HELP!!! Im infected with GoSave

M

mario09

New Member
Thread author
Oct 1, 2014
1
I'm infected with GoSave

below are the AWD cleaner report follwed by FRST report.

NEED HELP!!!!!


# AdwCleaner v3.311 - Report created 01/10/2014 at 10:46:10
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : MARIO - MARIO-PC
# Running from : C:\Users\MARIO\Downloads\adwcleaner_3.311.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\GioSaVe
Folder Found : C:\ProgramData\GioSaVe
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop
Folder Found : C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop
Folder Found : C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop
Folder Found : C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop
Folder Found : C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : fenijknkpfhhbigjookphnnkeckecdop

[ File : C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : fenijknkpfhhbigjookphnnkeckecdop

*************************

AdwCleaner[R0].txt - [5093 octets] - [29/09/2014 10:51:56]
AdwCleaner[R1].txt - [1019 octets] - [29/09/2014 10:59:41]
AdwCleaner[R2].txt - [1136 octets] - [29/09/2014 11:04:19]
AdwCleaner[R3].txt - [1256 octets] - [30/09/2014 11:51:54]
AdwCleaner[R4].txt - [3195 octets] - [01/10/2014 10:46:10]
AdwCleaner[S0].txt - [5365 octets] - [29/09/2014 10:52:46]
AdwCleaner[S1].txt - [1228 octets] - [29/09/2014 11:00:52]
AdwCleaner[S2].txt - [1344 octets] - [29/09/2014 11:05:31]
AdwCleaner[S3].txt - [1464 octets] - [30/09/2014 11:56:58]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [3495 octets] ##########





Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 02
Ran by MARIO (administrator) on MARIO-PC on 01-10-2014 10:47:54
Running from C:\Users\MARIO\Downloads
Loaded Profile: MARIO (Available profiles: MARIO & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
( ) C:\Windows\System32\lmabcoms.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Dropbox, Inc.) C:\Users\MARIO\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2796272 2013-11-22] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1104912 2014-08-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3932655772-945513827-433234080-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3932655772-945513827-433234080-1000\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
IFEO\acad.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\aclauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\acsignapply.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\adrefman.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\aeccb.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\aecdbmigrationutility.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\aeckeynoteeditor.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\aeclaunchcurrentproject.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\connect.service.contentservice.admin.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\dwgcheckstandards.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\gaaihodoc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\gpdfdirect.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\isuspm.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pc3exe.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pdfrouter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\plu26.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\styexe.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\Users\MARIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\MARIO\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll (Autodesk, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
SearchScopes: HKLM - {B92B109E-78F8-438A-8DEF-06EDB96ED4A7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {B92B109E-78F8-438A-8DEF-06EDB96ED4A7} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKCU - {B92B109E-78F8-438A-8DEF-06EDB96ED4A7} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll (Zeon Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://xfinity.comcast.net/?cid=insDate09292012", "hxxp://www.xfinity.com/?cid=insDate02242012"
CHR DefaultSearchKeyword: Default -> 77F49E0198065CA9C494608595862A10AFC1E507424D89D2D599104DABC0A36B
CHR DefaultSearchURL: Default -> 6A779ABA880A049D2ACBB197AFD4DF1D816B7E7AE1404702E981C8E0745D5F7D
CHR Profile: C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-03-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Gmail Offline) - C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-03-21]
CHR Extension: (GoSAve) - C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop [2014-09-23]
CHR Extension: (Google Wallet) - C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-20]
CHR Extension: (GoSAve) - C:\Users\MARIO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fenijknkpfhhbigjookphnnkeckecdop\3.0 [2014-09-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
S4 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [85096 2014-08-28] (Autodesk)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [846864 2014-08-20] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1048576 2012-09-28] ( ) [File not signed]
R2 lmab_device; C:\Windows\SysWOW64\LMabcoms.exe [593920 2012-09-28] ( ) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
S4 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2538808 2014-09-04] (AVG Technologies)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16877 2002-07-17] (Adaptec) [File not signed]
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-12-04] (Intel Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-08-28] (TuneUp Software)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-01 10:45 - 2014-10-01 10:45 - 01375089 _____ () C:\Users\MARIO\Downloads\adwcleaner_3.311.exe
2014-10-01 10:19 - 2014-10-01 10:29 - 00026651 _____ () C:\Users\MARIO\Desktop\dds.txt
2014-10-01 10:19 - 2014-10-01 10:29 - 00017682 _____ () C:\Users\MARIO\Desktop\attach.txt
2014-10-01 10:18 - 2014-10-01 10:18 - 00688992 ____R (Swearware) C:\Users\MARIO\Desktop\dds.com
2014-09-30 16:26 - 2014-09-30 16:26 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-09-30 16:21 - 2014-09-30 16:21 - 05152768 _____ () C:\Users\MARIO\Downloads\HPSupportSolutionsFramework-11.51.0027.msi
2014-09-30 13:00 - 2014-09-30 13:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-30 11:47 - 2014-09-30 11:47 - 00002173 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk
2014-09-30 11:47 - 2014-09-30 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015
2014-09-30 11:47 - 2014-09-04 13:23 - 00040248 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe
2014-09-30 11:47 - 2014-09-04 13:23 - 00029496 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll
2014-09-30 11:47 - 2014-09-04 13:23 - 00025400 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll
2014-09-30 11:46 - 2014-09-30 11:46 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\AVG
2014-09-29 13:08 - 2014-09-29 13:11 - 108977370 _____ () C:\Users\MARIO\Downloads\Surflodge.zip
2014-09-29 13:07 - 2014-09-29 13:07 - 09728078 _____ () C:\Users\MARIO\Downloads\BidFiles_1412010330934.zip
2014-09-29 12:47 - 2014-09-29 12:47 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\AVG2015
2014-09-29 12:46 - 2014-09-29 12:46 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\TuneUp Software
2014-09-29 12:46 - 2014-09-29 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-29 12:44 - 2014-09-29 12:46 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-29 12:44 - 2014-09-29 12:44 - 00000000 ___HD () C:\$AVG
2014-09-29 12:42 - 2014-10-01 09:50 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-29 12:42 - 2014-09-29 12:50 - 00000000 ____D () C:\Users\MARIO\AppData\Local\Avg2015
2014-09-29 12:42 - 2014-09-29 12:42 - 00000000 ____D () C:\Users\MARIO\AppData\Local\MFAData
2014-09-29 12:41 - 2014-09-29 12:41 - 00000932 _____ () C:\Users\Public\Desktop\AVG.lnk
2014-09-29 12:41 - 2014-09-29 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2014-09-29 12:40 - 2014-09-30 11:47 - 00000000 ____D () C:\ProgramData\Avg
2014-09-29 12:40 - 2014-09-30 11:45 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-29 12:39 - 2014-09-30 11:46 - 00000000 ____D () C:\Users\MARIO\AppData\Local\Avg
2014-09-29 12:39 - 2014-09-29 12:41 - 00000000 ____D () C:\Users\MARIO\AppData\Local\AvgSetupLog
2014-09-29 12:38 - 2014-09-29 12:39 - 15722448 _____ (AVG Technologies) C:\Users\MARIO\Downloads\avg_gsr_stb_all_329p1_100.exe
2014-09-29 11:19 - 2014-09-29 11:19 - 00050450 _____ () C:\Users\MARIO\Downloads\Shortcut.txt
2014-09-29 11:18 - 2014-09-29 11:19 - 00051617 _____ () C:\Users\MARIO\Downloads\Addition.txt
2014-09-29 11:17 - 2014-10-01 10:47 - 00021482 _____ () C:\Users\MARIO\Downloads\FRST.txt
2014-09-29 11:17 - 2014-10-01 10:47 - 00000000 ____D () C:\FRST
2014-09-29 11:15 - 2014-09-29 11:16 - 02108928 _____ (Farbar) C:\Users\MARIO\Downloads\FRST64.exe
2014-09-29 10:59 - 2014-09-29 10:59 - 01373475 _____ () C:\Users\MARIO\Downloads\adwcleaner_3.310 (1).exe
2014-09-29 10:51 - 2014-10-01 10:47 - 00000000 ____D () C:\AdwCleaner
2014-09-29 10:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-29 08:53 - 2014-09-29 08:53 - 02347384 _____ (ESET) C:\Users\MARIO\Downloads\esetsmartinstaller_enu.exe
2014-09-29 08:31 - 2014-09-29 08:31 - 00000017 _____ () C:\Users\MARIO\AppData\Local\resmon.resmoncfg
2014-09-29 08:31 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-29 08:30 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 16:21 - 2014-09-25 16:21 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-09-24 15:08 - 2014-09-24 15:10 - 27795406 _____ () C:\Users\MARIO\Downloads\Specs.zip
2014-09-24 15:03 - 2014-09-24 15:55 - 1504227570 _____ () C:\Users\MARIO\Downloads\Ritz Residences as of 20140813.zip
2014-09-24 10:18 - 2014-09-24 10:18 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-24 10:18 - 2014-09-24 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-24 10:17 - 2014-09-24 10:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-24 10:17 - 2014-09-24 10:17 - 00000000 ____D () C:\Program Files\iTunes
2014-09-24 10:17 - 2014-09-24 10:17 - 00000000 ____D () C:\Program Files\iPod
2014-09-24 10:17 - 2014-09-24 10:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-23 08:21 - 2014-09-23 08:30 - 00000000 ____D () C:\ProgramData\7db0f665df3d752b
2014-09-23 08:21 - 2014-09-23 08:26 - 00000000 ____D () C:\ProgramData\GioSaVe
2014-09-23 08:21 - 2014-09-23 08:24 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-09-23 08:21 - 2014-09-23 08:24 - 00000000 ____D () C:\Program Files (x86)\GioSaVe
2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\MARIO\AppData\Local\Comodo
2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-23 08:21 - 2014-09-23 08:21 - 00000000 ____D () C:\Users\Administrator
2014-09-18 14:59 - 2014-09-18 15:00 - 00085472 _____ () C:\Users\MARIO\Documents\HOME-FloorPlan-DEMOLITIONPLAN.dwg
2014-09-18 14:59 - 2014-09-18 14:59 - 00122528 _____ () C:\Users\MARIO\Documents\HOME-FloorPlan-DEMOLITIONPLAN.bak
2014-09-18 14:59 - 2014-09-18 14:59 - 00022323 _____ () C:\Users\MARIO\Documents\HOME-FloorPlan-DEMOLITIONPLAN.pcp
2014-09-18 14:56 - 2014-09-18 16:21 - 00569824 _____ () C:\Users\MARIO\Documents\HOME NEW VERSION 2.dwg
2014-09-18 14:56 - 2014-09-18 15:56 - 00570560 _____ () C:\Users\MARIO\Documents\HOME NEW VERSION 2.bak
2014-09-16 13:45 - 2014-09-16 14:48 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\uTorrent
2014-09-11 09:01 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 09:01 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 09:01 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 09:01 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 09:01 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 09:01 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 09:01 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 09:01 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 09:01 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 09:01 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 09:01 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 09:01 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 09:01 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 09:01 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 09:01 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 09:01 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 09:01 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 09:01 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 09:01 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 09:01 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 09:01 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 09:01 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 09:01 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 09:01 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 09:01 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 09:01 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 09:01 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 09:01 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 09:01 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 09:01 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 09:01 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 09:01 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 09:01 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 09:01 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 09:01 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 09:01 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 09:01 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 09:01 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 09:01 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 09:01 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 09:01 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 09:01 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 09:01 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 09:01 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 09:01 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 09:01 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 09:01 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 09:01 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 09:01 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 09:01 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 09:01 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 09:01 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 09:01 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 09:01 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 09:01 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 09:01 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 08:52 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 08:52 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 07:55 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 07:55 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 07:55 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 07:55 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 07:55 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 07:55 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 07:55 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 07:55 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 07:55 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 07:55 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 07:55 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 15:26 - 2014-09-16 16:34 - 00499424 _____ () C:\Users\MARIO\Documents\HOME NEW VERSION.dwg
2014-09-09 15:26 - 2014-09-16 16:25 - 00501216 _____ () C:\Users\MARIO\Documents\HOME NEW VERSION.bak
2014-09-09 15:26 - 2014-09-09 15:26 - 00022321 _____ () C:\Users\MARIO\Documents\HOME NEW VERSION.pcp
2014-09-02 11:31 - 2014-09-02 11:31 - 00000000 ____D () C:\Users\MARIO\AppData\Local\Skype

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-01 09:54 - 2013-11-16 01:14 - 01707681 _____ () C:\Windows\WindowsUpdate.log
2014-10-01 09:52 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-01 09:52 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-01 09:46 - 2014-06-17 09:05 - 00000000 ___RD () C:\Users\MARIO\Dropbox
2014-10-01 09:46 - 2014-06-17 08:49 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\Dropbox
2014-10-01 09:46 - 2013-11-15 23:49 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-10-01 09:45 - 2014-03-20 16:58 - 00162776 _____ () C:\Users\MARIO\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-01 09:45 - 2013-11-16 00:08 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-10-01 09:45 - 2013-11-16 00:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-10-01 09:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 09:44 - 2009-07-14 00:51 - 00055050 _____ () C:\Windows\setupact.log
2014-10-01 09:44 - 2009-07-14 00:45 - 00559280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-30 16:26 - 2014-03-25 18:01 - 00000000 ____D () C:\Program Files (x86)\HP
2014-09-30 13:00 - 2010-11-20 23:47 - 00183604 _____ () C:\Windows\PFRO.log
2014-09-30 12:57 - 2014-03-23 21:29 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\Skype
2014-09-30 12:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-09-29 15:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-29 13:12 - 2014-03-24 08:07 - 00000000 ____D () C:\Users\MARIO\Documents\Estimates
2014-09-29 10:39 - 2014-05-08 12:26 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-29 10:15 - 2014-07-18 08:40 - 00209299 _____ () C:\ProgramData\LMabscan.log
2014-09-29 10:14 - 2014-03-20 17:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-09-25 16:21 - 2014-04-11 10:00 - 00161648 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 08:26 - 2014-03-20 17:46 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-23 08:21 - 2014-04-11 10:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-23 08:21 - 2014-03-20 17:46 - 00000000 ____D () C:\Users\MARIO\AppData\Local\Google
2014-09-23 08:21 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-23 08:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-22 08:53 - 2014-03-20 22:28 - 00000000 ____D () C:\Users\MARIO\AppData\Local\cache
2014-09-18 16:18 - 2014-03-26 12:25 - 00009304 _____ () C:\Users\MARIO\Documents\plot.log
2014-09-18 07:31 - 2014-06-17 08:57 - 00001021 _____ () C:\Users\MARIO\Desktop\Dropbox.lnk
2014-09-18 07:31 - 2014-06-17 08:52 - 00000000 ____D () C:\Users\MARIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-15 14:58 - 2014-06-17 12:34 - 07127040 _____ () C:\Users\MARIO\Documents\HOME.rvt
2014-09-15 14:33 - 2014-06-17 12:34 - 07127040 _____ () C:\Users\MARIO\Documents\HOME.0022.rvt
2014-09-15 09:06 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-11 09:01 - 2014-07-15 11:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 09:00 - 2011-02-10 10:33 - 00776444 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 08:59 - 2014-03-20 17:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 08:59 - 2009-07-14 01:13 - 00776444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 08:53 - 2014-03-20 17:32 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 08:52 - 2014-05-06 08:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 12:37 - 2014-06-17 12:34 - 07155712 _____ () C:\Users\MARIO\Documents\HOME.0021.rvt
2014-09-10 12:30 - 2014-06-17 12:34 - 06819840 _____ () C:\Users\MARIO\Documents\HOME.0020.rvt
2014-09-09 16:34 - 2014-06-17 12:34 - 06373376 _____ () C:\Users\MARIO\Documents\HOME.0019.rvt
2014-09-09 15:25 - 2014-06-17 12:34 - 06373376 _____ () C:\Users\MARIO\Documents\HOME.0018.rvt
2014-09-09 15:25 - 2014-06-17 12:34 - 06373376 _____ () C:\Users\MARIO\Documents\HOME.0017.rvt
2014-09-09 13:03 - 2014-06-17 12:34 - 05939200 _____ () C:\Users\MARIO\Documents\HOME.0016.rvt
2014-09-09 13:01 - 2014-06-17 12:34 - 05808128 _____ () C:\Users\MARIO\Documents\HOME.0015.rvt
2014-09-09 12:29 - 2014-06-17 12:34 - 05492736 _____ () C:\Users\MARIO\Documents\HOME.0014.rvt
2014-09-09 11:53 - 2014-06-17 12:34 - 05406720 _____ () C:\Users\MARIO\Documents\HOME.0013.rvt
2014-09-09 11:52 - 2014-08-28 14:55 - 00228096 _____ () C:\Users\MARIO\Documents\HOME-FloorPlan-Level1.dwg
2014-09-05 15:24 - 2014-08-28 14:55 - 00219360 _____ () C:\Users\MARIO\Documents\HOME-FloorPlan-Level1.bak
2014-09-02 11:37 - 2013-11-15 23:52 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\MARIO\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplscfhq.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-29 15:13

==================== End Of Log ============================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code: 
    createsrpoint;
autoclean;
fenijknkpfhhbigjookphnnkeckecdop;chr
emptyalltemp;
ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 

Similar threads

K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
1,999
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
1,856
Windows Malware Removal Help & Support
nasdaq
nasdaq
F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
1,868
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top