Multiple malwares

[Adriana Matutino]

Hi,

One year ago my computer started turning off by itself (i thought it was due to overheating), and then 6 months ago i started to notice ads within the pages i visited and new pages openning with no request.
Examples of pages: search123, gamegogle, Goodgame Empire, le nouveau jeu de stratégie-construction en ligne de Goodgame Studios !, http://www.tradeadexchange.com/a/display.php?r=426879

Please help me removing this things!

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[Adriana Matutino]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[TwinHeadedEagle]

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns >>"%temp%\log.txt";b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[Adriana Matutino]

Zoek.exe v5.0.0.1 Updated 30-09-2015
Tool run by Adriana Matutino on 02/10/2015 at 20:09:34,36.
Microsoft Windows 7 Home Premium 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Adriana Matutino\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 20:18:46,08 =====

--- Create Environment Variables 20:18:50,74
--- Create System Restore Point 20:19:24,30
--- Checking Input 20:20:02,64
--- AU AppData Check 20:20:40,17
--- Remove From Windows Installer 20:20:52,32
--- Empty Folders Check 20:27:13,70
--- Registry HKLM Software Check 20:27:13,87
--- Quick Launch Shortcut Check 20:28:10,94
--- IE Startpage Check 20:28:36,70

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns >>"%temp%\log.txt";b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[TwinHeadedEagle]

Zoek did not finish correctly.

Do you have C:\Zoek-results.log report?

 

[Adriana Matutino]

I do, but the website doesn't let me upload it. It keeps saying the file is empty.
I ran the program again and here'`s the report ctrl c ctrl v:

Zoek.exe v5.0.0.1 Updated 30-09-2015
Tool run by Adriana Matutino on 03/10/2015 at 10:42:33,61.
Microsoft Windows 7 Home Premium 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Adriana Matutino\Desktop\zoek.exe [Scan all users] [Deep Scan]

==== Older Logs ======================

C:\zoek-results2015-10-02-182713.log 906 bytes

==== Running Processes ======================

C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Users\Adriana Matutino\AppData\Roaming\NetService\netservice.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Adriana Matutino\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) (Build 7600)
Memory (RAM): 4015 MB
CPU Info: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
CPU Speed: 2124,5 MHz
Sound Card: Speaker/HP (Realtek High Defini |
Display Adapters: NVIDIA GeForce 310M | NVIDIA GeForce 310M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Bluetooth Device (Personal Area Network) | Atheros AR9285 Wireless Network Adapter | Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller
CD / DVD Drives: 1x (G: | ) G: HL-DT-STDVDRAM GT20N
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 457,2GB
Hard Disks - Free: C: 296,9GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 09/23/09 | Sony - 20100514
Time Zone: Romance Standard Time
Motherboard *: Sony Corporation VAIO
Country: Brazil
Language: PTB

==== System Specs (Software) ======================

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
Default Browser: Google Chrome 45.0.2454.101
Internet Explorer version: 8.0.7600.16385
Mozilla Firefox version: 41.0.1 (x86 pt-BR)
Google Chrome version: 45.0.2454.101
Adobe Reader version: 11.0.12.18
Sun Java version: 1.8.0_45 (32-bit)
Sun Java version: 1.8.0_45 (64-bit)
Flash Player version: 19.0.0.185

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-09-04 19:02:47 B58952E67FC2FA0E689F4F0F4E3091E6 43112 ----a-w- C:\Windows\avastSS.scr
====== C:\Users\ADRIAN~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-10-02 13:57:08 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service
======= C: =====
====== C:\Users\Adriana Matutino\AppData\Roaming ======
2015-10-02 13:57:22 -------- d-----w- C:\Users\Adriana Matutino\AppData\Roaming\Mozilla
====== C:\Users\Adriana Matutino ======
2015-10-02 17:13:25 2DDAF1B28DD5B82A75C973CC263B1012 2192384 ----a-w- C:\Users\Adriana Matutino\Desktop\FRST64.exe

====== C: exe-files ==
2015-10-03 08:45:51 FC32C1A3ED0B3F2AC2BC9B3B15410471 98248 ----a-w- C:\Users\Adriana Matutino\AppData\Roaming\RunDir\wrg.exe
2015-10-03 08:45:51 E5FFD73FCA896510E756CABA7DDF66AB 136648 ----a-w- C:\Users\Adriana Matutino\AppData\Roaming\RunDir\rbt.exe
2015-10-03 08:45:51 0F86442B238F1C9CA69CB8D662DEB05B 185800 ----a-w- C:\Users\Adriana Matutino\AppData\Roaming\RunDir\ud40.exe
2015-10-03 08:45:46 FC32C1A3ED0B3F2AC2BC9B3B15410471 98248 ----a-w- C:\Users\Adriana Matutino\AppData\Roaming\RunDir\temp\wrg.exe
2015-10-03 08:45:45 E5FFD73FCA896510E756CABA7DDF66AB 136648 ----a-w- C:\Users\Adriana Matutino\AppData\Roaming\RunDir\temp\rbt.exe
2015-10-03 08:45:42 0F86442B238F1C9CA69CB8D662DEB05B 185800 ----a-w- C:\Users\Adriana Matutino\AppData\Roaming\RunDir\temp\ud40.exe
2015-10-02 17:44:24 E8766DAA687711629698B8D301C89187 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3282514184-3565872630-3476672258-1004\$I9ZFIYM.exe
2015-10-02 17:13:25 2DDAF1B28DD5B82A75C973CC263B1012 2192384 ----a-w- C:\Users\Adriana Matutino\Desktop\FRST64.exe
2015-10-02 17:11:15 F19F51A83D76821C21C02A21DFF72C2C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3282514184-3565872630-3476672258-1004\$ILR47J4.exe
2015-10-02 17:10:11 92E44FBA7990CAAAE5C961526E5E3251 1696256 ----a-w- C:\$Recycle.Bin\S-1-5-21-3282514184-3565872630-3476672258-1004\$RLR47J4.exe
2015-10-02 13:57:10 AD58FEB99BEEE7E78E8BA45BA172B6BF 107202 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
2015-10-02 13:57:08 6215DA3AD492CFBEBEE2ADBED0A6CC22 147624 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
2015-10-02 13:52:03 4F04576BC7E8AA5F5D63C118ADF17A31 243792 ----a-w- C:\$Recycle.Bin\S-1-5-21-3282514184-3565872630-3476672258-1004\$R9ZFIYM.exe
2015-09-30 19:49:05 008AE7228FAA525AF3970C441F4BD4DC 3016272 ----a-w- C:\Program Files (x86)\Google\Update\Install\{19ECED25-6F7C-49F5-B6C7-1FBE13529F3E}\45.0.2454.101_45.0.2454.93_chrome_updater.exe
2015-09-30 19:49:05 008AE7228FAA525AF3970C441F4BD4DC 3016272 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\45.0.2454.101\45.0.2454.101_45.0.2454.93_chrome_updater.exe
2015-09-30 19:32:16 07D733DAB53FD7E2E7C8442216073379 873800 ----a-w- C:\Users\Adriana Matutino\AppData\Local\Google\Chrome\User Data\SwReporter\4.30.2\software_reporter_tool.exe
=== C: other files ==
2015-09-30 21:03:40 4D08A7B60638242B389773A506B2E7A0 555384 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1507072.sys
2015-09-30 21:03:40 4527F0AE9E7D15670977FAFFCCCE138F 959416 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507072.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3282514184-3565872630-3476672258-1004\Software\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files (x86)\Ares\Ares.exe -h"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
"PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"AvastUI.exe"="C:\Program Files\Alwil Software\Avast5\AvastUI.exe /nogui"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files (x86)\Ares\Ares.exe -h"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"
"CertificateRegistration"="aetcrss1.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe "

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [30/09/2015 22:35]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/08/2015 20:37]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]
C:\Windows\tasks\HP Photo Creations Communicator.job --a------ C:\ProgramData\HP Photo Creations\MessageCheck.exe [24/03/2012 03:00]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AutoUpdaterTask" [C:\Program Files (x86)\Auto Updater\AutoUpdater.exe]
"C:\Windows\SysNative\tasks\avastBCLRestartS-1-5-21-3282514184-3565872630-3476672258-1004" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe]
"C:\Windows\SysNative\tasks\avastBCLRestart_chrome.exe" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HP Photo Creations Communicator" [C:\ProgramData\HP Photo Creations\MessageCheck.exe]
"C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 2050 J510 series" ["C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe"]
"C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-3282514184-3565872630-3476672258-1004" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-3282514184-3565872630-3476672258-1004" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\VAIO Health Report" ["C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe"]
"C:\Windows\SysNative\tasks\SONY\Java Update" ["C:\Program Files\Java\jre6\bin\jusched.exe"]
"C:\Windows\SysNative\tasks\SONY\OOBEReminder" ["C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe"]
"C:\Windows\SysNative\tasks\SONY\OOBESendInfo" ["C:\Program Files\Sony\First Experience\OOBESendInfo.exe"]
"C:\Windows\SysNative\tasks\SONY\VAIO Survey" ["C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"]
"C:\Windows\SysNative\tasks\SONY\SUS-BCF\Level4Daily" [C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe]
"C:\Windows\SysNative\tasks\SONY\SUS-BCF\Level4Month" [C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe]
"C:\Windows\SysNative\tasks\SONY\VAIO Power Management\VPM Logon Start" [C:\Program Files\Sony\VAIO Power Management\SPMgr.exe]
"C:\Windows\SysNative\tasks\SONY\VAIO Power Management\VPM Session Change" [C:\Program Files\Sony\VAIO Power Management\SPMgr.exe]
"C:\Windows\SysNative\tasks\SONY\VAIO Power Management\VPM Unlock" [C:\Program Files\Sony\VAIO Power Management\SPMgr.exe]
"C:\Windows\SysNative\tasks\Sony Corporation\VAIO Update\VAIO Update" ["C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe"]
"C:\Windows\SysNative\tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair" [C:\Program Files\Sony\VAIO Update\VUSR.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [04/09/2015 21:02]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Adriana Matutino\AppData\Roaming\Mozilla\Firefox\Profiles\kfeg4fin.default
10737B44923217BC0E67D26A9FC1F0AA - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
1A62BB86D17B8DC0D4339BACC8D60635 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll - Shockwave Flash
257E7BD1D90C987F5F2DDC1CCB185DC3 - C:\Users\Adriana Matutino\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
406106D91D3F86FD34EC194940855746 - C:\Users\Adriana Matutino\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal


==== Chromium Look ======================

Google Chrome Version: 45.0.2454.101

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaojmikegpiepcfdkkjaplodkpfmlo - No path found[]
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswwebrepchrome-sp.crx[13/08/2014 06:14]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[21/07/2015 04:52]
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbjllphbppobebmjpjcijfbakobcheof - No path found[]

EasyCalendar - Adriana Matutino\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk
Slinky Vintage - Adriana Matutino\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdjbhifhppglclhnmmnlfloepnolbkn
Chrome Hotword Shared Module - Adriana Matutino\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Chrome Web Store Payments - Adriana Matutino\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="Upgrade to Google Chrome"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="%s - Google Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="Upgrade to Google Chrome"
"Default_Search_URL"="Upgrade to Google Chrome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="{searchTerms} - Google Search"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="{searchTerms} - Google Search"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found"

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Net.Tcp Service Handler (NetTcpHandler) - QNT - C:\Users\Adriana Matutino\AppData\Roaming\NetService\netservice.exe
O23 - Service: NVIDIA GuardService (nvservice) - Unknown owner - C:\Windows\system32\nvservice.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Oasis2Service - Unknown owner - (no file)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - (no file)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - (no file)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\vuagent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 03/10/2015 at 10:54:27,30 ======================

Zoek did not finish correctly.

Do you have C:\Zoek-results.log report?

 

[TwinHeadedEagle]

This is not the correct script I asked you to do. Please go through my Zoek instructions again.

 

[Adriana Matutino]

Sorry, when I ran it again I forgot to paste the text you gave me. So now I ran it again following the instructions and this is the message I got:

This is not the correct script I asked you to do. Please go through my Zoek instructions again.

 

[TwinHeadedEagle]

Don't mind this error, it happens. Just continue with Zoek.

 

[Adriana Matutino]

I did press OK since that time I showed you the picture and it seems like Zoek is still running.
I'll wait patiently though.

Don't mind this error, it happens. Just continue with Zoek.

 

[Adriana Matutino]

Don't mind this error, it happens. Just continue with Zoek.

Here you go!!!!!

 

[TwinHeadedEagle]

That's much better. How is your PC behaving now?

 

[Adriana Matutino]

It looks like it's still infected...

That's much better. How is your PC behaving now?

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[Adriana Matutino]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Adriana Matutino]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[TwinHeadedEagle]

Very good. How is your PC behaving now?

 

[Adriana Matutino]

As I was attaching the fixlog file to send you, the antivirus found threats again...

Very good. How is your PC behaving now?