-03-05 21:15 - 00000000 ____D () C:\Users\Igor\AppData\Local\Thinstall
2015-03-05 21:11 - 2015-03-05 21:11 - 00006336 _____ () C:\Users\Igor\Downloads\[kickass.to]orbit.downloader.4.0.0.6.final.portable.torrent
2015-03-05 21:11 - 2015-03-05 21:11 - 00000000 ____D () C:\Users\Igor\Downloads\Orbit Downloader 4.0.0.6 Final Portable
2015-03-05 20:58 - 2015-03-05 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2015-03-05 20:58 - 2015-03-05 20:58 - 00000000 ____D () C:\Program Files (x86)\GreenTree Applications
2015-03-05 20:55 - 2015-03-05 20:56 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2015-03-05 20:51 - 2015-03-05 20:52 - 00000000 ____D () C:\Users\Igor\Downloads\YouTube Downloader Pro YTD 4.8.1.0 Final (2-click run)(Registered)
2015-03-05 20:51 - 2015-03-05 20:51 - 00001921 _____ () C:\Users\Igor\Downloads\[kickass.to]youtube.downloader.pro.ytd.4.8.1.0.final.2.click.run.registered.torrent
2015-03-05 20:41 - 2015-03-08 08:24 - 00000000 ____D () C:\2-click run
2015-03-05 17:11 - 2015-03-05 17:11 - 00000247 _____ () C:\Windows\system32\2015-03-05-16-11-56.083-aswFe.exe-6008.log
2015-03-05 17:08 - 2015-03-05 17:11 - 00000247 _____ () C:\Windows\system32\2015-03-05-16-08-53.075-aswFe.exe-5172.log
2015-03-05 17:08 - 2015-03-05 17:08 - 00000197 _____ () C:\Windows\system32\2015-03-05-16-08-48.017-AvastVBoxSVC.exe-5180.log
2015-03-05 15:27 - 2015-03-05 15:27 - 00000197 _____ () C:\Windows\system32\2015-03-05-14-27-18.047-AvastVBoxSVC.exe-4924.log
2015-03-04 22:07 - 2015-03-04 22:07 - 00006748 _____ () C:\Users\Igor\Downloads\Pinkove Zvezde - Emisija 21 - Cela Emisija.mp4.lvix
2015-03-04 21:37 - 2015-03-04 21:57 - 1074761122 _____ () C:\Users\Igor\Downloads\Pinkove Zvezde - Emisija 21 - Cela Emisija.mp4
2015-03-04 20:31 - 2015-03-04 20:31 - 00000401 _____ () C:\Users\Igor\Documents\Horror Project.mp4.lvix
2015-03-04 20:26 - 2015-03-04 20:26 - 00000197 _____ () C:\Windows\system32\2015-03-04-19-26-20.062-AvastVBoxSVC.exe-5416.log
2015-03-04 16:11 - 2015-03-04 16:11 - 00000197 _____ () C:\Windows\system32\2015-03-04-15-11-25.042-AvastVBoxSVC.exe-5304.log
2015-03-04 11:08 - 2015-03-04 11:08 - 00000197 _____ () C:\Windows\system32\2015-03-04-10-08-01.093-AvastVBoxSVC.exe-4524.log
2015-03-02 21:46 - 2015-03-02 21:46 - 00000197 _____ () C:\Windows\system32\2015-03-02-20-46-09.022-AvastVBoxSVC.exe-2564.log
2015-03-01 23:32 - 2015-03-01 23:32 - 00000197 _____ () C:\Windows\system32\2015-03-01-22-32-50.044-AvastVBoxSVC.exe-4816.log
2015-03-01 19:18 - 2015-03-01 19:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-01 19:16 - 2015-03-01 19:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Igor\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-01 17:08 - 2015-03-01 17:08 - 00000197 _____ () C:\Windows\system32\2015-03-01-16-08-28.014-AvastVBoxSVC.exe-4580.log
2015-02-28 13:59 - 2015-02-28 13:59 - 00000197 _____ () C:\Windows\system32\2015-02-28-12-59-35.095-AvastVBoxSVC.exe-4736.log
2015-02-26 14:51 - 2015-02-26 14:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-26 14:40 - 2015-02-26 14:41 - 00000197 _____ () C:\Windows\system32\2015-02-26-13-40-50.032-AvastVBoxSVC.exe-4712.log
2015-02-26 14:33 - 2015-02-26 14:38 - 00000000 ___SD () C:\ComboFix
2015-02-26 14:33 - 2015-02-26 14:33 - 00000000 ____D () C:\Windows\erdnt
2015-02-26 14:33 - 2015-02-26 14:33 - 00000000 ____D () C:\Qoobox
2015-02-26 14:33 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-26 14:33 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-26 14:33 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-26 14:33 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-26 14:33 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-26 14:33 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-26 14:33 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-26 14:33 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-26 14:20 - 2015-02-26 14:20 - 00000197 _____ () C:\Windows\system32\2015-02-26-13-20-05.040-AvastVBoxSVC.exe-2036.log
2015-02-26 14:09 - 2015-02-28 13:51 - 00003860 _____ () C:\Windows\system32\.crusader
2015-02-26 14:01 - 2015-02-26 14:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-25 18:43 - 2015-02-25 18:43 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-02-24 18:26 - 2015-02-24 18:27 - 00000197 _____ () C:\Windows\system32\2015-02-24-17-26-46.077-AvastVBoxSVC.exe-3848.log
2015-02-23 14:49 - 2015-02-23 14:49 - 00000197 _____ () C:\Windows\system32\2015-02-23-13-49-23.026-AvastVBoxSVC.exe-4352.log
2015-02-22 19:07 - 2015-02-22 19:07 - 00000222 _____ () C:\Users\Igor\Desktop\The Expendabros.url
2015-02-22 18:56 - 2015-02-22 18:57 - 00000000 ____D () C:\Users\Igor\AppData\Roaming\SpaceEngineers
2015-02-22 08:17 - 2015-02-22 08:17 - 00000197 _____ () C:\Windows\system32\2015-02-22-07-17-10.030-AvastVBoxSVC.exe-4676.log
2015-02-21 18:03 - 2015-02-21 18:03 - 00000000 ____D () C:\Users\Igor\AppData\Local\Steam
2015-02-21 18:01 - 2015-02-21 18:01 - 00000197 _____ () C:\Windows\system32\2015-02-21-17-01-24.051-AvastVBoxSVC.exe-3848.log
2015-02-20 11:34 - 2015-02-20 11:34 - 00000197 _____ () C:\Windows\system32\2015-02-20-10-34-52.034-AvastVBoxSVC.exe-4416.log
2015-02-18 14:29 - 2015-02-18 14:29 - 00000197 _____ () C:\Windows\system32\2015-02-18-13-29-26.048-AvastVBoxSVC.exe-5080.log
2015-02-18 12:54 - 2015-02-18 12:55 - 00000197 _____ () C:\Windows\system32\2015-02-18-11-54-57.003-AvastVBoxSVC.exe-4792.log
2015-02-18 09:47 - 2015-02-18 09:47 - 00000197 _____ () C:\Windows\system32\2015-02-18-08-47-26.085-AvastVBoxSVC.exe-4300.log
2015-02-17 17:00 - 2015-02-17 17:01 - 00000197 _____ () C:\Windows\system32\2015-02-17-16-00-45.021-AvastVBoxSVC.exe-4368.log
2015-02-16 17:24 - 2015-02-16 17:24 - 00001600 _____ () C:\Users\Igor\Desktop\Besiege_v0.03.lnk
2015-02-16 17:23 - 2015-02-16 17:23 - 00000000 ____D () C:\Games
2015-02-16 15:52 - 2015-03-01 20:08 - 00000000 ____D () C:\Program Files (x86)\Financial Times News Feed
2015-02-16 15:52 - 2015-03-01 20:08 - 00000000 ____D () C:\Program Files (x86)\CheoapMe
2015-02-16 15:12 - 2015-03-01 20:08 - 00000000 ____D () C:\Program Files (x86)\SavENeewaAppZ
2015-02-16 15:12 - 2015-02-16 15:12 - 00000000 ____D () C:\ProgramData\kpofmhbkbihcnjdcnkeibnaogbldncce
2015-02-16 09:50 - 2015-03-07 22:11 - 00000000 ____D () C:\Program Files (x86)\Iosaaver
2015-02-16 00:12 - 2015-03-07 22:11 - 00000000 ____D () C:\Program Files (x86)\ExstruASavingoss
2015-02-15 10:20 - 2015-03-01 20:08 - 00000000 ____D () C:\Program Files (x86)\RoeguLarDeaLs
2015-02-15 09:42 - 2015-02-15 09:42 - 00000197 _____ () C:\Windows\system32\2015-02-15-08-42-05.055-AvastVBoxSVC.exe-4516.log
2015-02-14 11:13 - 2015-02-14 11:13 - 00000197 _____ () C:\Windows\system32\2015-02-14-10-13-47.020-AvastVBoxSVC.exe-5124.log
2015-02-13 14:45 - 2015-02-13 14:46 - 00000197 _____ () C:\Windows\system32\2015-02-13-13-45-59.032-AvastVBoxSVC.exe-5052.log
2015-02-12 13:33 - 2015-02-12 13:34 - 00000197 _____ () C:\Windows\system32\2015-02-12-12-33-54.065-AvastVBoxSVC.exe-4404.log
2015-02-12 13:30 - 2015-02-12 13:30 - 00000197 _____ () C:\Windows\system32\2015-02-12-12-30-14.070-AvastVBoxSVC.exe-2276.log
2015-02-11 14:20 - 2015-02-11 14:20 - 00000197 _____ () C:\Windows\system32\2015-02-11-13-20-26.083-AvastVBoxSVC.exe-5132.log
2015-02-10 15:36 - 2015-02-10 15:36 - 00000197 _____ () C:\Windows\system32\2015-02-10-14-36-23.041-AvastVBoxSVC.exe-5072.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-11 15:14 - 2014-08-31 11:24 - 00000000 ____D () C:\Users\Igor\AppData\Roaming\Skype
2015-03-11 15:13 - 2014-08-31 16:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-11 15:13 - 2009-07-14 05:51 - 00101360 _____ () C:\Windows\setupact.log
2015-03-11 15:12 - 2014-09-01 00:49 - 01379308 _____ () C:\Windows\WindowsUpdate.log
2015-03-11 15:12 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-11 15:07 - 2014-09-05 12:45 - 00000000 ____D () C:\Users\Igor\AppData\Roaming\uTorrent
2015-03-11 15:04 - 2014-08-31 10:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-10 22:54 - 2014-08-31 16:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 21:23 - 2014-12-14 18:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-09 23:16 - 2014-10-07 19:47 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-09 23:12 - 2014-11-22 09:40 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-09 23:11 - 2014-11-22 09:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-09 15:40 - 2014-08-31 15:54 - 00000000 ____D () C:\Users\Igor
2015-03-09 15:39 - 2010-11-21 04:47 - 00478998 _____ () C:\Windows\PFRO.log
2015-03-09 13:54 - 2014-08-31 10:56 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-09 13:54 - 2014-08-31 10:56 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-09 13:54 - 2014-08-31 10:38 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-09 13:54 - 2014-08-31 10:38 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-09 13:54 - 2014-08-31 10:38 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-09 13:54 - 2014-08-31 10:38 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-09 13:54 - 2014-08-31 10:38 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-09 13:53 - 2014-08-31 10:38 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-08 23:37 - 2009-07-14 05:45 - 00020832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 23:37 - 2009-07-14 05:45 - 00020832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 08:27 - 2014-12-04 13:12 - 00000000 ____D () C:\Users\Igor\GameMaker 8.1
2015-03-08 08:27 - 2014-08-31 11:46 - 00000000 ____D () C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-03-08 08:27 - 2014-08-31 11:31 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-07 19:46 - 2015-01-06 16:58 - 00000000 ____D () C:\Users\Igor\AppData\Roaming\HandBrake
2015-03-07 19:44 - 2014-08-31 16:28 - 00000000 ____D () C:\Users\Igor\AppData\Roaming\vlc
2015-03-06 16:00 - 2014-11-30 14:39 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2015-03-06 06:51 - 2014-09-02 17:45 - 00000000 ____D () C:\Users\Igor\AppData\Local\CrashDumps
2015-03-05 18:14 - 2014-09-26 14:08 - 00000000 ___RD () C:\Users\Igor\Desktop\fusion of confusion
2015-03-04 23:06 - 2015-02-07 23:37 - 00000000 ____D () C:\Program Files (x86)\ToolSupport
2015-03-04 20:34 - 2014-10-09 21:00 - 00000000 ____D () C:\Users\Igor\Downloads\Poltergeist (1982) [1080p]
2015-03-04 20:33 - 2014-10-25 18:06 - 00000000 ____D () C:\Users\Igor\Downloads\The Fog (1980)
2015-03-04 20:27 - 2014-11-01 09:15 - 00000000 ____D () C:\Users\Public\Documents\Lightworks
2015-03-04 13:16 - 2015-01-14 20:24 - 00000000 ____D () C:\Users\Igor\Desktop\New folder (3)
2015-02-28 13:51 - 2015-02-07 23:39 - 00000000 ____D () C:\ProgramData\{6a9fcfac-85af-ff5e-6a9f-fcfac85a3eb2}
2015-02-28 13:51 - 2015-02-07 23:36 - 00000000 ____D () C:\ProgramData\{3e7e58b9-27cc-4c04-3e7e-e58b927c62e4}
2015-02-28 13:51 - 2015-02-07 23:36 - 00000000 ____D () C:\ProgramData\{1b9592e9-62da-a800-1b95-592e962d4ba5}
2015-02-26 14:41 - 2014-08-31 11:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-26 14:41 - 2014-08-31 11:24 - 00000000 ____D () C:\ProgramData\Skype
2015-02-26 14:09 - 2015-02-07 23:37 - 00000000 ____D () C:\Program Files (x86)\uunisaLes
2015-02-22 09:01 - 2015-01-14 21:59 - 00003334 _____ () C:\Users\Igor\Desktop\x360ce.ini
2015-02-22 08:44 - 2014-11-02 11:24 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-21 19:26 - 2015-02-07 23:37 - 00000000 ____D () C:\ProgramData\16636727094880123102
2015-02-20 16:33 - 2014-08-31 10:40 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 11:21 - 2009-07-14 06:13 - 00779724 _____ () C:\Windows\system32\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2015-03-11 15:15 - 2015-03-11 15:15 - 0000020 _____ () C:\Users\Igor\AppData\Roaming\appdataFr3.bin
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-05 21:54
 
==================== End Of Log ============================

  • 0

#10
Biscuithd
Posted 11 March 2015 - 08:51 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

And...did the issue resolve?


  • 0

Advertisements

#11
Beban96
Posted 11 March 2015 - 09:04 AM

Beban96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Sadly, no. There are still chrome processes and Avast messages. But I am optimistic.


  • 0

#12
Biscuithd
Posted 11 March 2015 - 09:07 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

No problem. I suspected that I didn't get it. Next time will be the charm ;)


  • 0

#13
Beban96
Posted 11 March 2015 - 09:49 AM

Beban96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

:spoton:


  • 0

#14
Beban96
Posted 12 March 2015 - 09:08 AM

Beban96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

What next should I do, since I have still troubles? :)


  • 0

#15
Biscuithd
Posted 12 March 2015 - 10:45 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

What next should I do, since I have still troubles? :)

You should wait patiently for my next instructions.
 

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
Closeprocesses:
createrestorepoint:
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2503704 2015-03-06] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3363385342-2374591123-549723091-1000\...\Run: [uTorrent] => C:\Users\Igor\AppData\Roaming\uTorrent\uTorrent.exe [1677904 2015-01-26] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3363385342-2374591123-549723091-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={8CBFE59E-C5BD-4E7D-9929-5D1AB5361AC0}&mid=9249a77a673547d2b913856e58e0f47d-59648bc3688073c2f87776a4aa764f5c1ada1f46&lang=en&ds=px011&coid=avgtbdispx&cmpid=&pr=sa&d=2014-11-30 14:39:20&v=18.3.0.885&pid=safeguard&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-3363385342-2374591123-549723091-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={8CBFE59E-C5BD-4E7D-9929-5D1AB5361AC0}&mid=9249a77a673547d2b913856e58e0f47d-59648bc3688073c2f87776a4aa764f5c1ada1f46&lang=en&ds=px011&coid=avgtbdispx&cmpid=&pr=sa&d=2014-11-30 14:39:20&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: Iosaaver -> {4796ee63-e948-4487-b7d0-2be2e9b61079} -> C:\Program Files (x86)\Iosaaver\6sglP68o9BJ9WO.x64.dll No File
BHO: ExstruASavingoss -> {77e6e736-2c47-4764-81ba-d79a3ff85b0f} -> C:\Program Files (x86)\ExstruASavingoss\dUSWuWPa7Fk2hu.x64.dll No File
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-06] (AVG Secure Search)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-09] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.3.0.885\AVG SafeGuard toolbar_toolbar.dll [2015-03-06] (AVG Secure Search)
Toolbar: HKU\S-1-5-21-3363385342-2374591123-549723091-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR dev: Chrome dev build detected! <======= ATTENTION
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-03-05 20:51 - 2015-03-05 20:51 - 00001921 _____ () C:\Users\Igor\Downloads\[kickass.to]youtube.downloader.pro.ytd.4.8.1.0.final.2.click.run.registered.torrent
2015-03-05 20:41 - 2015-03-08 08:24 - 00000000 ____D () C:\2-click run
Emptytemp:
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

 

adwcleaner_new.png Scan with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.
 
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
 
Please include the contents of that file in your reply.
 
JRTbythisisu.png Fix with Junkware Removal Tool
 
Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
 
Please include the contents of that file in your reply.
 
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.

 

 

 

 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP