Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
Trojan found - please help
Comments
-
AVG fail to start I can't connect to internet.
I have downloaded AVG removal - shell I run that and install new one?
I downloaded from here:
http://www.avg.com/ww-en/utilities
Is it ok?0 -
Problem is that I can uninstall AVG from Control Panel - nothing happens when I click on it.0
-
yep do that, when did the internet problem happen ?0
-
-
After I sent you frst log - before fix log I shut it down. then I started again (not restart, just start).
Then AVG fail to start and I can't access the folder where it is located.
I'll try removal and let you know
0 -
I am going to post you the log that AVG removal tool created - does it look OK to you?
I am going to install new one, but it asks to connect to internet. I hope it is ok to connect without AVG now? I won't open any browsers.0 -
do this after
Right click on FRST to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.0 -
dont install anything yet, no need to post the avg log. do the step above first0
-
"Running zap for product code {3B97ADB7-3DA1-4964-BC10-68384BA6A66F}:01/01/2014 21:16:20.93"
C:\Users\Laptop\Desktop>C:\Users\Laptop\AppData\Local\Temp\avg-c033a478-b74a-405c-9730-6f1a94e73624.exe TW! {3B97ADB7-3DA1-4964-BC10-68384BA6A66F} /nologo
***** Zapping data for user S-1-5-18 for product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F} *****
MsiZapInfo: Performing operations for user S-1-5-18
Searching for the product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F} cached package. . .
Could not delete file: C:\Windows\Installer\d15f4.msi
The process cannot access the file because it is being used by another process.
Searching for install property data for product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F}. . .
Removed \7BDA79B31AD34694CB018683B46A6AF6\InstallProperties
Searching for product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F} data in the HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall key. . .
Removed \{3B97ADB7-3DA1-4964-BC10-68384BA6A66F}
Searching user's global config location for product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F} data. . .
Searching for product 7BDA79B31AD34694CB018683B46A6AF6 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Removed upgrade code '7BDA79B31AD34694CB018683B46A6AF6' at HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes
Searching for patches for product 7BDA79B31AD34694CB018683B46A6AF6 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BDA79B31AD34694CB018683B46A6AF6\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BDA79B31AD34694CB018683B46A6AF6 for product data. . .
Removed \Features
Removed \Patches
Removed \Usage
Removed \Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BDA79B31AD34694CB018683B46A6AF6
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\7BDA79B31AD34694CB018683B46A6AF6 for product feature data. . .
Searching per-machine global config location for product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F} data. . .
Searching for product 7BDA79B31AD34694CB018683B46A6AF6 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product 7BDA79B31AD34694CB018683B46A6AF6 in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BDA79B31AD34694CB018683B46A6AF6\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BDA79B31AD34694CB018683B46A6AF6 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\7BDA79B31AD34694CB018683B46A6AF6 for product feature data. . .
Searching old global config location for product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F} data. . .
Searching for product 7BDA79B31AD34694CB018683B46A6AF6 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes...
Searching for patches for product 7BDA79B31AD34694CB018683B46A6AF6 in Software\Microsoft\Windows\CurrentVersion\Installer\Products\7BDA79B31AD34694CB018683B46A6AF6\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Products\7BDA79B31AD34694CB018683B46A6AF6 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Features\7BDA79B31AD34694CB018683B46A6AF6 for product feature data. . .
Searching per-machine location for product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F} data. . .
Searching for product 7BDA79B31AD34694CB018683B46A6AF6 upgrade codes in Software\Classes\Installer\UpgradeCodes...
Removed upgrade code '7BDA79B31AD34694CB018683B46A6AF6' at HKLM\Software\Classes\Installer\UpgradeCodes
Searching for patches for product 7BDA79B31AD34694CB018683B46A6AF6 in Software\Classes\Installer\Products\7BDA79B31AD34694CB018683B46A6AF6\Patches
Searching HKLM\Software\Classes\Installer\Components for published component data for the product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F}. . .
Searching HKLM\Software\Classes\Installer\Assemblies for .Net assembly data for the product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F}. . .
Searching HKLM\Software\Classes\Installer\Win32Assemblies for Win32 assembly data for the product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F}. . .
Searching HKLM\Software\Classes\Installer\Products\7BDA79B31AD34694CB018683B46A6AF6 for product data. . .
Removed \Media
Removed \Net
Removed \SourceList
Removed \Software\Classes\Installer\Products\7BDA79B31AD34694CB018683B46A6AF6
Searching HKLM\Software\Classes\Installer\Features\7BDA79B31AD34694CB018683B46A6AF6 for product feature data. . .
Removed \Software\Classes\Installer\Features\7BDA79B31AD34694CB018683B46A6AF6
Searching for product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F} in per-user managed location. . .
Searching for product 7BDA79B31AD34694CB018683B46A6AF6 upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\UpgradeCodes...
Searching for patches for product 7BDA79B31AD34694CB018683B46A6AF6 in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\7BDA79B31AD34694CB018683B46A6AF6\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\7BDA79B31AD34694CB018683B46A6AF6 for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Features\7BDA79B31AD34694CB018683B46A6AF6 for product feature data. . .
Searching for shared DLL counts for components tied to the product 7BDA79B31AD34694CB018683B46A6AF6. . .
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Components key is not present.
Searching for shared DLL counts for components tied to the product 7BDA79B31AD34694CB018683B46A6AF6. . .
Searching for product 7BDA79B31AD34694CB018683B46A6AF6 client info data. . .
Removed client of component 003DACB09341D224FA6375ED6BCAC29D
Removed client of component 019D6DCC9830FE942BEF507646214642
Removed client of component 027C7C4F208E36D49A77947C93A6BE7C
Removed client of component 02D3475DA821A3C44916BDFD77F2902A
Removed client of component 030B0D1B7BA3DBD4589C3E5B2FC35CDD
Removed client of component 032661D862AC7F54AA51705383D42861
Removed client of component 03AE73B2D936C65488D20805B4DF97C7
Removed client of component 05AFA7267A7742D4DBA8CF1002690639
Removed client of component 06FA72EED76A1E11F9B98D11168807B9
Removed client of component 0817335BEE101BC47A132CC6C853050C
Removed client of component 0958544750741B549AE9266E52CD8217
Removed client of component 0AB0C2F37FEF9894C9D872712B6AAF55
Removed client of component 0B4CC547FCAFB14488075578ABE6AC00
Removed client of component 0D59DBAA68ED7DE48AACDC7285302973
Removed client of component 0D6E1289A538F7041AF021373989F7D9
Removed client of component 0E68FBB9C7BBCB4438B1AAD93B162A24
Removed client of component 0F956CAAD8A39D04BA5C963AF60AE313
Removed client of component 112615B997AF0CF4287076051A166DAF
Removed client of component 11926B6746E35284EB89A488A81AAEDE
Removed client of component 11A5E72A3C6C1234983CCB5E60EF5473
Removed client of component 121D01E5046E0C647AA9593ABAA3C803
Removed client of component 1250B690B093C3E4F99E84BA5829810F
Removed client of component 125DA4F5CC4BBF243B9F56A5AA992797
Removed client of component 130204F19BA5E494F8483C8F844585EB
Removed client of component 1302810D9A38C2F49A6FD3AC5253281A
Removed client of component 143C6102133658F428FDBCB902FFC43D
Removed client of component 14F1A0B2597DDEB4997BFF9F6AF71AA2
Removed client of component 1580EAD0E9B456C4095CEDE5706B0FC9
Removed client of component 15D0CEF43FAE16340B3F4BDA57983F30
Removed client of component 162735E4B33ABD44F87E254121F5F818
Removed client of component 170D99C3FC8781A45BDBEA5966D8C9A3
Removed client of component 1736B97F3D294D74CB2CF3A76880D9E3
Removed client of component 17B548971C3E0134FAD245E50D3E3823
Removed client of component 19768A0158855164AAC2BA58C2FEAF43
Removed client of component 198168DF455D9434C88B055D93C951FE
Removed client of component 1993C86839574DD45BD92E8E321605DA
Removed client of component 19AD0C630C80CB045A9BB10090B976AD
Removed client of component 1B280650FE06B68458276D597CA85EDC
Removed client of component 1C28AAD2D6BDFBF4B9C0DA4434F5952E
Removed client of component 1D4BA4A7392E3A4479A224109C53701E
Removed client of component 1D96A6DE8CA9AB841AA8C5745917E03A
Removed client of component 1E9AF0842D912A645AB387DCF55224AA
Removed client of component 1EA2606CACDC9B543957B7B29BC7C5A3
Removed client of component 1EB1E940B1CA3F448BCA4C17CEA5968C
Removed client of component 20DA03FE3C742E248A8DB5835C365E59
Removed client of component 21C493F576FA1C142836A4C47F9BE7AE
Removed client of component 227A84C561A4FCB42B34275B71083610
Removed client of component 23E1F04D30FBE3D42A1EA30A70F40504
Removed client of component 23E662EFBD9C30943B63359B5C432865
Removed client of component 23E715FD58DEA984283F2ABC486DA1CF
Removed client of component 23E735B1D4DAD114CAAE81671348B04F
Removed client of component 24311E6A37225F64297697145DD9B7F8
Removed client of component 24523D21C99EC374CA5F4DC243E374CC
Removed client of component 2520E86DE367C8244BEF3A186FAEE3FA
Removed client of component 25EADE91F12A3BC43AE750688F021C84
Removed client of component 28933658B2ADFB24D98CC0223F7B09B1
Removed client of component 294BAA1F4B1FE1644A6F5BCDD81E7751
Removed client of component 29A897313E2C8A44E989EF6142329EB6
Removed client of component 29D45267676B8224FAA45F37D5FD3EFE
Removed client of component 2A2C03623FAED9F4E96C811E1F76B28B
Removed client of component 2B0407540ED841A449789914A41A6668
Removed client of component 2CC639D7D71063F429EE0FEFAD74A1B3
Removed client of component 2CE8AC9E1C268664182188E0B87DE7BD
Removed client of component 2D944CD02EE67FA4C93EB299B455A791
Removed client of component 2DC753D5984B8384B8DA8196C661DCD4
Removed client of component 2DC93E3E77C679A469F22B2F7DB0A0E9
Removed client of component 2E93BF84413E08D4A9C6688322F253A7
Removed client of component 2F21CD9C39811274798A4BAE8C85F8ED
Removed client of component 3107A8D1EB7673E4F93FF0526117023F
Removed client of component 3118304BC24558549A72C2CCFA626E6A
Removed client of component 32DB5648D539A164A9B90B68CFF3C7E8
Removed client of component 33ED7A994BBB8754DB14638F896D36D3
Removed client of component 3434D62C2093DC04797E15550EA4F6A2
Removed client of component 344848DD31882FD49BC4BBC2D0DB41F6
Removed client of component 3497740298909B74BA8BA843CB4E4A11
Removed client of component 35E7F773C56946D4D813954AC0E35EC1
Removed client of component 37CBE185811AE1C4388EBB175B71A4C8
Removed client of component 3958941706B53D845908204A6B23CE60
Removed client of component 3961A18A47BB5324AA145BFC71209D86
Removed client of component 3B45F74BAC12D914A950050905D31255
Removed client of component 3B5D8DDF76CDC304B993B2E6BE2EEBAD
Removed client of component 3BAFDE2C80506B145BD3A4D66FE83ECB
Removed client of component 3C7873194CF42EA498C0A773924CF5AB
Removed client of component 3CE5C85CD618C904281DCBC1B4A1DFB8
Removed client of component 3D299224A5C620B4794036740D1DD8CB
Removed client of component 3D9F3ED53B1CAFA43B42648BB895EF93
Removed client of component 3E50E0F5227E31B4C9692FAABE07044F
Removed client of component 3E583B6FDB2573947A16C81BA5BFD079
Removed client of component 3EBBACAFEA873EE4EBF775BEABDA4DB8
Removed client of component 3F1D22CD5C854164E83BACF6BFE167B5
Removed client of component 3FF0132B8A8E43346BE1D645F3A66023
Removed client of component 402C78B217148CA4FBB82BF292039E76
Removed client of component 41869D34C2C0FB24BB0F6AD4CB36F3B5
Removed client of component 421C936DB40364544A70696FCCA6AF0A
Removed client of component 42880575DF40D6342B4D6C02576F4287
Removed client of component 44D41E65811F7BB408760448BE847397
Removed client of component 45F91B88A504156478FFD22A825BAF01
Removed client of component 464F30629EC6C794E8F18BF4C5145A37
Removed client of component 47ABA1BCEFA4011408D57CA1B85F6D0F
Removed client of component 4805B53BF1A6B344AAD7F148D10F869B
Removed client of component 48F53776BB675444CBDA040D3B91705A
Removed client of component 4A22416726B8B6B499B3697412F34582
Removed client of component 4AE07606FC567CB4FA73EDACC242C0CF
Removed client of component 4C762B8E9A924EA4894E8ADA529CED0A
Removed client of component 4CE2ED4BAC71A6C42A5C3169C32956AE
Removed client of component 4D0FEAB30221B8246BC30CA1C34A77CF
Removed client of component 4EB7C6CCEDFF9704891A608A5B900FF3
Removed client of component 4F2CE14525C93024198F620C6D51B8DB
Removed client of component 4F6C26AADFDE0F144B9B5D6505DB4C66
Removed client of component 5103F56A313CD2E458596535E73E1DF9
Removed client of component 521C63A6C65BF0947AD077CA85D5E0C0
Removed client of component 528AAAA5719DB2540B64251808055520
Removed client of component 539689B749990024F80D1DCE93CC7EA4
Removed client of component 54486E81CEF9C9249B6182AFA9E761EE
Removed client of component 54DE936E7F5822245AB1101EEEC9DEB0
Removed client of component 5508BEBA30B7E514593684C4A59DB2B3
Removed client of component 550D8EF204542CF47A1444F7F82C896C
Removed client of component 5581C31C6C52D79409F71A72DABD2BDB
Removed client of component 58870A97F1C30FF44950CF8BC5592C27
Removed client of component 58C1C29F9C5576044B25820853117E41
Removed client of component 5952616282E06534C9E2A024D2C150D2
Removed client of component 5C605206CB26CE24590B6200589C909A
Removed client of component 5C67311FB2195ED40B081EE3303D953A
Removed client of component 5CC057EE62249B64A8B2DB398EFF216B
Removed client of component 5E29EC7BE68CAC143BDC2942523F3470
Removed client of component 5F40799971E057147A8E4EE7B8ADAF0F
Removed client of component 5FC14D54BA9B55B4BB0931035A54808E
Removed client of component 605DA653F01A97B40BBE97216F0BB29C
Removed client of component 609485A502660E5409114C601E39F957
Removed client of component 60EFD1FC571CBF948B9E5DE9FAEAA429
Removed client of component 624BB461518C0F94CB88FFBA9572EEC0
Removed client of component 635A8BDBB1417E246A2DA2A681000CA5
Removed client of component 63EAE62B8178BF4488B63F7588FE7606
Removed client of component 6447070F131AE214DB84E406233E3376
Removed client of component 6468CB58E2A5BA04BB76B459D96BE698
Removed client of component 654FD6FD7F74FF047BBF46A837C689F5
Removed client of component 656BDDB1A266A7F40A533F293263BCD0
Removed client of component 656FD3C6A7E3EFB4F9E663F93B6FF3F9
Removed client of component 671E5A2686CD4174A96325F252161B32
Removed client of component 679DBB467F3964A40B7A4B8E6C00B92C
Removed client of component 679EF077FD9A35D49AC6A389FDDBB345
Removed client of component 6875890B4B1EB4B48B7CD97D5BA9F9F1
Removed client of component 6956878232AC7A44AA8B267A79811FA9
Removed client of component 69A6F144A153F364499AD9E627047D55
Removed client of component 6A93A02ADE963AB4EA3963505708CD0D
Removed client of component 6BA6F96819F8470439D8D52879235EA1
Removed client of component 6C119490142FAD046A599B72B8192015
Removed client of component 6C52FB974CDEE5A46A91901A86715672
Removed client of component 6C8E845A1F4ECE841997FF7FE5540F92
Removed client of component 6F41F9934D1EE594AA13B115836A5AE5
Removed client of component 701C047C78925CF4BA13D63FB4BEF156
Removed client of component 725C7A427990F9D41A64CB4791162A3A
Removed client of component 7283A35AD7AA84F4AA82587F9EAD6275
Removed client of component 75619BD490AAF2C40BEFED3C5F21F27D
Removed client of component 759CD54ED64971649BB1D7BF25E4E813
Removed client of component 76775FC731E0873419FA2178219A612B
Removed client of component 76A77C56381948D4BBB885C5C27E2E76
Removed client of component 7831E34F306CF3B4385B4A21D7C7EFF9
Removed client of component 78FC5F53088CCFA4FA6C6A6E0E32BFA7
Removed client of component 7A63B484BC06A9F4A838A24633672248
Removed client of component 7AB633B85A12D8548B626C28C75B5A4B
Removed client of component 7AE8A4C6FA6F1144EB0A7F8EDC02E54C
Removed client of component 7B2F0B76E1570C3448A4A7742FFFEB9E
Removed client of component 7B8CD8CE9A63B5F40BD50B14D21B5344
Removed client of component 7CDFD764AF40A4F40861F7A14601FD16
Removed client of component 7CFC371DA037B5046BB80C9CAB41FFED
Removed client of component 7D7F109C2D9DA16409481062B5920528
Removed client of component 7F2195191CEF3C24693DF3C8D16CB932
Removed client of component 7F7E60C8284EDD741874FC4AEA1EFE41
Removed client of component 8059EF54980851B49974AF1D327398BA
Removed client of component 80E2C898EE900CC4EBAE6EC804996A73
Removed client of component 8210034744FD2914EBB2659E8ECBD7F7
Removed client of component 82B4CB870A8CD27419F6DB8D16EFCEFE
Removed client of component 830A55BE899B01C44BBFAE5712F6C4B5
Removed client of component 83964F2D8053DFD42A0A1FBAB20C4371
Removed client of component 83E922B0150D1AE4298388B40B4D2C30
Removed client of component 84C197CBE2D2AF74495BCFFE1CBA2BC1
Removed client of component 8522735B715FF9646A75E84257E915D9
Removed client of component 85BF9D7E4F676984CAFAAFB20F4D5FE0
Removed client of component 85D574270999EE94086CD4B30E819F47
Removed client of component 85EC1D8B7BE494A4A9DE14D2271176C6
Removed client of component 86E12799030AE2F40B4F5DDADCB061B0
Removed client of component 871FCE025568BB1468C1D39235630C79
Removed client of component 8727F171D840B9F4F8FFF4B164365B0D
Removed client of component 87B564C177E0BE54BB972C2B384611DE
Removed client of component 884EEF98BA55AFF4588444169FC94135
Removed client of component 8887837B4F0847A459EAC26B33E2BF7B
Removed client of component 8A04B02DB6821D142A61298817670BD1
Removed client of component 8A375CE46E2775E4D868F9EFC08A3E4A
Removed client of component 8B4D9423A4CE8E143898292C762029DD
Removed client of component 8B5BC1C170CABFA4D85081BEEA06E6A9
Removed client of component 8C2E657456ED1984BB6C1C5183A8C8F4
Removed client of component 8CC88827D720A8640B39141AE7548DDB
Removed client of component 8D3C17FB35F3ACA41AAA91894C690638
Removed client of component 8D7386A606C4D5D45ABFD54C565F04CB
Removed client of component 8D90F2D0F770F544D909FA9F0511E0F9
Removed client of component 8E9D40AB6EE535040BC15A009861EEE8
Removed client of component 8EA7E5CD887B88C4C8B1A88EA9EF7E7D
Removed client of component 8EE5CE7E4D014A24BA92094AAEB35D39
Removed client of component 8FFB5185772C1BF41B0C7551346671DD
Removed client of component 90AA7B13B3A32E047A5317B0F156B9EE
Removed client of component 915B43CD22A990A4CA5780D379B2D127
Removed client of component 917BDB8D9B59B164798D001D1B48AA5D
Removed client of component 917C67D9BD30C264B8C3B138CD9B5DD9
Removed client of component 91975046B981F2A4DA138797B3131B85
Removed client of component 93F89FA5CEDA5414AA9B4A4C6BDED02B
Removed client of component 9438C12B5E177394293C8595D010F18F
Removed client of component 961294F76542D2D428C51933F45EFD0A
Removed client of component 964A33E77500CC34B8D3F5DEAD6212A6
Removed client of component 96D113D2C113AB94AAA517A76B84D4C8
Removed client of component 98E80A6CE9FA94F45B296DA261564FEF
Removed client of component 98EF22373F469D341A70C5AF10B012C6
Removed client of component 9B618C1E60FA66045865E3205C388624
Removed client of component 9B61C5D3160AE7C4DA29050A8AD3CC92
Removed client of component 9C1BA1C806590894EBF9CE4E7BC456C3
Removed client of component 9C60C99396F43BC41A781845CF9F3BE6
Removed client of component 9CF8B479511867147A4102AE77C2AA10
Removed client of component 9E39ABF2EC3247C49A382D984DB78622
Removed client of component 9F7D003A4C74E8E4490EDE8BD86C0A0A
Removed client of component A0824B094F51E7E41BFD0AF90A9CE633
Removed client of component A11187FA89AD8394287CFD2CB071DD2F
Removed client of component A169FC6F5B33BFF4389DBBFC9D40F9A7
Removed client of component A1DDD0BD4FEBE9F4789BBD2A48F89DCC
Removed client of component A23FE14B5B245794589AD97950AAD2F8
Removed client of component A2B4F39C5B6F9374CA926CDE194C0D9C
Removed client of component A3AF548DE6643B2498E0100590EAA0A8
Removed client of component A4A90605B01B67B4AADADD7F26826E53
Removed client of component A5EFD6C72C40E534C9EF8B6D4A0B0B86
Removed client of component A6B14596E83E013449DB9EC7844D9E62
Removed client of component A73F5A4BF80CF2E4CB1F213802A925FC
Removed client of component A754AE0AE1C52EC498470B0914896271
Removed client of component A7E5F875B0C626D45AFAFEBFAD92B3D8
Removed client of component AA08BB493F1FE4D4989938D60D476DFD
Removed client of component ABFA16D808E59734B8D958D17860E418
Removed client of component AD0214EBBAB58D14FB61017894F1CBD3
Removed client of component ADE21E5C0B17A914AA051E1145F81AD8
Removed client of component ADF6B64A39E5F264BA2504E5611ABCB1
Removed client of component AF56F2F4D3FA99E4B8B9684D3B9FA998
Removed client of component B0DE7004B5DA2D74BA4F8E32F70C88A4
Removed client of component B188C5D62A5D5554D82A085502AD428D
Removed client of component B2E7C13409C24AB478DEB358022B60B3
Removed client of component B3485883A8E71E34B8BC9B8AFAB208A6
Removed client of component B39530A550A53C64984B643532F9A624
Removed client of component B3F4924CDBAC6E54B9CA02F36EDA1097
Removed client of component B64552107FD914B449CD3E4B548DF4CA
Removed client of component B650FB65012D5B94F901706F3053D050
Removed client of component B6D0804A314D9794CB2DC1CA9447CC87
Removed client of component B779F7A2943FC6F4BA775B43893566A4
Removed client of component B81D3F89B8E181F4392AE7E09F442D98
Removed client of component B8E38A0C875F67046A612609185B51CD
Removed client of component B92BAAC16586D264EA21412030CDFDF9
Removed client of component B949150D9C99A2C46BD35A4D4513E928
Removed client of component BA592DD5801166A4783B2ABB7DFCAAEA
Removed client of component BBFEF3221A429D843A78B92D22C67516
Removed client of component BD2B62E916116C0428427FB7151B2934
Removed client of component C115007211C1E7541A87010681E9293B
Removed client of component C18BE537A267FA84F830D74B09B61EB5
Removed client of component C1B0B4BD5E4E9C140BC05BCDD7D62650
Removed client of component C2CCFFEAC77E4964093102C0E214D690
Removed client of component C2E44BF9D8785574B82B31975CBDD55B
Removed client of component C35C96E5318F87943BA2C7FF213600DF
Removed client of component C4510237E76B4AB48B7745003B5EE7FB
Removed client of component C578AEDF79545DC4FA7732DF49328387
Removed client of component C592FDC18B833C4408CA695E805DC7CC
Removed client of component C5B4D3C1056FEDE4F95BD77B9A57883F
Removed client of component C628190E7ED52444D893E0F3B47B7D05
Removed client of component C637BB50A17037A4BAE009DE9BC69F26
Removed client of component C6A7BA118CFC52A44909A0A61D383D2E
Removed client of component C758BF4D52D046247BCC050EFA4268F5
Removed client of component C86ECB0254D2EA0459006533318ADEC5
Removed client of component C92DFE61F97EA4E4EBE3148B852F4184
Removed client of component CA51165322F7379488F13166D55C0589
Removed client of component CBAA1F4125BA4774A98AF795628BAE1C
Removed client of component CC77A605D1DBFCE4BBC5EC60E85884DB
Removed client of component CD23AAA257CE4154B9100C07C7A16CE0
Removed client of component CD82E369DC0CBC14296A09E49A627E74
Removed client of component CF163BC562949F64689449A9BABDAAAE
Removed client of component D01F0BE85A9772D42B0E74095F0C8D28
Removed client of component D05431EB880834344AF50EFB3D7C82D4
Removed client of component D2FD539E0FDD6B24E85F7C905980CD3A
Removed client of component D3CE37D9CFFFF6444B6A5C70F9ACDA36
Removed client of component D6A513C5405ACA3488AFDDFAF7FD3B60
Removed client of component D78F64769AB6A8045B0DABF06D587428
Removed client of component D7A7EA6353183174F8C4B01101F30F9F
Removed client of component D7EBAC522A7713B4F914293B55FFD01A
Removed client of component D9B31D81F4D0A2D4BABB2B9629A34864
Removed client of component D9C08DEDA66394B43931B6659B0CCA85
Removed client of component D9EEE8E3E726D0B418C54641D93DFB58
Removed client of component DA4BBCFE1E541324683E3F51F6261BF6
Removed client of component DB58CEE8BF737534DB601050A92A2CB6
Removed client of component DBBEA02C5416932448CA1C638F0A2FC6
Removed client of component DC5AA9E7B1949194288FAAF038800A45
Removed client of component DE8E0966D77D625488B0098AA84D3EA7
Removed client of component DF9213F23D92CE0428F20FFCEF3B5DA7
Removed client of component E3D4B6373899A6348BD4CA35349EB05F
Removed client of component E57DAFE4B5BBD3B4CA68718C36F1EAFC
Removed client of component E71B47F3C43642F4E9CCA42E49EB20A9
Removed client of component E72C9A94447E454458826F9C868B56CF
Removed client of component E9952EB11D12A744BA39916FDD0AA194
Removed client of component EA27225FFDF2795408752A64623D29C8
Removed client of component EB06BD404D6EB77448B48C83D896EEAE
Removed client of component EB0D5A0E3774A00418837869F2BF994D
Removed client of component EC7E7AE3F2B2E7F458439A44586357C8
Removed client of component ED008D54A0A6EFE46AD71916B57D6456
Removed client of component EDCF07883D3DBFF45B0975C777C72C40
Removed client of component EE30CAF1CC0336C4794F78416D385089
Removed client of component EEC2AF5E4944A4247B34F4194B93F590
Removed client of component EF16F1D5F59B3314A8E0E40F356E3BD0
Removed client of component EF6A6E4CC534DDB448C30B580F09BF04
Removed client of component F2D4F2DCECB7373458FC26FDAAAF3CA0
Removed client of component F325D7BB7989D8F4D876651E5811E2A6
Removed client of component F3E1445D12DC4E24C95C6F285418EB9D
Removed client of component F56AFC852A30654418BC16C5210A79FB
Removed client of component F5BE904EDB27C2040ABBD98C2DC92170
Removed client of component F5D2DBB4F91C46543BC47161133ACA85
Removed client of component F6659B2B6CBE121408E2145D7F9CFBA1
Removed client of component F90929B552959724E88DE687FDA596C9
Removed client of component F90F221982E38F54C94EA836D167B4F5
Removed client of component F91F9D38A6E8BE641A615DE460EC9877
Removed client of component F9C0C8D8BAA8A7C4AA144B5125AB7F7A
Removed client of component FA19CEB8B751F644D90141FA48E92E81
Removed client of component FA1C54E1AEB2213419544FADAA8B30D3
Removed client of component FA58C0EAFF729D1489AC20086AFC9A25
Removed client of component FA6D43A07B7C18D48B55E235CDDFF894
Removed client of component FAAD009E1CDE20E47B9E20950884B35E
Removed client of component FB6AF74955D4C804896834D35A77C457
Removed client of component FF490D268516ABE4F85EEB97FE67903E
Removed client of component FFBE0AD2B8A30A54294B6BC63339CE55
Searching for product 7BDA79B31AD34694CB018683B46A6AF6 client info data. . .
Searching for Installer files and folders associated with the product {3B97ADB7-3DA1-4964-BC10-68384BA6A66F}. . .
Searching for files and folders in the user's profile. . .
Searching for files and folders in the %WINDIR%\Installer folder
Removed file: C:\Windows\Installer\$PatchCache$\Managed\7BDA79B31AD34694CB018683B46A6AF6\14.0.4259\safeguard.exe
Removed folder: C:\Windows\Installer\$PatchCache$\Managed\7BDA79B31AD34694CB018683B46A6AF6\14.0.4259
Removed folder: C:\Windows\Installer\$PatchCache$\Managed\7BDA79B31AD34694CB018683B46A6AF6
FAILED to clear all data.
"Running zap for product code {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}:01/01/2014 21:16:23.33"
C:\Users\Laptop\Desktop>C:\Users\Laptop\AppData\Local\Temp\avg-c033a478-b74a-405c-9730-6f1a94e73624.exe TW! {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} /nologo
***** Zapping data for user S-1-5-18 for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} *****
MsiZapInfo: Performing operations for user S-1-5-18
Searching for the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} cached package. . .
Removed file: C:\Windows\Installer\e1073c.msi
Searching for install property data for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Removed \BAEFEA94B01AE8E45B772278CA2A8BFA\InstallProperties
Searching for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} data in the HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall key. . .
Removed \{49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}
Searching user's global config location for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} data. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Removed upgrade code 'BAEFEA94B01AE8E45B772278CA2A8BFA' at HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Removed \Features
Removed \Patches
Removed \Usage
Removed \Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAEFEA94B01AE8E45B772278CA2A8BFA
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Searching per-machine global config location for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} data. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Searching old global config location for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} data. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes...
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Microsoft\Windows\CurrentVersion\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Searching per-machine location for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} data. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Classes\Installer\UpgradeCodes...
Removed upgrade code 'BAEFEA94B01AE8E45B772278CA2A8BFA' at HKLM\Software\Classes\Installer\UpgradeCodes
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Classes\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Classes\Installer\Components for published component data for the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Searching HKLM\Software\Classes\Installer\Assemblies for .Net assembly data for the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Searching HKLM\Software\Classes\Installer\Win32Assemblies for Win32 assembly data for the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Searching HKLM\Software\Classes\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Removed \Media
Removed \Net
Removed \SourceList
Removed \Software\Classes\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA
Searching HKLM\Software\Classes\Installer\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Removed \Software\Classes\Installer\Features\BAEFEA94B01AE8E45B772278CA2A8BFA
Searching for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} in per-user managed location. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\UpgradeCodes...
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Searching for shared DLL counts for components tied to the product BAEFEA94B01AE8E45B772278CA2A8BFA. . .
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Components key is not present.
Searching for shared DLL counts for components tied to the product BAEFEA94B01AE8E45B772278CA2A8BFA. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA client info data. . .
Removed client of component 693BC5DC9FF71574B87DD599AF3E300C
Removed client of component A9C098029425A694BBF981F10841469F
Removed client of component AC395BE4B2B8635489A419917C137F01
Removed client of component D4CEAD7A152772141BBD7E21B03D8469
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA client info data. . .
Searching for Installer files and folders associated with the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Searching for files and folders in the user's profile. . .
Searching for files and folders in the %WINDIR%\Installer folder
***** Zapping data for user S-1-5-18 for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} *****
MsiZapInfo: Performing operations for user S-1-5-18
Searching for the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} cached package. . .
Searching for install property data for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Searching user's global config location for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} data. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Searching per-machine global config location for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} data. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\\UpgradeCodes...
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Searching old global config location for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} data. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes...
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Microsoft\Windows\CurrentVersion\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Searching per-machine location for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} data. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Classes\Installer\UpgradeCodes...
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Classes\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Classes\Installer\Components for published component data for the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Searching HKLM\Software\Classes\Installer\Assemblies for .Net assembly data for the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Searching HKLM\Software\Classes\Installer\Win32Assemblies for Win32 assembly data for the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Searching HKLM\Software\Classes\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Searching HKLM\Software\Classes\Installer\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Searching for product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF} in per-user managed location. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA upgrade codes in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\UpgradeCodes...
Searching for patches for product BAEFEA94B01AE8E45B772278CA2A8BFA in Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA\Patches
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Products\BAEFEA94B01AE8E45B772278CA2A8BFA for product data. . .
Searching HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-18\Installer\Features\BAEFEA94B01AE8E45B772278CA2A8BFA for product feature data. . .
Searching for shared DLL counts for components tied to the product BAEFEA94B01AE8E45B772278CA2A8BFA. . .
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Components key is not present.
Searching for shared DLL counts for components tied to the product BAEFEA94B01AE8E45B772278CA2A8BFA. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA client info data. . .
Searching for product BAEFEA94B01AE8E45B772278CA2A8BFA client info data. . .
Searching for Installer files and folders associated with the product {49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}. . .
Searching for files and folders in the user's profile. . .
Searching for files and folders in the %WINDIR%\Installer folder0 -
Advertisement
-
Ok I'll run your removal and let you know 0
-
I run frst and posting you the log in the next post. I run scan twice as I deleted first log accidentally.
From the link you sent for the removal - it is 2013 and I have 2014, is it ok? Which one should I use x86 or x64?0 -
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-12-2013
Ran by Laptop (administrator) on LAPTOP-PC on 01-01-2014 21:33:07
Running from C:\Users\Laptop\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(TODO: <公司名稱>) C:\Program Files\OEM\OSD_1.2\OsdService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\Spare Messaging\MessagingApp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Mobilni Internet\ModemListener.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(The TechGuys) C:\Program Files\The TechGuys\Launch\Launch.exe
(ODM) C:\Program Files\OEM\OSD_1.2\osd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [SpareMessaging] - C:\Program Files\Spare Messaging\MessagingApp.exe [42824 2007-11-28] ()
HKLM\...\Run: [ModemListener] - C:\Program Files\Mobilni Internet\ModemListener.exe [98304 2010-07-12] ()
HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF"&"inst=NzctNjMyNzYyMjI3LVBMKzktWE8zNisxLU4xRCsxLVFJWDErNC1YMjAxMCsyLUZMMTArMS1MSUMrODgtU1AxKzEtU1AxVEIrMS1TUDFTMisxLVNVRCsxLVMxSSsxLVNVMysxLUxTRCsyLUREVCsw"&"prod=90"&"ver=10.0.1382
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [135680 2008-07-17] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-09-12] (Google Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
IFEO\avcenter.exe: [Debugger] nsjw.exe
IFEO\avguard.exe: [Debugger] nsjw.exe
IFEO\avp.exe: [Debugger] nsjw.exe
IFEO\bdagent.exe: [Debugger] nsjw.exe
IFEO\ccuac.exe: [Debugger] nsjw.exe
IFEO\ComboFix.exe: [Debugger] nsjw.exe
IFEO\egui.exe: [Debugger] nsjw.exe
IFEO\hijackthis.exe: [Debugger] nsjw.exe
IFEO\keyscrambler.exe: [Debugger] nsjw.exe
IFEO\mbam.exe: [Debugger] nsjw.exe
IFEO\MpCmdRun.exe: [Debugger] nsjw.exe
IFEO\MSASCui.exe: [Debugger] nsjw.exe
IFEO\MsMpEng.exe: [Debugger] nsjw.exe
IFEO\msseces.exe: [Debugger] nsjw.exe
IFEO\spybotsd.exe: [Debugger] nsjw.exe
IFEO\wireshark.exe: [Debugger] nsjw.exe
IFEO\zlclient.exe: [Debugger] nsjw.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {4186E915-6684-410A-A99C-66AF1C7C2FBF} URL = http://search.avg.com/?d=4e04ea29&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI_en-GBIE398
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {73848533-39E1-49F1-9363-28054268C094} https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} https://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default
FF SelectedSearchEngine: search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: The Camelizer - Amazon Price Tracker - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\Extensions\izer@camelcamelcamel.com.xpi
FF Extension: Property Bee - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\Extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (Google Wallet) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
========================== Services (Whitelisted) =================
R2 DeviceManager; C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe [40960 2010-06-17] ()
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] ()
R2 OsdService; C:\Program Files\OEM\OSD_1.2\OsdService.exe [94208 2008-02-22] (TODO: <公司名稱>)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S2 vToolbarUpdater17.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]
==================== Drivers (Whitelisted) ====================
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-10] (AVG Technologies)
R3 GpdDevDPort; C:\Windows\system32\directport.sys [7168 2008-05-21] ()
R3 GpdKbFilter; C:\Windows\system32\kbfiltr.sys [8192 2008-04-22] (Windows (R) Codename Longhorn DDK provider)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [89984 2011-01-13] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [64128 2011-01-13] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2011-01-13] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2008-12-30] (Huawei Technologies Co., Ltd.)
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2008-01-21] (Microsoft Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [103552 2010-06-17] (TCT International Mobile Ltd)
R3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [331776 2008-07-10] (Realtek Semiconductor Corporation )
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [197504 2009-07-22] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [148992 2009-07-22] (Sierra Wireless Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 swmsflt; \SystemRoot\System32\drivers\swmsflt.sys [x]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-01 21:32 - 2014-01-01 21:32 - 00000097 _____ C:\Users\Laptop\Desktop\FRST-1.txt
2014-01-01 21:21 - 2014-01-01 21:22 - 00000000 ____D C:\ProgramData\MFAData
2014-01-01 21:21 - 2014-01-01 21:21 - 00000000 ____D C:\Users\Laptop\AppData\Local\MFAData
2014-01-01 21:21 - 2014-01-01 21:21 - 00000000 ____D C:\Users\Laptop\AppData\Local\Avg2014
2014-01-01 20:48 - 2014-01-01 21:19 - 00468099 _____ C:\Users\Laptop\Desktop\avgremover.log
2014-01-01 20:32 - 2014-01-01 20:22 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Laptop\Desktop\avg_remover_stf_x86_2014_4116.exe
2014-01-01 20:32 - 2014-01-01 20:10 - 04436944 _____ (AVG Technologies) C:\Users\Laptop\Desktop\avg_free_stb_all_2014_4259_cnet.exe
2014-01-01 20:30 - 2014-01-01 20:30 - 00000795 _____ C:\Windows\setupact.log
2014-01-01 20:30 - 2014-01-01 20:30 - 00000000 _____ C:\Windows\setuperr.log
2014-01-01 18:23 - 2014-01-01 18:23 - 00000224 _____ C:\Windows\system32\idp2.cfg
2014-01-01 18:02 - 2014-01-01 21:33 - 00015169 _____ C:\Users\Laptop\Desktop\FRST.txt
2014-01-01 18:02 - 2014-01-01 18:02 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\WinRAR
2014-01-01 17:58 - 2014-01-01 17:58 - 00000000 ____D C:\FRST
2014-01-01 17:56 - 2014-01-01 17:51 - 01064333 _____ (Farbar) C:\Users\Laptop\Desktop\FRST.exe
2014-01-01 17:51 - 2014-01-01 17:51 - 01064333 _____ (Farbar) C:\Users\Laptop\Downloads\FRST.exe
2014-01-01 17:20 - 2014-01-01 17:20 - 00000512 _____ C:\Users\Laptop\Documents\MBR.dat
2014-01-01 16:23 - 2014-01-01 17:20 - 00003065 _____ C:\Users\Laptop\Documents\aswMBR.txt
2014-01-01 16:00 - 2014-01-01 16:06 - 00175754 _____ C:\Users\Laptop\Downloads\report.txt
2014-01-01 15:45 - 2014-01-01 15:45 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Laptop\Downloads\tdsskiller.exe
2014-01-01 15:42 - 2014-01-01 15:43 - 04745728 _____ (AVAST Software) C:\Users\Laptop\Downloads\aswMBR.exe
2014-01-01 10:52 - 2014-01-01 10:52 - 00146136 _____ C:\Windows\Minidump\Mini010114-01.dmp
2014-01-01 10:51 - 2014-01-01 10:51 - 139320433 _____ C:\Windows\MEMORY.DMP
2014-01-01 09:50 - 2014-01-01 09:50 - 00072696 _____ C:\Users\Laptop\Downloads\OTL-after.Txt
2014-01-01 04:52 - 2014-01-01 04:52 - 00000104 _____ C:\Users\Laptop\Desktop\Recycle Bin - Shortcut.lnk
2014-01-01 03:34 - 2014-01-01 03:34 - 00000495 _____ C:\Users\Laptop\Desktop\OTL - Shortcut.lnk
2014-01-01 03:33 - 2014-01-01 03:33 - 00000536 _____ C:\Users\Laptop\Desktop\AdwCleaner - Shortcut.lnk
2014-01-01 02:37 - 2014-01-01 02:37 - 00001564 _____ C:\Users\Laptop\Desktop\Computer.lnk
2014-01-01 02:36 - 2014-01-01 02:36 - 00000288 _____ C:\Users\Laptop\AppData\Roaming\76278BBE.reg
2014-01-01 02:13 - 2014-01-01 03:22 - 00000000 ____D C:\Users\Laptop\AppData\Local\{E223DA60-E642-818A-1CC6-4EB4FC1AB41C}
2014-01-01 00:47 - 2014-01-01 00:47 - 00010970 _____ C:\ComboFix.txt
2014-01-01 00:19 - 2014-01-01 00:47 - 00000000 ____D C:\ComboFix
2014-01-01 00:19 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-01 00:19 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-01 00:19 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-01 00:15 - 2014-01-01 00:47 - 00000000 ____D C:\Qoobox
2014-01-01 00:13 - 2014-01-01 00:45 - 00000000 ____D C:\Windows\erdnt
2014-01-01 00:02 - 2014-01-01 00:03 - 05160176 ____R (Swearware) C:\Users\Laptop\Desktop\ComboFix.exe
2013-12-31 21:42 - 2013-12-31 21:42 - 00000512 _____ C:\PhysicalMBR.bin
2013-12-31 17:36 - 2013-12-31 17:36 - 00000000 ____D C:\_OTL
2013-12-31 17:21 - 2014-01-01 09:23 - 00000000 ____D C:\AdwCleaner
2013-12-31 15:56 - 2013-12-31 15:56 - 01233962 _____ C:\Users\Laptop\Downloads\AdwCleaner.exe
2013-12-31 01:29 - 2013-12-31 01:29 - 00035056 _____ C:\Users\Laptop\Downloads\Extras.Txt
2013-12-31 01:23 - 2014-01-01 09:49 - 00072696 _____ C:\Users\Laptop\Downloads\OTL.Txt
2013-12-30 23:14 - 2013-12-30 23:14 - 00602112 _____ (OldTimer Tools) C:\Users\Laptop\Downloads\OTL.exe
2013-12-30 19:06 - 2013-12-30 19:07 - 00000000 ____D C:\Users\Laptop\AppData\Local\dumps
2013-12-30 01:01 - 2014-01-01 21:18 - 00006266 _____ C:\Windows\PFRO.log
2013-12-30 00:13 - 2013-12-30 00:13 - 00000871 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-21 01:24 - 2013-12-21 01:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 02:37 - 2013-11-14 23:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 02:37 - 2013-11-14 22:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 02:37 - 2013-11-14 22:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 02:37 - 2013-11-14 22:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 02:37 - 2013-11-14 22:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 02:37 - 2013-11-14 22:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 02:37 - 2013-11-14 22:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-12 02:37 - 2013-11-14 22:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 02:37 - 2013-11-14 22:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 02:37 - 2013-11-14 22:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-12 02:37 - 2013-11-14 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 02:37 - 2013-11-14 22:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 02:37 - 2013-11-14 22:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 02:37 - 2013-11-14 22:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-12 02:37 - 2013-11-14 22:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 02:37 - 2013-11-14 22:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 00:33 - 2013-10-30 02:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-12 00:33 - 2013-10-30 01:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 00:33 - 2013-10-30 00:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 00:32 - 2013-10-11 02:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 00:32 - 2013-10-11 02:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 00:32 - 2013-10-11 02:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-12 00:32 - 2013-10-11 00:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 00:32 - 2013-10-11 00:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 00:31 - 2013-10-30 00:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 00:30 - 2013-10-22 07:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
==================== One Month Modified Files and Folders =======
2014-01-01 21:33 - 2014-01-01 18:02 - 00015169 _____ C:\Users\Laptop\Desktop\FRST.txt
2014-01-01 21:32 - 2014-01-01 21:32 - 00000097 _____ C:\Users\Laptop\Desktop\FRST-1.txt
2014-01-01 21:25 - 2010-09-19 17:29 - 01564497 _____ C:\Windows\WindowsUpdate.log
2014-01-01 21:22 - 2014-01-01 21:21 - 00000000 ____D C:\ProgramData\MFAData
2014-01-01 21:21 - 2014-01-01 21:21 - 00000000 ____D C:\Users\Laptop\AppData\Local\MFAData
2014-01-01 21:21 - 2014-01-01 21:21 - 00000000 ____D C:\Users\Laptop\AppData\Local\Avg2014
2014-01-01 21:19 - 2014-01-01 20:48 - 00468099 _____ C:\Users\Laptop\Desktop\avgremover.log
2014-01-01 21:19 - 2006-11-02 12:47 - 00005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-01 21:19 - 2006-11-02 12:47 - 00005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-01 21:19 - 2006-11-02 12:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2014-01-01 21:18 - 2013-12-30 01:01 - 00006266 _____ C:\Windows\PFRO.log
2014-01-01 20:32 - 2006-11-02 10:33 - 00740680 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-01 20:30 - 2014-01-01 20:30 - 00000795 _____ C:\Windows\setupact.log
2014-01-01 20:30 - 2014-01-01 20:30 - 00000000 _____ C:\Windows\setuperr.log
2014-01-01 20:22 - 2014-01-01 20:32 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Laptop\Desktop\avg_remover_stf_x86_2014_4116.exe
2014-01-01 20:14 - 2010-09-19 17:33 - 00000000 ____D C:\Users\Laptop
2014-01-01 20:10 - 2014-01-01 20:32 - 04436944 _____ (AVG Technologies) C:\Users\Laptop\Desktop\avg_free_stb_all_2014_4259_cnet.exe
2014-01-01 18:23 - 2014-01-01 18:23 - 00000224 _____ C:\Windows\system32\idp2.cfg
2014-01-01 18:23 - 2006-11-02 13:01 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-01 18:23 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 18:17 - 2010-09-28 23:10 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-01 18:06 - 2012-07-18 20:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 18:02 - 2014-01-01 18:02 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\WinRAR
2014-01-01 17:58 - 2014-01-01 17:58 - 00000000 ____D C:\FRST
2014-01-01 17:51 - 2014-01-01 17:56 - 01064333 _____ (Farbar) C:\Users\Laptop\Desktop\FRST.exe
2014-01-01 17:51 - 2014-01-01 17:51 - 01064333 _____ (Farbar) C:\Users\Laptop\Downloads\FRST.exe
2014-01-01 17:20 - 2014-01-01 17:20 - 00000512 _____ C:\Users\Laptop\Documents\MBR.dat
2014-01-01 17:20 - 2014-01-01 16:23 - 00003065 _____ C:\Users\Laptop\Documents\aswMBR.txt
2014-01-01 16:06 - 2014-01-01 16:00 - 00175754 _____ C:\Users\Laptop\Downloads\report.txt
2014-01-01 15:45 - 2014-01-01 15:45 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Laptop\Downloads\tdsskiller.exe
2014-01-01 15:43 - 2014-01-01 15:42 - 04745728 _____ (AVAST Software) C:\Users\Laptop\Downloads\aswMBR.exe
2014-01-01 13:17 - 2010-09-28 23:10 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 10:52 - 2014-01-01 10:52 - 00146136 _____ C:\Windows\Minidump\Mini010114-01.dmp
2014-01-01 10:52 - 2011-02-07 01:44 - 00000000 ____D C:\Windows\Minidump
2014-01-01 10:51 - 2014-01-01 10:51 - 139320433 _____ C:\Windows\MEMORY.DMP
2014-01-01 09:50 - 2014-01-01 09:50 - 00072696 _____ C:\Users\Laptop\Downloads\OTL-after.Txt
2014-01-01 09:49 - 2013-12-31 01:23 - 00072696 _____ C:\Users\Laptop\Downloads\OTL.Txt
2014-01-01 09:23 - 2013-12-31 17:21 - 00000000 ____D C:\AdwCleaner
2014-01-01 04:52 - 2014-01-01 04:52 - 00000104 _____ C:\Users\Laptop\Desktop\Recycle Bin - Shortcut.lnk
2014-01-01 03:54 - 2010-09-27 19:21 - 00000000 ____D C:\Mirjana
2014-01-01 03:34 - 2014-01-01 03:34 - 00000495 _____ C:\Users\Laptop\Desktop\OTL - Shortcut.lnk
2014-01-01 03:33 - 2014-01-01 03:33 - 00000536 _____ C:\Users\Laptop\Desktop\AdwCleaner - Shortcut.lnk
2014-01-01 03:23 - 2013-09-25 21:34 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-01 03:22 - 2014-01-01 02:13 - 00000000 ____D C:\Users\Laptop\AppData\Local\{E223DA60-E642-818A-1CC6-4EB4FC1AB41C}
2014-01-01 03:16 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\schemas
2014-01-01 02:37 - 2014-01-01 02:37 - 00001564 _____ C:\Users\Laptop\Desktop\Computer.lnk
2014-01-01 02:36 - 2014-01-01 02:36 - 00000288 _____ C:\Users\Laptop\AppData\Roaming\76278BBE.reg
2014-01-01 00:47 - 2014-01-01 00:47 - 00010970 _____ C:\ComboFix.txt
2014-01-01 00:47 - 2014-01-01 00:19 - 00000000 ____D C:\ComboFix
2014-01-01 00:47 - 2014-01-01 00:15 - 00000000 ____D C:\Qoobox
2014-01-01 00:47 - 2006-11-02 11:18 - 00000000 ___RD C:\Users\Public
2014-01-01 00:45 - 2014-01-01 00:13 - 00000000 ____D C:\Windows\erdnt
2014-01-01 00:43 - 2006-11-02 10:23 - 00000215 _____ C:\Windows\system.ini
2014-01-01 00:03 - 2014-01-01 00:02 - 05160176 ____R (Swearware) C:\Users\Laptop\Desktop\ComboFix.exe
2013-12-31 21:42 - 2013-12-31 21:42 - 00000512 _____ C:\PhysicalMBR.bin
2013-12-31 17:36 - 2013-12-31 17:36 - 00000000 ____D C:\_OTL
2013-12-31 15:56 - 2013-12-31 15:56 - 01233962 _____ C:\Users\Laptop\Downloads\AdwCleaner.exe
2013-12-31 01:29 - 2013-12-31 01:29 - 00035056 _____ C:\Users\Laptop\Downloads\Extras.Txt
2013-12-30 23:14 - 2013-12-30 23:14 - 00602112 _____ (OldTimer Tools) C:\Users\Laptop\Downloads\OTL.exe
2013-12-30 21:41 - 2011-12-26 20:41 - 00000742 _____ C:\Users\Laptop\Desktop\pesme.txt
2013-12-30 19:07 - 2013-12-30 19:06 - 00000000 ____D C:\Users\Laptop\AppData\Local\dumps
2013-12-30 02:27 - 2006-11-02 12:37 - 00000000 ____D C:\Windows\twain_32
2013-12-30 00:13 - 2013-12-30 00:13 - 00000871 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-30 00:13 - 2010-11-21 01:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-21 15:43 - 2012-04-26 20:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-21 01:26 - 2013-12-21 01:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 21:41 - 2013-05-05 22:44 - 00000000 ___RD C:\Program Files\Skype
2013-12-12 02:47 - 2006-11-02 10:23 - 00000240 _____ C:\Windows\win.ini
2013-12-12 02:44 - 2013-07-14 01:33 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 02:40 - 2006-11-02 10:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-10 22:10 - 2012-07-18 20:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-10 22:10 - 2011-05-21 16:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 10:22 - 2008-09-12 17:29 - 00000000 ____D C:\Program Files\Google
2013-12-05 21:37 - 2011-12-27 00:21 - 00001936 _____ C:\Users\Public\Desktop\Google Chrome.lnk
Files to move or delete:
====================
C:\Users\Laptop\avgremover.exe
C:\Users\Laptop\avg_free_x86_all_2011_1120a3152.exe
C:\Users\Laptop\ccsetup236.exe
C:\Users\Laptop\mbam-setup-1.46.exe
C:\Users\Laptop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
C:\Users\Laptop\SkypeSetupFull.exe
C:\Users\Laptop\winzip145.exe
C:\Users\Laptop\word2007-kb974631-fullfile-x86-glb.exe
Some content of TEMP:
====================
C:\Users\Laptop\AppData\Local\temp\008e3d40.exe
C:\Users\Laptop\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-01 21:27
==================== End Of Log ============================0 -
remove what was in that fixlist.txt that i gave you before and put this in instead
IFEO\avcenter.exe: [Debugger] nsjw.exe
IFEO\avguard.exe: [Debugger] nsjw.exe
IFEO\avp.exe: [Debugger] nsjw.exe
IFEO\bdagent.exe: [Debugger] nsjw.exe
IFEO\ccuac.exe: [Debugger] nsjw.exe
IFEO\ComboFix.exe: [Debugger] nsjw.exe
IFEO\egui.exe: [Debugger] nsjw.exe
IFEO\hijackthis.exe: [Debugger] nsjw.exe
IFEO\keyscrambler.exe: [Debugger] nsjw.exe
IFEO\mbam.exe: [Debugger] nsjw.exe
IFEO\MpCmdRun.exe: [Debugger] nsjw.exe
IFEO\MSASCui.exe: [Debugger] nsjw.exe
IFEO\MsMpEng.exe: [Debugger] nsjw.exe
IFEO\msseces.exe: [Debugger] nsjw.exe
IFEO\spybotsd.exe: [Debugger] nsjw.exe
IFEO\wireshark.exe: [Debugger] nsjw.exe
IFEO\zlclient.exe: [Debugger] nsjw.exe
C:\Users\Laptop\AppData\Local\temp\008e3d40.exe
C:\Users\Laptop\AppData\Local\temp\Quarantine.exe
save it, then drag it into frst like before, post the log it gives.0 -
I have already run "my" removal before you posted
. I'll wait for you to tell me should I install AVG now again and how to do it? 0 -
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-12-2013
Ran by Laptop at 2014-01-01 22:23:01 Run:2
Running from C:\Users\Laptop\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
IFEO\avcenter.exe: [Debugger] nsjw.exe
IFEO\avguard.exe: [Debugger] nsjw.exe
IFEO\avp.exe: [Debugger] nsjw.exe
IFEO\bdagent.exe: [Debugger] nsjw.exe
IFEO\ccuac.exe: [Debugger] nsjw.exe
IFEO\ComboFix.exe: [Debugger] nsjw.exe
IFEO\egui.exe: [Debugger] nsjw.exe
IFEO\hijackthis.exe: [Debugger] nsjw.exe
IFEO\keyscrambler.exe: [Debugger] nsjw.exe
IFEO\mbam.exe: [Debugger] nsjw.exe
IFEO\MpCmdRun.exe: [Debugger] nsjw.exe
IFEO\MSASCui.exe: [Debugger] nsjw.exe
IFEO\MsMpEng.exe: [Debugger] nsjw.exe
IFEO\msseces.exe: [Debugger] nsjw.exe
IFEO\spybotsd.exe: [Debugger] nsjw.exe
IFEO\wireshark.exe: [Debugger] nsjw.exe
IFEO\zlclient.exe: [Debugger] nsjw.exe
C:\Users\Laptop\AppData\Local\temp\008e3d40.exe
C:\Users\Laptop\AppData\Local\temp\Quarantine.exe
*****************
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe => Key not found.
C:\Users\Laptop\AppData\Local\temp\008e3d40.exe => Moved successfully.
C:\Users\Laptop\AppData\Local\temp\Quarantine.exe => Moved successfully.
==== End of Fixlog ====0 -
Advertisement
-
my internet is terrible at the moment so trying to avoid long posts
can you get online with the pc now ? if so, download a fresh copy of avg and install it0 -
Ok, I'll do it now and let you know.0
-
AVG install failed - error attempting to create directory C:\Program Files\AVG\AVG2014(some numbers).
There is still old AVG folder under Program Files and I don't have permission to access it. I manually changed security to set owner to Laptop, I run removal tool again and I am going to repeat install.
Please let me know is it ok what I did?0 -
use the avg 2014 32bit remover from here instead
http://www.avg.com/us-en/utilities
I'm guessing you have no problems getting online now ?
if so, do this too, update mbam run a quick scan and post that log0 -
Yes it is the link I used before. But this time it deleted all the context from C:\Program Files\AVG as I changed permissions.
I am going to run install again.
Thank you Jsa112 sooooooooooo much for all of this. No big pictures this time as I am concerned about the connection.
I will let you know how it goes. I don't want to open any browser until AVG is set, just in case.0 -
Advertisement
-
Did you remove MBM from laptop with your tool? It is missing now.
AVG failed again, but I found some additional steps to be done after running AVG removal, I'll do this: http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=215517
If that fails I'll download MBM and scan.
I am going to give it another hour or so and continue tomorrow. Will keep you posted 0 -
no mbam should still be there, re-install it if you need to0
-
No it is not there. There is icon in the desktop which points to unknown location, also it is listed in Control Panel, but when I click uninstall it prompts "already uninstalled".
Would you know why is that, is virus messed up both mbm and avg?
What kind of people are writing these viruses?
I am still cleaning old AVG folders. I am changing permissions manually in order to delete them. I am going to google cmd line way to do it.
I'll continue tomorrow, I almost didn't sleep yesterday, plus having flu doesn't help.
I'll let you know on the progress. I will run MBM when sort AVG
Have a good night!0 -
Hi Jsa112,
managed to install AVG at the end.
Now, I can't install mbam as "check sum error, it already exists". There are still folders in C:\Program Files\Malwarebytes and C:\ProgramData\Malwarebytes with access denied. (but there is no mbam.exe in it). I granted access to folder, but install still fails as the sub folders are access denied... and I don't want to delete anything from there just in case.
The link to uninstall from Control Panel is broken as well.
Would you know the proper way to remove it completely and I'll install fresh one?
Thank you in advance
p.s. I did full AVG scan - nothing found 0 -
use revo uninstaller to remove mbam
http://download.cnet.com/Revo-Uninstaller/3000-2096_4-10687648.html
then re install mbam update and do a quick scan with it and post the log here0 -
Revo uninstaller does not show mbm in the list of programs. But there is still Malwarebytes folder with all the files.
Is there any way to remove it?
Or should I try to run mbm and choose some other (not default) location?
Or should I try to change owner of Program Files/Malwarebytes and delete it manually?
I am not sure what are the other folders to be deleted manually.0 -
I changed access to existing folders and managed to install mbam. But when I try to run it complained that mbam.exe does not exist.
I then used revouninstaller to uninstall this, installed and run again - same thing.
I used advanced option on Revo, it found there are some malwarebytes registry files, but I left them as I am not sure is it safe to delete.
Any ideas?0 -
I downloaded SuperAntiSpyware and followed instructions in the sticky.
It found 456 threats (4 major).
After restart mbam install still missing mbam.exe after install.
I'll copy the log in the next post if Jsa112 or anyone else have time and energy to help me 0 -
I'll post the whole file in PM as it is huge. These are major threats:
Rogue.IEAntiVirus
C:\Program Files\ANTIVIRUS
Trojan.Agent/Gen-VBInject
C:\USERS\LAPTOP\APPDATA\LOCAL\TEMP\~TMF2823190187879636770.TMP
C:\USERS\LAPTOP\APPDATA\LOCAL\TEMP\~TMF4275285878195863885.TMP
C:\USERS\LAPTOP\APPDATA\LOCAL\TEMP\~TMF675816777688979468.TMP
The rest are Adware.Tracking Cookie threats.0 -
that's nothing to worry about
the virus messed up your permissions, see if this helps fixing any permission problems
http://www.bleepingcomputer.com/download/grantperms/0 -
Advertisement
-
It still can't start mbam. This is the output from GrantPerm after unlock:
GrantPerms by Farbar
Ran by Laptop (administrator) at 2014-01-03 01:28:12
===============================================
\\?\C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Owner: BUILTIN\Administrators
DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)0 -
can you post a quick scan from otl ?0
-
OTL logfile created on: 04/01/2014 00:13:09 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laptop\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
984.18 Mb Total Physical Memory | 282.03 Mb Available Physical Memory | 28.66% Memory free
2.18 Gb Paging File | 1.04 Gb Available in Paging File | 47.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.31 Gb Total Space | 79.94 Gb Free Space | 57.80% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.30 Gb Free Space | 88.83% Space Free | Partition Type: NTFS
Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/01/02 16:25:16 | 000,761,536 | ---- | M] () -- C:\Program Files\Mobogenie\DaemonProcess.exe
PRC - [2013/12/30 23:14:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Downloads\OTL.exe
PRC - [2013/12/19 23:52:09 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2013/12/07 01:25:40 | 000,066,840 | ---- | M] () -- C:\Program Files\outobox\updateoutobox.exe
PRC - [2013/11/18 21:59:36 | 000,590,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/11/07 22:00:48 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/10/28 23:24:02 | 000,729,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/10/28 23:17:36 | 000,892,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2010/11/16 13:37:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2010/11/16 13:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/07/12 20:47:40 | 000,098,304 | ---- | M] () -- C:\Program Files\Mobilni Internet\ModemListener.exe
PRC - [2010/06/17 16:09:02 | 000,040,960 | ---- | M] () -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/31 16:39:22 | 000,340,176 | ---- | M] (The TechGuys) -- C:\Program Files\The TechGuys\Launch\Launch.exe
PRC - [2008/06/13 12:06:44 | 000,414,720 | ---- | M] (ODM) -- C:\Program Files\OEM\OSD_1.2\osd.exe
PRC - [2008/05/07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/22 08:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) -- C:\Program Files\OEM\OSD_1.2\OsdService.exe
PRC - [2007/11/28 15:43:08 | 000,042,824 | ---- | M] () -- C:\Program Files\Spare Messaging\MessagingApp.exe
========== Modules (No Company Name) ==========
MOD - [2014/01/02 16:25:16 | 000,761,536 | ---- | M] () -- C:\Program Files\Mobogenie\DaemonProcess.exe
MOD - [2013/10/19 02:26:18 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/10/19 02:25:17 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f228cc72a6647716127cd44ca416e6dc\PresentationFramework.ni.dll
MOD - [2013/10/19 02:24:06 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2482534bee5c520cdfe9c8f7df6a92f\PresentationCore.ni.dll
MOD - [2013/10/19 02:23:21 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c16ade1485996fa4981edc7df436a15b\WindowsBase.ni.dll
MOD - [2013/10/12 19:53:47 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/08/15 20:04:04 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/15 20:02:40 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/15 19:58:55 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/12 20:04:47 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af7b745f6a06b800c73f1556553fe331\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 19:42:34 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2010/07/12 20:47:40 | 000,098,304 | ---- | M] () -- C:\Program Files\Mobilni Internet\ModemListener.exe
MOD - [2008/07/31 16:43:18 | 000,021,200 | ---- | M] () -- C:\Program Files\The TechGuys\Launch\MVVMFramework.DLL
MOD - [2007/11/28 15:43:08 | 000,042,824 | ---- | M] () -- C:\Program Files\Spare Messaging\MessagingApp.exe
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
SRV - [2013/12/21 01:26:09 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/10 22:11:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/07 01:25:40 | 000,066,840 | ---- | M] () [Auto | Running] -- C:\Program Files\outobox\updateoutobox.exe -- (Update outobox)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/16 13:37:38 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/06/17 16:09:02 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager)
SRV - [2008/02/22 08:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) [Auto | Running] -- C:\Program Files\OEM\OSD_1.2\OsdService.exe -- (OsdService)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swumx20.sys -- (SWUMX20)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/11/10 14:41:57 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/11/05 21:50:48 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/11/04 21:57:30 | 000,209,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/24 22:28:32 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/17 00:57:26 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/01/13 10:54:18 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/01/13 10:54:16 | 000,089,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/01/13 10:54:16 | 000,073,344 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/01/13 10:54:16 | 000,064,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/06/17 16:09:00 | 000,103,552 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbser.sys -- (qcusbser)
DRV - [2009/07/22 16:44:18 | 000,148,992 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumxa3.sys -- (SWUMXA3)
DRV - [2009/07/22 16:44:04 | 000,197,504 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV - [2009/02/17 19:38:12 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2008/12/30 10:57:54 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008/12/13 10:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/07/15 08:20:24 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/07/10 10:36:06 | 000,331,776 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2008/05/21 16:46:48 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\directport.sys -- (GpdDevDPort)
DRV - [2008/05/02 13:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/22 18:06:56 | 000,008,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\kbfiltr.sys -- (GpdKbFilter)
DRV - [2008/01/21 02:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007/08/23 10:22:08 | 001,201,312 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{4186E915-6684-410A-A99C-66AF1C7C2FBF}: "URL" = http://search.avg.com/?d=4e04ea29&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI_en-GBIE398
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "search"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/21 01:25:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/21 01:25:35 | 000,000,000 | ---D | M]
[2010/12/27 20:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Extensions
[2014/01/02 16:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions
[2011/04/06 19:47:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/12/07 01:25:40 | 000,008,920 | ---- | M] () (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\firefox@outobox.net.xpi
[2013/08/15 20:57:51 | 000,380,223 | ---- | M] () (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\izer@camelcamelcamel.com.xpi
[2013/11/05 01:45:22 | 000,454,725 | ---- | M] () (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
[2013/12/21 01:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/21 01:25:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/21 01:25:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/12/21 01:25:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/12/21 01:25:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/12/21 01:25:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/12/21 01:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/21 01:25:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/21 01:26:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: outobox = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka\1.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Wallet = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/12/31 17:49:52 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (outobox) - {30f06672-0e95-41a9-80cb-dee386af99ad} - C:\Program Files\outobox\outoboxBHO.dll (outobox)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe ()
O4 - HKLM..\Run: [ModemListener] C:\Program Files\Mobilni Internet\ModemListener.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpareMessaging] C:\Program Files\Spare Messaging\MessagingApp.exe ()
O4 - HKCU..\Run: [NextLive] C:\Users\Laptop\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: raiffeisenbank.rs ([rol] https in Trusted sites)
O16 - DPF: {73848533-39E1-49F1-9363-28054268C094} https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll (FileInterface Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} https://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll (SecAPI Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D476B39-5E72-4B60-B1B3-51942DB45C12}: DhcpNameServer = 62.40.32.33 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CB56C1F-01D1-4F60-907E-B6CEEEAD28B3}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C401496D-850D-4C25-ABE5-409F1360FD22}: DhcpNameServer = 62.40.32.33 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8B8E3FA-BA28-41C2-B622-4E1C8AD58993}: DhcpNameServer = 192.168.1.1 0.0.0.0
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O27 - HKLM IFEO\avcenter.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\avguard.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\avp.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\bdagent.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\ccuac.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\ComboFix.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\egui.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\hijackthis.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\keyscrambler.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\mbam.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MSASCui.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MsMpEng.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\msseces.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\spybotsd.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\wireshark.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\zlclient.exe: Debugger - nsjw.exe File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/03 01:22:03 | 000,000,000 | ---D | C] -- C:\GrantPerm
[2014/01/03 00:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/03 00:28:47 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/01/03 00:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/03 00:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2014/01/02 23:17:53 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\SUPERAntiSpyware.com
[2014/01/02 23:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/01/02 23:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/01/02 23:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/01/02 23:01:16 | 029,249,704 | ---- | C] (SUPERAntiSpyware) -- C:\Users\Laptop\Desktop\SUPERAntiSpyware.exe
[2014/01/02 19:17:22 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Laptop\Desktop\mbam-setup-1.75.0.1300(1).exe
[2014/01/02 16:23:51 | 000,000,000 | ---D | C] -- C:\Users\Laptop\.android
[2014/01/02 16:23:45 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\cache
[2014/01/02 16:23:26 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\newnext.me
[2014/01/02 16:23:24 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\genienext
[2014/01/02 16:23:18 | 000,000,000 | ---D | C] -- C:\Users\Laptop\Documents\Mobogenie
[2014/01/02 16:23:18 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\Mobogenie
[2014/01/02 16:23:04 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
[2014/01/02 16:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mobogenie
[2014/01/02 16:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\outobox
[2014/01/02 16:20:50 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/01/02 16:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/01/02 16:09:02 | 000,923,784 | ---- | C] (CNET Download.com) -- C:\Users\Laptop\Desktop\cbsidlm-cbsi145-Revo_Uninstaller-ORG-10687648.exe
[2014/01/02 02:15:24 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\AVG2014
[2014/01/02 02:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/01/02 02:12:38 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/01/02 02:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/01/02 02:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014/01/02 02:06:04 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\MFAData
[2014/01/02 02:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/01/02 02:06:04 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\Avg2014
[2014/01/01 20:32:12 | 004,436,944 | ---- | C] (AVG Technologies) -- C:\Users\Laptop\Desktop\avg_free_stb_all_2014_4259_cnet.exe
[2014/01/01 20:32:12 | 003,386,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Laptop\Desktop\avg_remover_stf_x86_2014_4116.exe
[2014/01/01 18:02:47 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\WinRAR
[2014/01/01 17:58:17 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/01 17:56:04 | 001,064,333 | ---- | C] (Farbar) -- C:\Users\Laptop\Desktop\FRST.exe
[2014/01/01 02:13:16 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{E223DA60-E642-818A-1CC6-4EB4FC1AB41C}
[2014/01/01 00:47:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/01 00:47:36 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\temp
[2014/01/01 00:46:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/01 00:19:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/01 00:19:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/01 00:19:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/01 00:19:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2014/01/01 00:15:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/01 00:13:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/01 00:02:58 | 005,160,176 | R--- | C] (Swearware) -- C:\Users\Laptop\Desktop\ComboFix.exe
[2013/12/31 17:36:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/31 17:21:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/30 19:06:12 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\dumps
[2013/12/21 01:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/10 10:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2010/11/21 01:03:13 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Laptop\mbam-setup-1.46.exe
[2010/10/04 00:38:21 | 141,707,952 | ---- | C] (AVG Technologies) -- C:\Users\Laptop\avg_free_x86_all_2011_1120a3152.exe
[2010/10/04 00:29:57 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Laptop\avgremover.exe
[2010/09/30 00:17:30 | 001,187,896 | ---- | C] (Piriform Ltd) -- C:\Users\Laptop\ccsetup236.exe
[2010/09/28 23:31:05 | 014,951,776 | ---- | C] (Microsoft Corporation) -- C:\Users\Laptop\word2007-kb974631-fullfile-x86-glb.exe
[2010/09/28 23:04:57 | 019,075,976 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Laptop\SkypeSetupFull.exe
========== Files - Modified Within 30 Days ==========
[2014/11/17 22:43:10 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/17 22:43:08 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/17 22:42:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/17 22:42:24 | 1032,740,864 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/03 01:33:27 | 000,634,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/03 01:33:27 | 000,120,782 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/03 01:10:00 | 000,453,083 | ---- | M] () -- C:\Users\Laptop\Desktop\GrantPerms.zip
[2014/01/03 00:28:53 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/02 23:17:42 | 000,001,765 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/01/02 22:21:18 | 029,249,704 | ---- | M] (SUPERAntiSpyware) -- C:\Users\Laptop\Desktop\SUPERAntiSpyware.exe
[2014/01/02 21:43:21 | 000,002,569 | ---- | M] () -- C:\Users\Laptop\Desktop\Microsoft Office Word 2003.lnk
[2014/01/02 19:14:58 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Laptop\Desktop\mbam-setup-1.75.0.1300(1).exe
[2014/01/02 16:23:08 | 000,000,781 | ---- | M] () -- C:\Users\Laptop\Desktop\Mobogenie.lnk
[2014/01/02 16:20:51 | 000,001,022 | ---- | M] () -- C:\Users\Laptop\Desktop\Revo Uninstaller.lnk
[2014/01/02 15:56:18 | 000,923,784 | ---- | M] (CNET Download.com) -- C:\Users\Laptop\Desktop\cbsidlm-cbsi145-Revo_Uninstaller-ORG-10687648.exe
[2014/01/02 02:13:41 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/01/01 20:22:30 | 003,386,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Laptop\Desktop\avg_remover_stf_x86_2014_4116.exe
[2014/01/01 20:10:42 | 004,436,944 | ---- | M] (AVG Technologies) -- C:\Users\Laptop\Desktop\avg_free_stb_all_2014_4259_cnet.exe
[2014/01/01 18:23:05 | 000,000,224 | ---- | M] () -- C:\Windows\System32\idp2.cfg
[2014/01/01 18:17:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/01 18:06:45 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/01 17:51:28 | 001,064,333 | ---- | M] (Farbar) -- C:\Users\Laptop\Desktop\FRST.exe
[2014/01/01 17:20:30 | 000,000,512 | ---- | M] () -- C:\Users\Laptop\Documents\MBR.dat
[2014/01/01 13:17:12 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/01 10:51:58 | 139,320,433 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/01/01 04:52:54 | 000,000,104 | ---- | M] () -- C:\Users\Laptop\Desktop\Recycle Bin - Shortcut.lnk
[2014/01/01 03:34:23 | 000,000,495 | ---- | M] () -- C:\Users\Laptop\Desktop\OTL - Shortcut.lnk
[2014/01/01 03:33:51 | 000,000,536 | ---- | M] () -- C:\Users\Laptop\Desktop\AdwCleaner - Shortcut.lnk
[2014/01/01 02:37:09 | 000,001,564 | ---- | M] () -- C:\Users\Laptop\Desktop\Computer.lnk
[2014/01/01 02:36:59 | 000,000,288 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\76278BBE.reg
[2014/01/01 00:03:05 | 005,160,176 | R--- | M] (Swearware) -- C:\Users\Laptop\Desktop\ComboFix.exe
[2013/12/31 21:42:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/12/31 17:49:52 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/12/05 21:37:36 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
========== Files Created - No Company Name ==========
[2014/01/03 01:17:26 | 000,453,083 | ---- | C] () -- C:\Users\Laptop\Desktop\GrantPerms.zip
[2014/01/03 00:28:53 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/02 23:17:42 | 000,001,765 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/01/02 16:23:08 | 000,000,781 | ---- | C] () -- C:\Users\Laptop\Desktop\Mobogenie.lnk
[2014/01/02 16:20:51 | 000,001,022 | ---- | C] () -- C:\Users\Laptop\Desktop\Revo Uninstaller.lnk
[2014/01/02 02:13:41 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/01/01 18:23:05 | 000,000,224 | ---- | C] () -- C:\Windows\System32\idp2.cfg
[2014/01/01 17:20:29 | 000,000,512 | ---- | C] () -- C:\Users\Laptop\Documents\MBR.dat
[2014/01/01 10:51:58 | 139,320,433 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/01/01 04:52:54 | 000,000,104 | ---- | C] () -- C:\Users\Laptop\Desktop\Recycle Bin - Shortcut.lnk
[2014/01/01 03:34:23 | 000,000,495 | ---- | C] () -- C:\Users\Laptop\Desktop\OTL - Shortcut.lnk
[2014/01/01 03:33:51 | 000,000,536 | ---- | C] () -- C:\Users\Laptop\Desktop\AdwCleaner - Shortcut.lnk
[2014/01/01 02:37:09 | 000,001,564 | ---- | C] () -- C:\Users\Laptop\Desktop\Computer.lnk
[2014/01/01 02:36:59 | 000,000,288 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\76278BBE.reg
[2014/01/01 00:19:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/01 00:19:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/01 00:19:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/01 00:19:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/01 00:19:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/12/31 21:42:16 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/05/21 00:08:19 | 000,003,714 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2011/07/18 19:53:39 | 000,000,000 | ---- | C] () -- C:\Users\Laptop\AppData\Local\{BB5C1344-8CEB-4AEB-97D3-4FB026A34D40}
[2011/06/23 22:41:55 | 001,529,005 | ---- | C] () -- C:\Users\Laptop\AVGInstLog.cab
[2011/06/09 23:51:11 | 000,000,000 | ---- | C] () -- C:\Users\Laptop\AppData\Local\{DBE900B0-FC28-482C-AE85-F8BD909E858D}
[2010/10/24 22:34:24 | 104,347,466 | ---- | C] () -- C:\Users\Laptop\eclipse-java-helios-SR1-win32.zip
[2010/10/05 00:02:40 | 014,501,192 | ---- | C] () -- C:\Users\Laptop\winzip145.exe
[2010/09/29 00:16:50 | 000,000,132 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\wklnhst.dat
[2010/09/29 00:14:19 | 155,184,736 | ---- | C] () -- C:\Users\Laptop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
[2010/09/25 16:26:23 | 000,007,680 | ---- | C] () -- C:\Users\Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/01/02 02:15:24 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\AVG2014
[2011/04/11 23:44:02 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Birdstep Technology
[2014/01/03 00:28:20 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\newnext.me
[2011/11/15 20:45:07 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\O2 Broadband
[2010/09/29 00:32:35 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\OpenOffice.org
[2011/01/18 19:19:40 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Sierra Wireless
[2010/09/29 00:17:03 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Template
[2010/09/19 17:34:41 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\The TechGuys
[2012/09/29 10:08:31 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\TuneUp Software
========== Purity Check ==========
< End of report >0 -
copy and paste this into the box in otl
:OTL
O27 - HKLM IFEO\avcenter.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\avguard.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\avp.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\bdagent.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\ccuac.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\ComboFix.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\egui.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\hijackthis.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\keyscrambler.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\mbam.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MSASCui.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\MsMpEng.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\msseces.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\spybotsd.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\wireshark.exe: Debugger - nsjw.exe File not found
O27 - HKLM IFEO\zlclient.exe: Debugger - nsjw.exe File not found
[2014/01/03 01:22:03 | 000,000,000 | ---D | C] -- C:\GrantPerm
[2014/01/03 00:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/03 00:28:47 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/01/03 00:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/03 01:17:26 | 000,453,083 | ---- | C] () -- C:\Users\Laptop\Desktop\GrantPerms.zip
click run fix, reboot and try re-install malwarebytes0 -
Now I can't uninstall malwarebytes using Revo. And link in Control Panel is broken.
Error: " Running the application uninstaller failed. Probably invalid uninstall command."
Now complete folder C:/Program Files/Malwarebytes.. is missing and links are probably pointing to it.0 -
I managed to find mbam that is already installed, it is moved to C_ProgramFiles. Also, I have some Mobogenie poping up when I connect to internet (to download latest mbam database)/
This is mbam log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.03.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Laptop :: LAPTOP-PC [administrator]
04/01/2014 02:10:06
mbam-log-2014-01-04 (02-10-06).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210530
Time elapsed: 23 minute(s), 28 second(s)
Memory Processes Detected: 1
C:\Program Files\outobox\updateoutobox.exe (PUP.Optional.Outobox.A) -> 2108 -> Delete on reboot.
Memory Modules Detected: 1
C:\Users\Laptop\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.
Registry Keys Detected: 12
HKLM\SYSTEM\CurrentControlSet\Services\Update outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Util outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{30f06672-0e95-41a9-80cb-dee386af99ad} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{1eb0a0b0-cabb-495c-a85a-7c8f891799c7} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCR\Interface\{B1290521-AB01-40EB-B993-AD122BEFC9E2} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F06672-0E95-41A9-80CB-DEE386AF99AD} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F06672-0E95-41A9-80CB-DEE386AF99AD} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F06672-0E95-41A9-80CB-DEE386AF99AD} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCU\Software\outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKLM\Software\outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\system32\rundll32.exe "C:\Users\Laptop\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Quarantined and deleted successfully.
Registry Data Items Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders|Startup (Hijack.Startup) -> Bad: (%temp%\Startup) Good: (%USERPROFILE%\Start Menu\Programs\Startup) -> Quarantined and repaired successfully.
Folders Detected: 4
C:\Program Files\outobox (PUP.Optional.Outobox.A) -> Delete on reboot.
C:\Program Files\outobox\bin (PUP.Optional.Outobox.A) -> Delete on reboot.
C:\Users\Laptop\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Delete on reboot.
C:\Users\Laptop\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
Files Detected: 20
C:\Program Files\outobox\updateoutobox.exe (PUP.Optional.Outobox.A) -> Delete on reboot.
C:\Program Files\outobox\bin\utiloutobox.exe (PUP.Optional.Outobox.A) -> Delete on reboot.
C:\Program Files\outobox\outoboxBHO.dll (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\temp\~tmf3907897545022973279.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\temp\~tmf562312092936980742.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\temp\~tmf5748325708789366380.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\temp\~tmf2797072619618958580.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\temp\~tmf2866005090776815605.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\temp\dlm45A7.tmp\copy1-outobox1120.exe (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Local\temp\dlm45A7.tmp\outobox1120.exe (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Users\Laptop\Local Settings\Temporary Internet Files\Content.IE5\ZMQ8AE2N\Setup[1].exe (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\outobox.ico (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\outoboxUninstall.exe (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\sqlite3.exe (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\updateoutobox.InstallState (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\bin\utiloutobox.InstallState (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.
C:\Users\Laptop\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Laptop\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
(end)0 -
do another updated mbam scan and post its log0
-
yes I did already yesterday after restart - didn't found anything.
I don't know where that Mobogenie came from, I'll try to uninstall it. It just pop's up and tries to connect to customer service when i connect to internet.
What I should do to make sure it dosn't have any more viruses?
What are these Trojan's that mbam found yesterday?0 -
its junk, try uninstall it, I can remove it too. it came when you used your android it seems.
just keep running avg and mbam occasionally.0 -
Advertisement
-
Ok, thank you so much again for your help
I didn't use that laptop at all as I temporary have another one. I might just re-install Windows if there are more problems.
Have a nice weekend!0
Advertisement