Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.
Trojan found - please help
Options
Comments
-
I run frst and posting you the log in the next post. I run scan twice as I deleted first log accidentally.
From the link you sent for the removal - it is 2013 and I have 2014, is it ok? Which one should I use x86 or x64?0 -
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-12-2013
Ran by Laptop (administrator) on LAPTOP-PC on 01-01-2014 21:33:07
Running from C:\Users\Laptop\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(TODO: <公司名稱>) C:\Program Files\OEM\OSD_1.2\OsdService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\Spare Messaging\MessagingApp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Mobilni Internet\ModemListener.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(The TechGuys) C:\Program Files\The TechGuys\Launch\Launch.exe
(ODM) C:\Program Files\OEM\OSD_1.2\osd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [SpareMessaging] - C:\Program Files\Spare Messaging\MessagingApp.exe [42824 2007-11-28] ()
HKLM\...\Run: [ModemListener] - C:\Program Files\Mobilni Internet\ModemListener.exe [98304 2010-07-12] ()
HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF"&"inst=NzctNjMyNzYyMjI3LVBMKzktWE8zNisxLU4xRCsxLVFJWDErNC1YMjAxMCsyLUZMMTArMS1MSUMrODgtU1AxKzEtU1AxVEIrMS1TUDFTMisxLVNVRCsxLVMxSSsxLVNVMysxLUxTRCsyLUREVCsw"&"prod=90"&"ver=10.0.1382
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [135680 2008-07-17] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-09-12] (Google Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
IFEO\avcenter.exe: [Debugger] nsjw.exe
IFEO\avguard.exe: [Debugger] nsjw.exe
IFEO\avp.exe: [Debugger] nsjw.exe
IFEO\bdagent.exe: [Debugger] nsjw.exe
IFEO\ccuac.exe: [Debugger] nsjw.exe
IFEO\ComboFix.exe: [Debugger] nsjw.exe
IFEO\egui.exe: [Debugger] nsjw.exe
IFEO\hijackthis.exe: [Debugger] nsjw.exe
IFEO\keyscrambler.exe: [Debugger] nsjw.exe
IFEO\mbam.exe: [Debugger] nsjw.exe
IFEO\MpCmdRun.exe: [Debugger] nsjw.exe
IFEO\MSASCui.exe: [Debugger] nsjw.exe
IFEO\MsMpEng.exe: [Debugger] nsjw.exe
IFEO\msseces.exe: [Debugger] nsjw.exe
IFEO\spybotsd.exe: [Debugger] nsjw.exe
IFEO\wireshark.exe: [Debugger] nsjw.exe
IFEO\zlclient.exe: [Debugger] nsjw.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {4186E915-6684-410A-A99C-66AF1C7C2FBF} URL = http://search.avg.com/?d=4e04ea29&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI_en-GBIE398
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {73848533-39E1-49F1-9363-28054268C094} https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} https://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default
FF SelectedSearchEngine: search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: The Camelizer - Amazon Price Tracker - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\Extensions\izer@camelcamelcamel.com.xpi
FF Extension: Property Bee - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\Extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (Google Wallet) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
========================== Services (Whitelisted) =================
R2 DeviceManager; C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe [40960 2010-06-17] ()
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] ()
R2 OsdService; C:\Program Files\OEM\OSD_1.2\OsdService.exe [94208 2008-02-22] (TODO: <公司名稱>)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S2 vToolbarUpdater17.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]
==================== Drivers (Whitelisted) ====================
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-10] (AVG Technologies)
R3 GpdDevDPort; C:\Windows\system32\directport.sys [7168 2008-05-21] ()
R3 GpdKbFilter; C:\Windows\system32\kbfiltr.sys [8192 2008-04-22] (Windows (R) Codename Longhorn DDK provider)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [89984 2011-01-13] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [64128 2011-01-13] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2011-01-13] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2008-12-30] (Huawei Technologies Co., Ltd.)
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2008-01-21] (Microsoft Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [103552 2010-06-17] (TCT International Mobile Ltd)
R3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [331776 2008-07-10] (Realtek Semiconductor Corporation )
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [197504 2009-07-22] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [148992 2009-07-22] (Sierra Wireless Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 swmsflt; \SystemRoot\System32\drivers\swmsflt.sys [x]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-01 21:32 - 2014-01-01 21:32 - 00000097 _____ C:\Users\Laptop\Desktop\FRST-1.txt
2014-01-01 21:21 - 2014-01-01 21:22 - 00000000 ____D C:\ProgramData\MFAData
2014-01-01 21:21 - 2014-01-01 21:21 - 00000000 ____D C:\Users\Laptop\AppData\Local\MFAData
2014-01-01 21:21 - 2014-01-01 21:21 - 00000000 ____D C:\Users\Laptop\AppData\Local\Avg2014
2014-01-01 20:48 - 2014-01-01 21:19 - 00468099 _____ C:\Users\Laptop\Desktop\avgremover.log
2014-01-01 20:32 - 2014-01-01 20:22 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Laptop\Desktop\avg_remover_stf_x86_2014_4116.exe
2014-01-01 20:32 - 2014-01-01 20:10 - 04436944 _____ (AVG Technologies) C:\Users\Laptop\Desktop\avg_free_stb_all_2014_4259_cnet.exe
2014-01-01 20:30 - 2014-01-01 20:30 - 00000795 _____ C:\Windows\setupact.log
2014-01-01 20:30 - 2014-01-01 20:30 - 00000000 _____ C:\Windows\setuperr.log
2014-01-01 18:23 - 2014-01-01 18:23 - 00000224 _____ C:\Windows\system32\idp2.cfg
2014-01-01 18:02 - 2014-01-01 21:33 - 00015169 _____ C:\Users\Laptop\Desktop\FRST.txt
2014-01-01 18:02 - 2014-01-01 18:02 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\WinRAR
2014-01-01 17:58 - 2014-01-01 17:58 - 00000000 ____D C:\FRST
2014-01-01 17:56 - 2014-01-01 17:51 - 01064333 _____ (Farbar) C:\Users\Laptop\Desktop\FRST.exe
2014-01-01 17:51 - 2014-01-01 17:51 - 01064333 _____ (Farbar) C:\Users\Laptop\Downloads\FRST.exe
2014-01-01 17:20 - 2014-01-01 17:20 - 00000512 _____ C:\Users\Laptop\Documents\MBR.dat
2014-01-01 16:23 - 2014-01-01 17:20 - 00003065 _____ C:\Users\Laptop\Documents\aswMBR.txt
2014-01-01 16:00 - 2014-01-01 16:06 - 00175754 _____ C:\Users\Laptop\Downloads\report.txt
2014-01-01 15:45 - 2014-01-01 15:45 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Laptop\Downloads\tdsskiller.exe
2014-01-01 15:42 - 2014-01-01 15:43 - 04745728 _____ (AVAST Software) C:\Users\Laptop\Downloads\aswMBR.exe
2014-01-01 10:52 - 2014-01-01 10:52 - 00146136 _____ C:\Windows\Minidump\Mini010114-01.dmp
2014-01-01 10:51 - 2014-01-01 10:51 - 139320433 _____ C:\Windows\MEMORY.DMP
2014-01-01 09:50 - 2014-01-01 09:50 - 00072696 _____ C:\Users\Laptop\Downloads\OTL-after.Txt
2014-01-01 04:52 - 2014-01-01 04:52 - 00000104 _____ C:\Users\Laptop\Desktop\Recycle Bin - Shortcut.lnk
2014-01-01 03:34 - 2014-01-01 03:34 - 00000495 _____ C:\Users\Laptop\Desktop\OTL - Shortcut.lnk
2014-01-01 03:33 - 2014-01-01 03:33 - 00000536 _____ C:\Users\Laptop\Desktop\AdwCleaner - Shortcut.lnk
2014-01-01 02:37 - 2014-01-01 02:37 - 00001564 _____ C:\Users\Laptop\Desktop\Computer.lnk
2014-01-01 02:36 - 2014-01-01 02:36 - 00000288 _____ C:\Users\Laptop\AppData\Roaming\76278BBE.reg
2014-01-01 02:13 - 2014-01-01 03:22 - 00000000 ____D C:\Users\Laptop\AppData\Local\{E223DA60-E642-818A-1CC6-4EB4FC1AB41C}
2014-01-01 00:47 - 2014-01-01 00:47 - 00010970 _____ C:\ComboFix.txt
2014-01-01 00:19 - 2014-01-01 00:47 - 00000000 ____D C:\ComboFix
2014-01-01 00:19 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-01 00:19 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-01 00:19 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-01 00:15 - 2014-01-01 00:47 - 00000000 ____D C:\Qoobox
2014-01-01 00:13 - 2014-01-01 00:45 - 00000000 ____D C:\Windows\erdnt
2014-01-01 00:02 - 2014-01-01 00:03 - 05160176 ____R (Swearware) C:\Users\Laptop\Desktop\ComboFix.exe
2013-12-31 21:42 - 2013-12-31 21:42 - 00000512 _____ C:\PhysicalMBR.bin
2013-12-31 17:36 - 2013-12-31 17:36 - 00000000 ____D C:\_OTL
2013-12-31 17:21 - 2014-01-01 09:23 - 00000000 ____D C:\AdwCleaner
2013-12-31 15:56 - 2013-12-31 15:56 - 01233962 _____ C:\Users\Laptop\Downloads\AdwCleaner.exe
2013-12-31 01:29 - 2013-12-31 01:29 - 00035056 _____ C:\Users\Laptop\Downloads\Extras.Txt
2013-12-31 01:23 - 2014-01-01 09:49 - 00072696 _____ C:\Users\Laptop\Downloads\OTL.Txt
2013-12-30 23:14 - 2013-12-30 23:14 - 00602112 _____ (OldTimer Tools) C:\Users\Laptop\Downloads\OTL.exe
2013-12-30 19:06 - 2013-12-30 19:07 - 00000000 ____D C:\Users\Laptop\AppData\Local\dumps
2013-12-30 01:01 - 2014-01-01 21:18 - 00006266 _____ C:\Windows\PFRO.log
2013-12-30 00:13 - 2013-12-30 00:13 - 00000871 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-21 01:24 - 2013-12-21 01:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 02:37 - 2013-11-14 23:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 02:37 - 2013-11-14 22:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 02:37 - 2013-11-14 22:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 02:37 - 2013-11-14 22:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 02:37 - 2013-11-14 22:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 02:37 - 2013-11-14 22:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 02:37 - 2013-11-14 22:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-12 02:37 - 2013-11-14 22:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 02:37 - 2013-11-14 22:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 02:37 - 2013-11-14 22:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-12 02:37 - 2013-11-14 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 02:37 - 2013-11-14 22:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 02:37 - 2013-11-14 22:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 02:37 - 2013-11-14 22:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-12 02:37 - 2013-11-14 22:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 02:37 - 2013-11-14 22:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 00:33 - 2013-10-30 02:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-12 00:33 - 2013-10-30 01:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 00:33 - 2013-10-30 00:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 00:32 - 2013-10-11 02:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 00:32 - 2013-10-11 02:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 00:32 - 2013-10-11 02:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-12 00:32 - 2013-10-11 00:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 00:32 - 2013-10-11 00:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 00:31 - 2013-10-30 00:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 00:30 - 2013-10-22 07:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
==================== One Month Modified Files and Folders =======
2014-01-01 21:33 - 2014-01-01 18:02 - 00015169 _____ C:\Users\Laptop\Desktop\FRST.txt
2014-01-01 21:32 - 2014-01-01 21:32 - 00000097 _____ C:\Users\Laptop\Desktop\FRST-1.txt
2014-01-01 21:25 - 2010-09-19 17:29 - 01564497 _____ C:\Windows\WindowsUpdate.log
2014-01-01 21:22 - 2014-01-01 21:21 - 00000000 ____D C:\ProgramData\MFAData
2014-01-01 21:21 - 2014-01-01 21:21 - 00000000 ____D C:\Users\Laptop\AppData\Local\MFAData
2014-01-01 21:21 - 2014-01-01 21:21 - 00000000 ____D C:\Users\Laptop\AppData\Local\Avg2014
2014-01-01 21:19 - 2014-01-01 20:48 - 00468099 _____ C:\Users\Laptop\Desktop\avgremover.log
2014-01-01 21:19 - 2006-11-02 12:47 - 00005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-01 21:19 - 2006-11-02 12:47 - 00005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-01 21:19 - 2006-11-02 12:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2014-01-01 21:18 - 2013-12-30 01:01 - 00006266 _____ C:\Windows\PFRO.log
2014-01-01 20:32 - 2006-11-02 10:33 - 00740680 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-01 20:30 - 2014-01-01 20:30 - 00000795 _____ C:\Windows\setupact.log
2014-01-01 20:30 - 2014-01-01 20:30 - 00000000 _____ C:\Windows\setuperr.log
2014-01-01 20:22 - 2014-01-01 20:32 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Laptop\Desktop\avg_remover_stf_x86_2014_4116.exe
2014-01-01 20:14 - 2010-09-19 17:33 - 00000000 ____D C:\Users\Laptop
2014-01-01 20:10 - 2014-01-01 20:32 - 04436944 _____ (AVG Technologies) C:\Users\Laptop\Desktop\avg_free_stb_all_2014_4259_cnet.exe
2014-01-01 18:23 - 2014-01-01 18:23 - 00000224 _____ C:\Windows\system32\idp2.cfg
2014-01-01 18:23 - 2006-11-02 13:01 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-01 18:23 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 18:17 - 2010-09-28 23:10 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-01 18:06 - 2012-07-18 20:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 18:02 - 2014-01-01 18:02 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\WinRAR
2014-01-01 17:58 - 2014-01-01 17:58 - 00000000 ____D C:\FRST
2014-01-01 17:51 - 2014-01-01 17:56 - 01064333 _____ (Farbar) C:\Users\Laptop\Desktop\FRST.exe
2014-01-01 17:51 - 2014-01-01 17:51 - 01064333 _____ (Farbar) C:\Users\Laptop\Downloads\FRST.exe
2014-01-01 17:20 - 2014-01-01 17:20 - 00000512 _____ C:\Users\Laptop\Documents\MBR.dat
2014-01-01 17:20 - 2014-01-01 16:23 - 00003065 _____ C:\Users\Laptop\Documents\aswMBR.txt
2014-01-01 16:06 - 2014-01-01 16:00 - 00175754 _____ C:\Users\Laptop\Downloads\report.txt
2014-01-01 15:45 - 2014-01-01 15:45 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Laptop\Downloads\tdsskiller.exe
2014-01-01 15:43 - 2014-01-01 15:42 - 04745728 _____ (AVAST Software) C:\Users\Laptop\Downloads\aswMBR.exe
2014-01-01 13:17 - 2010-09-28 23:10 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 10:52 - 2014-01-01 10:52 - 00146136 _____ C:\Windows\Minidump\Mini010114-01.dmp
2014-01-01 10:52 - 2011-02-07 01:44 - 00000000 ____D C:\Windows\Minidump
2014-01-01 10:51 - 2014-01-01 10:51 - 139320433 _____ C:\Windows\MEMORY.DMP
2014-01-01 09:50 - 2014-01-01 09:50 - 00072696 _____ C:\Users\Laptop\Downloads\OTL-after.Txt
2014-01-01 09:49 - 2013-12-31 01:23 - 00072696 _____ C:\Users\Laptop\Downloads\OTL.Txt
2014-01-01 09:23 - 2013-12-31 17:21 - 00000000 ____D C:\AdwCleaner
2014-01-01 04:52 - 2014-01-01 04:52 - 00000104 _____ C:\Users\Laptop\Desktop\Recycle Bin - Shortcut.lnk
2014-01-01 03:54 - 2010-09-27 19:21 - 00000000 ____D C:\Mirjana
2014-01-01 03:34 - 2014-01-01 03:34 - 00000495 _____ C:\Users\Laptop\Desktop\OTL - Shortcut.lnk
2014-01-01 03:33 - 2014-01-01 03:33 - 00000536 _____ C:\Users\Laptop\Desktop\AdwCleaner - Shortcut.lnk
2014-01-01 03:23 - 2013-09-25 21:34 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-01 03:22 - 2014-01-01 02:13 - 00000000 ____D C:\Users\Laptop\AppData\Local\{E223DA60-E642-818A-1CC6-4EB4FC1AB41C}
2014-01-01 03:16 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\schemas
2014-01-01 02:37 - 2014-01-01 02:37 - 00001564 _____ C:\Users\Laptop\Desktop\Computer.lnk
2014-01-01 02:36 - 2014-01-01 02:36 - 00000288 _____ C:\Users\Laptop\AppData\Roaming\76278BBE.reg
2014-01-01 00:47 - 2014-01-01 00:47 - 00010970 _____ C:\ComboFix.txt
2014-01-01 00:47 - 2014-01-01 00:19 - 00000000 ____D C:\ComboFix
2014-01-01 00:47 - 2014-01-01 00:15 - 00000000 ____D C:\Qoobox
2014-01-01 00:47 - 2006-11-02 11:18 - 00000000 ___RD C:\Users\Public
2014-01-01 00:45 - 2014-01-01 00:13 - 00000000 ____D C:\Windows\erdnt
2014-01-01 00:43 - 2006-11-02 10:23 - 00000215 _____ C:\Windows\system.ini
2014-01-01 00:03 - 2014-01-01 00:02 - 05160176 ____R (Swearware) C:\Users\Laptop\Desktop\ComboFix.exe
2013-12-31 21:42 - 2013-12-31 21:42 - 00000512 _____ C:\PhysicalMBR.bin
2013-12-31 17:36 - 2013-12-31 17:36 - 00000000 ____D C:\_OTL
2013-12-31 15:56 - 2013-12-31 15:56 - 01233962 _____ C:\Users\Laptop\Downloads\AdwCleaner.exe
2013-12-31 01:29 - 2013-12-31 01:29 - 00035056 _____ C:\Users\Laptop\Downloads\Extras.Txt
2013-12-30 23:14 - 2013-12-30 23:14 - 00602112 _____ (OldTimer Tools) C:\Users\Laptop\Downloads\OTL.exe
2013-12-30 21:41 - 2011-12-26 20:41 - 00000742 _____ C:\Users\Laptop\Desktop\pesme.txt
2013-12-30 19:07 - 2013-12-30 19:06 - 00000000 ____D C:\Users\Laptop\AppData\Local\dumps
2013-12-30 02:27 - 2006-11-02 12:37 - 00000000 ____D C:\Windows\twain_32
2013-12-30 00:13 - 2013-12-30 00:13 - 00000871 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-30 00:13 - 2010-11-21 01:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-21 15:43 - 2012-04-26 20:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-21 01:26 - 2013-12-21 01:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 21:41 - 2013-05-05 22:44 - 00000000 ___RD C:\Program Files\Skype
2013-12-12 02:47 - 2006-11-02 10:23 - 00000240 _____ C:\Windows\win.ini
2013-12-12 02:44 - 2013-07-14 01:33 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 02:40 - 2006-11-02 10:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-10 22:10 - 2012-07-18 20:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-10 22:10 - 2011-05-21 16:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 10:22 - 2008-09-12 17:29 - 00000000 ____D C:\Program Files\Google
2013-12-05 21:37 - 2011-12-27 00:21 - 00001936 _____ C:\Users\Public\Desktop\Google Chrome.lnk
Files to move or delete:
====================
C:\Users\Laptop\avgremover.exe
C:\Users\Laptop\avg_free_x86_all_2011_1120a3152.exe
C:\Users\Laptop\ccsetup236.exe
C:\Users\Laptop\mbam-setup-1.46.exe
C:\Users\Laptop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
C:\Users\Laptop\SkypeSetupFull.exe
C:\Users\Laptop\winzip145.exe
C:\Users\Laptop\word2007-kb974631-fullfile-x86-glb.exe
Some content of TEMP:
====================
C:\Users\Laptop\AppData\Local\temp\008e3d40.exe
C:\Users\Laptop\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-01 21:27
==================== End Of Log ============================0 -
remove what was in that fixlist.txt that i gave you before and put this in instead
IFEO\avcenter.exe: [Debugger] nsjw.exe
IFEO\avguard.exe: [Debugger] nsjw.exe
IFEO\avp.exe: [Debugger] nsjw.exe
IFEO\bdagent.exe: [Debugger] nsjw.exe
IFEO\ccuac.exe: [Debugger] nsjw.exe
IFEO\ComboFix.exe: [Debugger] nsjw.exe
IFEO\egui.exe: [Debugger] nsjw.exe
IFEO\hijackthis.exe: [Debugger] nsjw.exe
IFEO\keyscrambler.exe: [Debugger] nsjw.exe
IFEO\mbam.exe: [Debugger] nsjw.exe
IFEO\MpCmdRun.exe: [Debugger] nsjw.exe
IFEO\MSASCui.exe: [Debugger] nsjw.exe
IFEO\MsMpEng.exe: [Debugger] nsjw.exe
IFEO\msseces.exe: [Debugger] nsjw.exe
IFEO\spybotsd.exe: [Debugger] nsjw.exe
IFEO\wireshark.exe: [Debugger] nsjw.exe
IFEO\zlclient.exe: [Debugger] nsjw.exe
C:\Users\Laptop\AppData\Local\temp\008e3d40.exe
C:\Users\Laptop\AppData\Local\temp\Quarantine.exe
save it, then drag it into frst like before, post the log it gives.0 -
I have already run "my" removal before you posted
. I'll wait for you to tell me should I install AVG now again and how to do it? 0 -
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-12-2013
Ran by Laptop at 2014-01-01 22:23:01 Run:2
Running from C:\Users\Laptop\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
IFEO\avcenter.exe: [Debugger] nsjw.exe
IFEO\avguard.exe: [Debugger] nsjw.exe
IFEO\avp.exe: [Debugger] nsjw.exe
IFEO\bdagent.exe: [Debugger] nsjw.exe
IFEO\ccuac.exe: [Debugger] nsjw.exe
IFEO\ComboFix.exe: [Debugger] nsjw.exe
IFEO\egui.exe: [Debugger] nsjw.exe
IFEO\hijackthis.exe: [Debugger] nsjw.exe
IFEO\keyscrambler.exe: [Debugger] nsjw.exe
IFEO\mbam.exe: [Debugger] nsjw.exe
IFEO\MpCmdRun.exe: [Debugger] nsjw.exe
IFEO\MSASCui.exe: [Debugger] nsjw.exe
IFEO\MsMpEng.exe: [Debugger] nsjw.exe
IFEO\msseces.exe: [Debugger] nsjw.exe
IFEO\spybotsd.exe: [Debugger] nsjw.exe
IFEO\wireshark.exe: [Debugger] nsjw.exe
IFEO\zlclient.exe: [Debugger] nsjw.exe
C:\Users\Laptop\AppData\Local\temp\008e3d40.exe
C:\Users\Laptop\AppData\Local\temp\Quarantine.exe
*****************
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe => Key not found.
C:\Users\Laptop\AppData\Local\temp\008e3d40.exe => Moved successfully.
C:\Users\Laptop\AppData\Local\temp\Quarantine.exe => Moved successfully.
==== End of Fixlog ====0 -
Advertisement
-
my internet is terrible at the moment so trying to avoid long posts
can you get online with the pc now ? if so, download a fresh copy of avg and install it0 -
Ok, I'll do it now and let you know.0
-
AVG install failed - error attempting to create directory C:\Program Files\AVG\AVG2014(some numbers).
There is still old AVG folder under Program Files and I don't have permission to access it. I manually changed security to set owner to Laptop, I run removal tool again and I am going to repeat install.
Please let me know is it ok what I did?0 -
use the avg 2014 32bit remover from here instead
http://www.avg.com/us-en/utilities
I'm guessing you have no problems getting online now ?
if so, do this too, update mbam run a quick scan and post that log0 -
Yes it is the link I used before. But this time it deleted all the context from C:\Program Files\AVG as I changed permissions.
I am going to run install again.
Thank you Jsa112 sooooooooooo much for all of this. No big pictures this time as I am concerned about the connection.
I will let you know how it goes. I don't want to open any browser until AVG is set, just in case.0 -
Advertisement
-
Did you remove MBM from laptop with your tool? It is missing now.
AVG failed again, but I found some additional steps to be done after running AVG removal, I'll do this: http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=215517
If that fails I'll download MBM and scan.
I am going to give it another hour or so and continue tomorrow. Will keep you posted
0 -
no mbam should still be there, re-install it if you need to0
-
No it is not there. There is icon in the desktop which points to unknown location, also it is listed in Control Panel, but when I click uninstall it prompts "already uninstalled".
Would you know why is that, is virus messed up both mbm and avg?
What kind of people are writing these viruses?
I am still cleaning old AVG folders. I am changing permissions manually in order to delete them. I am going to google cmd line way to do it.
I'll continue tomorrow, I almost didn't sleep yesterday, plus having flu doesn't help.
I'll let you know on the progress. I will run MBM when sort AVG
Have a good night!0 -
Hi Jsa112,
managed to install AVG at the end.
Now, I can't install mbam as "check sum error, it already exists". There are still folders in C:\Program Files\Malwarebytes and C:\ProgramData\Malwarebytes with access denied. (but there is no mbam.exe in it). I granted access to folder, but install still fails as the sub folders are access denied... and I don't want to delete anything from there just in case.
The link to uninstall from Control Panel is broken as well.
Would you know the proper way to remove it completely and I'll install fresh one?
Thank you in advance
p.s. I did full AVG scan - nothing found 0 -
use revo uninstaller to remove mbam
http://download.cnet.com/Revo-Uninstaller/3000-2096_4-10687648.html
then re install mbam update and do a quick scan with it and post the log here0 -
Revo uninstaller does not show mbm in the list of programs. But there is still Malwarebytes folder with all the files.
Is there any way to remove it?
Or should I try to run mbm and choose some other (not default) location?
Or should I try to change owner of Program Files/Malwarebytes and delete it manually?
I am not sure what are the other folders to be deleted manually.0 -
I changed access to existing folders and managed to install mbam. But when I try to run it complained that mbam.exe does not exist.
I then used revouninstaller to uninstall this, installed and run again - same thing.
I used advanced option on Revo, it found there are some malwarebytes registry files, but I left them as I am not sure is it safe to delete.
Any ideas?0 -
I downloaded SuperAntiSpyware and followed instructions in the sticky.
It found 456 threats (4 major).
After restart mbam install still missing mbam.exe after install.
I'll copy the log in the next post if Jsa112 or anyone else have time and energy to help me 0 -
I'll post the whole file in PM as it is huge. These are major threats:
Rogue.IEAntiVirus
C:\Program Files\ANTIVIRUS
Trojan.Agent/Gen-VBInject
C:\USERS\LAPTOP\APPDATA\LOCAL\TEMP\~TMF2823190187879636770.TMP
C:\USERS\LAPTOP\APPDATA\LOCAL\TEMP\~TMF4275285878195863885.TMP
C:\USERS\LAPTOP\APPDATA\LOCAL\TEMP\~TMF675816777688979468.TMP
The rest are Adware.Tracking Cookie threats.0 -
that's nothing to worry about
the virus messed up your permissions, see if this helps fixing any permission problems
http://www.bleepingcomputer.com/download/grantperms/0 -
Advertisement
-
It still can't start mbam. This is the output from GrantPerm after unlock:
GrantPerms by Farbar
Ran by Laptop (administrator) at 2014-01-03 01:28:12
===============================================
\\?\C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Owner: BUILTIN\Administrators
DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)0 -
can you post a quick scan from otl ?0
-
OTL logfile created on: 04/01/2014 00:13:09 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laptop\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
984.18 Mb Total Physical Memory | 282.03 Mb Available Physical Memory | 28.66% Memory free
2.18 Gb Paging File | 1.04 Gb Available in Paging File | 47.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.31 Gb Total Space | 79.94 Gb Free Space | 57.80% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.30 Gb Free Space | 88.83% Space Free | Partition Type: NTFS
Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/01/02 16:25:16 | 000,761,536 | ---- | M] () -- C:\Program Files\Mobogenie\DaemonProcess.exe
PRC - [2013/12/30 23:14:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Downloads\OTL.exe
PRC - [2013/12/19 23:52:09 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2013/12/07 01:25:40 | 000,066,840 | ---- | M] () -- C:\Program Files\outobox\updateoutobox.exe
PRC - [2013/11/18 21:59:36 | 000,590,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/11/07 22:00:48 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/10/28 23:24:02 | 000,729,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/10/28 23:17:36 | 000,892,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2010/11/16 13:37:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2010/11/16 13:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/07/12 20:47:40 | 000,098,304 | ---- | M] () -- C:\Program Files\Mobilni Internet\ModemListener.exe
PRC - [2010/06/17 16:09:02 | 000,040,960 | ---- | M] () -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/31 16:39:22 | 000,340,176 | ---- | M] (The TechGuys) -- C:\Program Files\The TechGuys\Launch\Launch.exe
PRC - [2008/06/13 12:06:44 | 000,414,720 | ---- | M] (ODM) -- C:\Program Files\OEM\OSD_1.2\osd.exe
PRC - [2008/05/07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/22 08:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) -- C:\Program Files\OEM\OSD_1.2\OsdService.exe
PRC - [2007/11/28 15:43:08 | 000,042,824 | ---- | M] () -- C:\Program Files\Spare Messaging\MessagingApp.exe
========== Modules (No Company Name) ==========
MOD - [2014/01/02 16:25:16 | 000,761,536 | ---- | M] () -- C:\Program Files\Mobogenie\DaemonProcess.exe
MOD - [2013/10/19 02:26:18 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/10/19 02:25:17 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f228cc72a6647716127cd44ca416e6dc\PresentationFramework.ni.dll
MOD - [2013/10/19 02:24:06 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2482534bee5c520cdfe9c8f7df6a92f\PresentationCore.ni.dll
MOD - [2013/10/19 02:23:21 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c16ade1485996fa4981edc7df436a15b\WindowsBase.ni.dll
MOD - [2013/10/12 19:53:47 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/08/15 20:04:04 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/15 20:02:40 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/15 19:58:55 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/12 20:04:47 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af7b745f6a06b800c73f1556553fe331\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 19:42:34 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2010/07/12 20:47:40 | 000,098,304 | ---- | M] () -- C:\Program Files\Mobilni Internet\ModemListener.exe
MOD - [2008/07/31 16:43:18 | 000,021,200 | ---- | M] () -- C:\Program Files\The TechGuys\Launch\MVVMFramework.DLL
MOD - [2007/11/28 15:43:08 | 000,042,824 | ---- | M] () -- C:\Program Files\Spare Messaging\MessagingApp.exe
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
SRV - [2013/12/21 01:26:09 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/10 22:11:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/07 01:25:40 | 000,066,840 | ---- | M] () [Auto | Running] -- C:\Program Files\outobox\updateoutobox.exe -- (Update outobox)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/16 13:37:38 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/06/17 16:09:02 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager)
SRV - [2008/02/22 08:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) [Auto | Running] -- C:\Program Files\OEM\OSD_1.2\OsdService.exe -- (OsdService)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swumx20.sys -- (SWUMX20)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/11/10 14:41:57 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/11/05 21:50:48 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/11/04 21:57:30 | 000,209,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/24 22:28:32 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/17 00:57:26 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/01/13 10:54:18 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/01/13 10:54:16 | 000,089,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/01/13 10:54:16 | 000,073,344 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/01/13 10:54:16 | 000,064,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/06/17 16:09:00 | 000,103,552 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbser.sys -- (qcusbser)
DRV - [2009/07/22 16:44:18 | 000,148,992 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumxa3.sys -- (SWUMXA3)
DRV - [2009/07/22 16:44:04 | 000,197,504 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV - [2009/02/17 19:38:12 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2008/12/30 10:57:54 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008/12/13 10:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/07/15 08:20:24 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/07/10 10:36:06 | 000,331,776 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2008/05/21 16:46:48 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\directport.sys -- (GpdDevDPort)
DRV - [2008/05/02 13:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/22 18:06:56 | 000,008,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\kbfiltr.sys -- (GpdKbFilter)
DRV - [2008/01/21 02:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007/08/23 10:22:08 | 001,201,312 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{4186E915-6684-410A-A99C-66AF1C7C2FBF}: "URL" = http://search.avg.com/?d=4e04ea29&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI_en-GBIE398
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "search"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/21 01:25:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/21 01:25:35 | 000,000,000 | ---D | M]
[2010/12/27 20:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Extensions
[2014/01/02 16:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions
[2011/04/06 19:47:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/12/07 01:25:40 | 000,008,920 | ---- | M] () (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\firefox@outobox.net.xpi
[2013/08/15 20:57:51 | 000,380,223 | ---- | M] () (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\izer@camelcamelcamel.com.xpi
[2013/11/05 01:45:22 | 000,454,725 | ---- | M] () (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
[2013/12/21 01:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/21 01:25:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/21 01:25:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/12/21 01:25:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/12/21 01:25:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/12/21 01:25:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/12/21 01:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/21 01:25:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/21 01:26:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: outobox = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka\1.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Wallet = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/12/31 17:49:52 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (outobox) - {30f06672-0e95-41a9-80cb-dee386af99ad} - C:\Program Files\outobox\outoboxBHO.dll (outobox)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe ()
O4 - HKLM..\Run: [ModemListener] C:\Program Files\Mobilni Internet\ModemListener.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpareMessaging] C:\Program Files\Spare Messaging\MessagingApp.exe ()
O4 - HKCU..\Run: [NextLive] C:\Users\Laptop\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: raiffeisenbank.rs ([rol] https in Trusted sites)
O16 - DPF: {73848533-39E1-49F1-9363-28054268C094} https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll (FileInterface Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} https://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll (SecAPI Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D476B39-5E72-4B60-B1B3-51942DB45C12}: DhcpNameServer = 62.40.32.33 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CB56C1F-01D1-4F60-907E-B6CEEEAD28B3}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C401496D-850D-4C25-ABE5-409F1360FD22}: DhcpNameServer = 62.40.32.33 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8B8E3FA-BA28-41C2-B622-4E1C8AD58993}: DhcpNameServer = 192.168.1.1 0.0.0.0
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O27 - HKLM IFEO\avcenter.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\avguard.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\avp.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\bdagent.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\ccuac.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\ComboFix.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\egui.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\hijackthis.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\keyscrambler.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\mbam.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MSASCui.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MsMpEng.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\msseces.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\spybotsd.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\wireshark.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\zlclient.exe: Debugger - nsjw.exe File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/03 01:22:03 | 000,000,000 | ---D | C] -- C:\GrantPerm
[2014/01/03 00:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/03 00:28:47 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/01/03 00:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/03 00:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2014/01/02 23:17:53 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\SUPERAntiSpyware.com
[2014/01/02 23:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/01/02 23:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/01/02 23:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/01/02 23:01:16 | 029,249,704 | ---- | C] (SUPERAntiSpyware) -- C:\Users\Laptop\Desktop\SUPERAntiSpyware.exe
[2014/01/02 19:17:22 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Laptop\Desktop\mbam-setup-1.75.0.1300(1).exe
[2014/01/02 16:23:51 | 000,000,000 | ---D | C] -- C:\Users\Laptop\.android
[2014/01/02 16:23:45 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\cache
[2014/01/02 16:23:26 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\newnext.me
[2014/01/02 16:23:24 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\genienext
[2014/01/02 16:23:18 | 000,000,000 | ---D | C] -- C:\Users\Laptop\Documents\Mobogenie
[2014/01/02 16:23:18 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\Mobogenie
[2014/01/02 16:23:04 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
[2014/01/02 16:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mobogenie
[2014/01/02 16:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\outobox
[2014/01/02 16:20:50 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/01/02 16:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/01/02 16:09:02 | 000,923,784 | ---- | C] (CNET Download.com) -- C:\Users\Laptop\Desktop\cbsidlm-cbsi145-Revo_Uninstaller-ORG-10687648.exe
[2014/01/02 02:15:24 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\AVG2014
[2014/01/02 02:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/01/02 02:12:38 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/01/02 02:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/01/02 02:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014/01/02 02:06:04 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\MFAData
[2014/01/02 02:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/01/02 02:06:04 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\Avg2014
[2014/01/01 20:32:12 | 004,436,944 | ---- | C] (AVG Technologies) -- C:\Users\Laptop\Desktop\avg_free_stb_all_2014_4259_cnet.exe
[2014/01/01 20:32:12 | 003,386,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Laptop\Desktop\avg_remover_stf_x86_2014_4116.exe
[2014/01/01 18:02:47 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\WinRAR
[2014/01/01 17:58:17 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/01 17:56:04 | 001,064,333 | ---- | C] (Farbar) -- C:\Users\Laptop\Desktop\FRST.exe
[2014/01/01 02:13:16 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{E223DA60-E642-818A-1CC6-4EB4FC1AB41C}
[2014/01/01 00:47:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/01 00:47:36 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\temp
[2014/01/01 00:46:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/01 00:19:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/01 00:19:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/01 00:19:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/01 00:19:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2014/01/01 00:15:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/01 00:13:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/01 00:02:58 | 005,160,176 | R--- | C] (Swearware) -- C:\Users\Laptop\Desktop\ComboFix.exe
[2013/12/31 17:36:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/31 17:21:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/30 19:06:12 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\dumps
[2013/12/21 01:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/10 10:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2010/11/21 01:03:13 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Laptop\mbam-setup-1.46.exe
[2010/10/04 00:38:21 | 141,707,952 | ---- | C] (AVG Technologies) -- C:\Users\Laptop\avg_free_x86_all_2011_1120a3152.exe
[2010/10/04 00:29:57 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Laptop\avgremover.exe
[2010/09/30 00:17:30 | 001,187,896 | ---- | C] (Piriform Ltd) -- C:\Users\Laptop\ccsetup236.exe
[2010/09/28 23:31:05 | 014,951,776 | ---- | C] (Microsoft Corporation) -- C:\Users\Laptop\word2007-kb974631-fullfile-x86-glb.exe
[2010/09/28 23:04:57 | 019,075,976 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Laptop\SkypeSetupFull.exe
========== Files - Modified Within 30 Days ==========
[2014/11/17 22:43:10 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/17 22:43:08 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/17 22:42:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/17 22:42:24 | 1032,740,864 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/03 01:33:27 | 000,634,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/03 01:33:27 | 000,120,782 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/03 01:10:00 | 000,453,083 | ---- | M] () -- C:\Users\Laptop\Desktop\GrantPerms.zip
[2014/01/03 00:28:53 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/02 23:17:42 | 000,001,765 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/01/02 22:21:18 | 029,249,704 | ---- | M] (SUPERAntiSpyware) -- C:\Users\Laptop\Desktop\SUPERAntiSpyware.exe
[2014/01/02 21:43:21 | 000,002,569 | ---- | M] () -- C:\Users\Laptop\Desktop\Microsoft Office Word 2003.lnk
[2014/01/02 19:14:58 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Laptop\Desktop\mbam-setup-1.75.0.1300(1).exe
[2014/01/02 16:23:08 | 000,000,781 | ---- | M] () -- C:\Users\Laptop\Desktop\Mobogenie.lnk
[2014/01/02 16:20:51 | 000,001,022 | ---- | M] () -- C:\Users\Laptop\Desktop\Revo Uninstaller.lnk
[2014/01/02 15:56:18 | 000,923,784 | ---- | M] (CNET Download.com) -- C:\Users\Laptop\Desktop\cbsidlm-cbsi145-Revo_Uninstaller-ORG-10687648.exe
[2014/01/02 02:13:41 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/01/01 20:22:30 | 003,386,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Laptop\Desktop\avg_remover_stf_x86_2014_4116.exe
[2014/01/01 20:10:42 | 004,436,944 | ---- | M] (AVG Technologies) -- C:\Users\Laptop\Desktop\avg_free_stb_all_2014_4259_cnet.exe
[2014/01/01 18:23:05 | 000,000,224 | ---- | M] () -- C:\Windows\System32\idp2.cfg
[2014/01/01 18:17:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/01 18:06:45 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/01 17:51:28 | 001,064,333 | ---- | M] (Farbar) -- C:\Users\Laptop\Desktop\FRST.exe
[2014/01/01 17:20:30 | 000,000,512 | ---- | M] () -- C:\Users\Laptop\Documents\MBR.dat
[2014/01/01 13:17:12 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/01 10:51:58 | 139,320,433 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/01/01 04:52:54 | 000,000,104 | ---- | M] () -- C:\Users\Laptop\Desktop\Recycle Bin - Shortcut.lnk
[2014/01/01 03:34:23 | 000,000,495 | ---- | M] () -- C:\Users\Laptop\Desktop\OTL - Shortcut.lnk
[2014/01/01 03:33:51 | 000,000,536 | ---- | M] () -- C:\Users\Laptop\Desktop\AdwCleaner - Shortcut.lnk
[2014/01/01 02:37:09 | 000,001,564 | ---- | M] () -- C:\Users\Laptop\Desktop\Computer.lnk
[2014/01/01 02:36:59 | 000,000,288 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\76278BBE.reg
[2014/01/01 00:03:05 | 005,160,176 | R--- | M] (Swearware) -- C:\Users\Laptop\Desktop\ComboFix.exe
[2013/12/31 21:42:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/12/31 17:49:52 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/12/05 21:37:36 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
========== Files Created - No Company Name ==========
[2014/01/03 01:17:26 | 000,453,083 | ---- | C] () -- C:\Users\Laptop\Desktop\GrantPerms.zip
[2014/01/03 00:28:53 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/02 23:17:42 | 000,001,765 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/01/02 16:23:08 | 000,000,781 | ---- | C] () -- C:\Users\Laptop\Desktop\Mobogenie.lnk
[2014/01/02 16:20:51 | 000,001,022 | ---- | C] () -- C:\Users\Laptop\Desktop\Revo Uninstaller.lnk
[2014/01/02 02:13:41 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/01/01 18:23:05 | 000,000,224 | ---- | C] () -- C:\Windows\System32\idp2.cfg
[2014/01/01 17:20:29 | 000,000,512 | ---- | C] () -- C:\Users\Laptop\Documents\MBR.dat
[2014/01/01 10:51:58 | 139,320,433 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/01/01 04:52:54 | 000,000,104 | ---- | C] () -- C:\Users\Laptop\Desktop\Recycle Bin - Shortcut.lnk
[2014/01/01 03:34:23 | 000,000,495 | ---- | C] () -- C:\Users\Laptop\Desktop\OTL - Shortcut.lnk
[2014/01/01 03:33:51 | 000,000,536 | ---- | C] () -- C:\Users\Laptop\Desktop\AdwCleaner - Shortcut.lnk
[2014/01/01 02:37:09 | 000,001,564 | ---- | C] () -- C:\Users\Laptop\Desktop\Computer.lnk
[2014/01/01 02:36:59 | 000,000,288 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\76278BBE.reg
[2014/01/01 00:19:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/01 00:19:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/01 00:19:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/01 00:19:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/01 00:19:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/12/31 21:42:16 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/05/21 00:08:19 | 000,003,714 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2011/07/18 19:53:39 | 000,000,000 | ---- | C] () -- C:\Users\Laptop\AppData\Local\{BB5C1344-8CEB-4AEB-97D3-4FB026A34D40}
[2011/06/23 22:41:55 | 001,529,005 | ---- | C] () -- C:\Users\Laptop\AVGInstLog.cab
[2011/06/09 23:51:11 | 000,000,000 | ---- | C] () -- C:\Users\Laptop\AppData\Local\{DBE900B0-FC28-482C-AE85-F8BD909E858D}
[2010/10/24 22:34:24 | 104,347,466 | ---- | C] () -- C:\Users\Laptop\eclipse-java-helios-SR1-win32.zip
[2010/10/05 00:02:40 | 014,501,192 | ---- | C] () -- C:\Users\Laptop\winzip145.exe
[2010/09/29 00:16:50 | 000,000,132 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\wklnhst.dat
[2010/09/29 00:14:19 | 155,184,736 | ---- | C] () -- C:\Users\Laptop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
[2010/09/25 16:26:23 | 000,007,680 | ---- | C] () -- C:\Users\Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/01/02 02:15:24 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\AVG2014
[2011/04/11 23:44:02 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Birdstep Technology
[2014/01/03 00:28:20 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\newnext.me
[2011/11/15 20:45:07 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\O2 Broadband
[2010/09/29 00:32:35 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\OpenOffice.org
[2011/01/18 19:19:40 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Sierra Wireless
[2010/09/29 00:17:03 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Template
[2010/09/19 17:34:41 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\The TechGuys
[2012/09/29 10:08:31 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\TuneUp Software
========== Purity Check ==========
< End of report >0 -
copy and paste this into the box in otl
:OTL
O27 - HKLM IFEO\avcenter.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\avguard.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\avp.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\bdagent.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\ccuac.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\ComboFix.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\egui.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\hijackthis.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\keyscrambler.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\mbam.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MSASCui.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MsMpEng.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\msseces.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\spybotsd.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\wireshark.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\zlclient.exe: Debugger - nsjw.exe File not found
[2014/01/03 01:22:03 | 000,000,000 | ---D | C] -- C:\GrantPerm
[2014/01/03 00:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/03 00:28:47 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/01/03 00:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/03 01:17:26 | 000,453,083 | ---- | C] () -- C:\Users\Laptop\Desktop\GrantPerms.zip
click run fix, reboot and try re-install malwarebytes0 -
Now I can't uninstall malwarebytes using Revo. And link in Control Panel is broken.
Error: " Running the application uninstaller failed. Probably invalid uninstall command."
Now complete folder C:/Program Files/Malwarebytes.. is missing and links are probably pointing to it.0 -
I managed to find mbam that is already installed, it is moved to C_ProgramFiles. Also, I have some Mobogenie poping up when I connect to internet (to download latest mbam database)/
This is mbam log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.03.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Laptop :: LAPTOP-PC [administrator]
04/01/2014 02:10:06
mbam-log-2014-01-04 (02-10-06).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210530
Time elapsed: 23 minute(s), 28 second(s)
Memory Processes Detected: 1
C:\Program Files\outobox\updateoutobox.exe (PUP.Optional.Outobox.A) -> 2108 -> Delete on reboot.
Memory Modules Detected: 1
C:\Users\Laptop\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.
Registry Keys Detected: 12
HKLM\SYSTEM\CurrentControlSet\Services\Update outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Util outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{30f06672-0e95-41a9-80cb-dee386af99ad} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{1eb0a0b0-cabb-495c-a85a-7c8f891799c7} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCR\Interface\{B1290521-AB01-40EB-B993-AD122BEFC9E2} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F06672-0E95-41A9-80CB-DEE386AF99AD} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F06672-0E95-41A9-80CB-DEE386AF99AD} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F06672-0E95-41A9-80CB-DEE386AF99AD} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCU\Software\outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKLM\Software\outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\system32\rundll32.exe "C:\Users\Laptop\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Quarantined and deleted successfully.
Registry Data Items Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders|Startup (Hijack.Startup) -> Bad: (%temp%\Startup) Good: (%USERPROFILE%\Start Menu\Programs\Startup) -> Quarantined and repaired successfully.
Folders Detected: 4
C:\Program Files\outobox (PUP.Optional.Outobox.A) -> Delete on reboot.
C:\Program Files\outobox\bin (PUP.Optional.Outobox.A) -> Delete on reboot.
C:\Users\Laptop\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Delete on reboot.
C:\Users\Laptop\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
Files Detected: 20
C:\Program Files\outobox\updateoutobox.exe (PUP.Optional.Outobox.A) -> Delete on reboot.
C:\Program Files\outobox\bin\utiloutobox.exe (PUP.Optional.Outobox.A) -> Delete on reboot.
C:\Program Files\outobox\outoboxBHO.dll (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\temp\~tmf3907897545022973279.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\temp\~tmf562312092936980742.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\temp\~tmf5748325708789366380.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\temp\~tmf2797072619618958580.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\temp\~tmf2866005090776815605.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\temp\dlm45A7.tmp\copy1-outobox1120.exe (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\temp\dlm45A7.tmp\outobox1120.exe (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Users\Laptop\Local Settings\Temporary Internet Files\Content.IE5\ZMQ8AE2N\Setup[1].exe (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\outobox.ico (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\outoboxUninstall.exe (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\sqlite3.exe (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\updateoutobox.InstallState (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\bin\utiloutobox.InstallState (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.
C:\Users\Laptop\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
(end)0 -
do another updated mbam scan and post its log0
-
yes I did already yesterday after restart - didn't found anything.
I don't know where that Mobogenie came from, I'll try to uninstall it. It just pop's up and tries to connect to customer service when i connect to internet.
What I should do to make sure it dosn't have any more viruses?
What are these Trojan's that mbam found yesterday?0 -
its junk, try uninstall it, I can remove it too. it came when you used your android it seems.
just keep running avg and mbam occasionally.0 -
Advertisement
-
Ok, thank you so much again for your help
I didn't use that laptop at all as I temporary have another one. I might just re-install Windows if there are more problems.
Have a nice weekend!0
Advertisement