Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Google Chrome keeps opening pop-ups randomly

This is a discussion on Google Chrome keeps opening pop-ups randomly within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi guys, I actually had this problem exactly 2 months ago and you helped me solve it. A few days


 
 
Thread Tools Search this Thread
Old 12-19-2015, 12:28 AM   #1
Registered Member
 
Join Date: Mar 2005
Posts: 22
OS: XP



Hi guys,

I actually had this problem exactly 2 months ago and you helped me solve it.
A few days ago it was back, exactly the same.
I don't recall installing any app, clicking any weird banner or e-mail attachment so I really don't know what's the cause of it.
The only symptom is that I keep getting pop-ups out of nowhere every few minutes, even if I don't touch the computer.

Here are the DDS and attach file:
===================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18124 BrowserJavaVersion: 11.31.2
Run by Shahar Ben-Porath at 20:39:50 on 2015-12-18
Microsoft Windows 7 Professional 6.1.7601.1.1255.972.1033.18.2922.890 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\Av\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\Av\avgidsagent.exe
C:\Program Files\AVG\Framework\Common\avgsvcx.exe
C:\Program Files\AVG\Av\avgwdsvcx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE
C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe
C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe
C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files\AVG\Av\avgnsx.exe
C:\Program Files\AVG\Av\avgemcx.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
c:\program files\soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVG\Framework\Common\avguix.exe
C:\Program Files\AVG\Av\avgui.exe
C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_TATINGE.EXE
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Shahar Ben-Porath\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG Web TuneUp\vprot.exe
C:\Program Files\AVG\Av\avgcsrvx.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mysearch.avg.com/?cid={8EF4AC3F-B710-440B-80A5-E852EC322E5C}&mid=5c331a67e17647d1a646957ea0dfaa80-f60f1bc55ce20c250fa1c1a05d7706fc14e0d932&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-11-18 08:42:40&v=4.2.1.951&pid=wtu&sg=&sap=hp
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.maxiwe.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: ActiveMail Add-on: {2BBC8EDB-3D27-4FD3-9F9F-DFDC5B4A27A4} - c:\program files\activepath\addon\apieinbodyBHO.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: {54B02808-B60E-44CD-A72D-9865117E4E62} - <orphaned>
BHO: AGFormHelperObj Class: {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - c:\program files\agat\agform\AGFormsHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_31\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg web tuneup\4.2.4.155\AVG Web TuneUp.dll
BHO: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - c:\program files\winzip courier\wzwmcie.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_31\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AGForms Toolbar: {8fe28f46-37ad-47b2-8258-34c128636ace} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Google Update] "c:\users\shahar ben-porath\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AVG-Secure-Search-Update_0913b] c:\users\shahar ben-porath\appdata\roaming\avg 0913b campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5c331a67e17647d1a646957ea0dfaa80-f60f1bc55ce20c250fa1c1a05d7706fc14e0d932 --CMPID 0913b
uRun: [GoogleChromeAutoLaunch_B1CFEE270F926F92FBAC5A26A0459617] "c:\users\shahar ben-porath\appdata\local\google\chrome\application\chrome.exe" --no-startup-window
uRun: [Dropbox Update] "c:\users\shahar ben-porath\appdata\local\dropbox\update\DropboxUpdate.exe" /c
uRun: [Web Companion] c:\program files\lavasoft\web companion\application\WebCompanion.exe --minimize
uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatinge.exe /ept "epltarget\P0000000000000000" /M "L455 Series"
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [Power Manager Power Agenda] c:\progra~1\thinkpad\utilit~1\DPMHost.exe
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AvgUi] "c:\program files\avg\framework\common\avguix.exe" /fmw.trayonly
mRun: [AVG_UI] "c:\program files\avg\av\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg web tuneup\vprot.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
StartupFolder: c:\users\shahar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shahar ben-porath\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &ייצוא אל Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: ש&לח אל OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\LavasoftTcpService.dll
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: NameServer = 192.117.235.235 62.219.186.7
TCP: Interfaces\{A68E97FE-3021-4C69-AB0D-F919893DC660} : DHCPNameServer = 192.117.235.235 62.219.186.7
TCP: Interfaces\{F64C6EC5-5E94-4367-97B9-C4EB5204B9AA} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "c:\windows\system32\rundll32.exe" "c:\program files\adobe\acrobat reader dc\esl\AiodLite.dll",CreateReaderUserSettings
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\shahar ben-porath\appdata\roaming\mozilla\firefox\profiles\pnmycuye.default\
FF - prefs.js: browser.search.selectedEngine - Bing®
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\program files\winzip courier\npwzwmc.dll
FF - plugin: c:\users\shahar ben-porath\appdata\local\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\users\shahar ben-porath\appdata\local\google\update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: c:\users\shahar ben-porath\appdata\roaming\mozilla\firefox\profiles\pnmycuye.default\extensions\[email protected]\plugins\npCoralIETab.dll
FF - plugin: c:\users\shahar ben-porath\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\shahar ben-porath\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_19_0_0_245.dll
FF - ExtSQL: !HIDDEN! 2011-07-16 08:40; [email protected]; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2015-8-20 231344]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2015-8-14 308656]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2015-11-6 193968]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2015-8-10 36784]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-7-18 51144]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2015-11-6 149936]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2015-11-6 255920]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2015-11-20 31664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2015-10-21 229296]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2015-10-8 231856]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-3 26984]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-5-17 269824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-18 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-10-18 170200]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-5-17 41088]
R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-6-27 22640]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2010-9-28 38336]
R3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2011-8-7 16256]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys [2011-9-6 25856]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2011-9-6 23040]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2011-9-6 27776]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys [2011-9-16 73728]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-18 51928]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-2-16 11520]
.
=============== Created Last 30 ================
.
2015-12-18 14:33:47 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e8a502c4-8525-429c-805b-69723632d1bb}\offreg.5268.dll
2015-12-18 14:29:12 9014120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e8a502c4-8525-429c-805b-69723632d1bb}\mpengine.dll
2015-12-09 17:17:01 487936 ----a-w- c:\windows\system32\catsrvut.dll
2015-12-09 17:17:01 1242624 ----a-w- c:\windows\system32\comsvcs.dll
2015-12-09 05:30:06 9498816 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2015-12-03 13:38:43 -------- d-----w- c:\program files\EPSON Software
2015-12-03 10:28:51 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2015-12-03 10:28:49 142848 ----a-w- c:\windows\system32\E_TLMBNGE.DLL
2015-12-03 10:28:48 81408 ----a-w- c:\windows\system32\E_TD4BNGE.DLL
2015-11-25 12:15:05 -------- d--h--w- C:\$WINDOWS.~BT
2015-11-20 06:05:14 31664 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
==================== Find3M ====================
.
2015-12-18 18:37:33 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-09 05:30:15 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-12-09 05:30:15 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-12-02 11:25:18 247976 ------w- c:\windows\system32\MpSigStub.exe
2015-11-20 18:34:36 93696 ----a-w- c:\windows\system32\wudriver.dll
2015-11-20 18:34:36 2956800 ----a-w- c:\windows\system32\wucltux.dll
2015-11-20 18:34:36 174080 ----a-w- c:\windows\system32\wuwebv.dll
2015-11-20 18:34:11 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-11-20 18:33:59 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-11-20 18:33:56 35328 ----a-w- c:\windows\system32\wuapp.exe
2015-11-17 09:54:35 170200 ----a-w- c:\windows\system32\drivers\24AB5392.sys
2015-11-15 07:56:54 170200 ----a-w- c:\windows\system32\drivers\0F7A5D3C.sys
2015-11-13 07:54:43 170200 ----a-w- c:\windows\system32\drivers\0D013F4C.sys
2015-11-10 18:39:18 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-11-10 18:39:18 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-11-10 18:39:15 811520 ----a-w- c:\windows\system32\user32.dll
2015-11-10 17:40:30 2386944 ----a-w- c:\windows\system32\win32k.sys
2015-11-10 07:40:15 170200 ----a-w- c:\windows\system32\drivers\67B849D3.sys
2015-11-10 00:24:59 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-11-10 00:24:48 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-11-10 00:13:04 496640 ----a-w- c:\windows\system32\vbscript.dll
2015-11-10 00:13:03 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-11-10 00:12:29 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-11-10 00:12:19 341504 ----a-w- c:\windows\system32\html.iec
2015-11-10 00:11:38 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-11-10 00:03:07 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-11-10 00:03:01 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-11-10 00:02:42 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-11-09 23:57:53 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-11-09 23:50:28 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-11-09 23:46:18 4514816 ----a-w- c:\windows\system32\jscript9.dll
2015-11-09 23:36:09 2050560 ----a-w- c:\windows\system32\inetcpl.cpl
2015-11-09 23:35:17 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-11-09 23:17:36 2011136 ----a-w- c:\windows\system32\wininet.dll
2015-11-07 18:29:26 345360 ----a-w- c:\windows\system32\LavasoftTcpService.dll
2015-11-06 13:48:44 255920 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2015-11-06 13:48:42 149936 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2015-11-05 19:02:52 14848 ----a-w- c:\windows\system32\wshrm.dll
2015-11-05 19:00:18 2048 ----a-w- c:\windows\system32\tzres.dll
2015-11-05 09:48:20 117760 ----a-w- c:\windows\system32\drivers\rmcast.sys
2015-11-03 19:45:28 170200 ----a-w- c:\windows\system32\drivers\08D051F4.sys
2015-11-03 18:56:18 627712 ----a-w- c:\windows\system32\usp10.dll
2015-11-03 18:55:58 179712 ----a-w- c:\windows\system32\els.dll
2015-11-03 07:51:36 170200 ----a-w- c:\windows\system32\drivers\42122F95.sys
2015-10-29 17:50:21 5120 ----a-w- c:\windows\system32\shimeng.dll
2015-10-29 17:49:58 295936 ----a-w- c:\windows\system32\apphelp.dll
2015-10-29 17:49:57 62464 ----a-w- c:\windows\system32\aelupsvc.dll
2015-10-29 17:49:57 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49:57 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49:57 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49:57 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:49:35 20992 ----a-w- c:\windows\system32\sdbinst.exe
2015-10-29 17:39:57 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-26 20:51:53 170200 ----a-w- c:\windows\system32\drivers\01A113B9.sys
2015-10-26 20:44:33 170200 ----a-w- c:\windows\system32\drivers\57CE0E1C.sys
2015-10-25 05:31:09 170200 ----a-w- c:\windows\system32\drivers\4DF704E4.sys
2015-10-21 14:24:24 229296 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2015-10-20 00:52:02 3991488 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-10-20 00:52:02 3935680 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-10-20 00:52:00 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-10-20 00:52:00 138176 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-10-20 00:48:47 1308160 ----a-w- c:\windows\system32\ntdll.dll
2015-10-20 00:44:53 22528 ----a-w- c:\windows\system32\lsass.exe
2015-10-20 00:44:35 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-10-20 00:39:32 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-10-20 00:39:11 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-10-20 00:35:03 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-10-20 00:35:00 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-10-19 23:29:22 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-10-19 23:28:57 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-10-19 23:28:56 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-10-13 16:31:53 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2015-10-13 16:31:24 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-10-13 04:50:31 712640 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-10-12 23:29:08 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-10-08 23:17:35 69120 ----a-w- c:\windows\system32\nlsbres.dll
2015-10-08 23:13:41 6144 ----a-w- c:\windows\system32\kbdgeoqw.dll
2015-10-08 23:13:41 6144 ----a-w- c:\windows\system32\KBDAZEL.DLL
2015-10-08 05:48:58 231856 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-10-05 06:50:16 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-05 06:50:08 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 06:50:04 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-01 17:50:53 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 17:50:43 22528 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
2015-10-01 17:50:43 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-10-01 17:50:43 19968 ----a-w- c:\windows\system32\jnwmon.dll
2015-10-01 17:50:35 50688 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 17:50:35 28160 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 17:50:00 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 17:50:00 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 16:53:22 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-23 13:09:58 371920 ----a-w- c:\windows\system32\drivers\cng.sys
2015-09-23 13:09:57 251000 ----a-w- c:\windows\system32\bcryptprimitives.dll
2015-07-16 05:07:57 6420480 ----a-w- c:\program files\GUTAD7B.tmp
2014-03-30 16:02:59 6000640 ----a-w- c:\program files\GUTA2A7.tmp
.
============= FINISH: 20:46:11.80 ===============
DDS1812.txt
2 of 2 items
Attach1812.txtDDS1812.txtDisplaying Attach1812.txt.
Attached Files
File Type: txt Attach1812.txt (13.3 KB, 17 views)
sagybp is offline  
Sponsored Links
Advertisement
 
Old 12-19-2015, 08:04 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-21-2015, 12:08 AM   #3
Registered Member
 
Join Date: Mar 2005
Posts: 22
OS: XP



Here are the logs:


# AdwCleaner v5.025 - Logfile created 21/12/2015 at 07:24:27
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Shahar Ben-Porath - SHAHARBEN-PORAT
# Running from : C:\Users\Shahar Ben-Porath\Desktop\AdwCleaner (1).exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater40.2.4

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
[-] Folder Deleted : C:\Users\Shahar Ben-Porath\AppData\LocalLow\HPAppData
[-] Folder Deleted : C:\Users\Shahar Ben-Porath\AppData\Roaming\HPAppData

***** [ Files ] *****

[-] File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\wtu-secure-search.xml
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_toolbar.avg.com_0.localstorage-journal
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\S
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}
[-] Key Deleted : HKU\.DEFAULT\Software\VNT
[-] Key Deleted : HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\VNT
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKU\S-1-5-21-1822029042-3454664663-1861086420-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data Restored : HKU\S-1-5-21-1822029042-3454664663-1861086420-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****

[-] [C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : isearch.avg.com
[-] [C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : elicpjhcidhpjomhibiffojpinpmmpil

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [5798 bytes] ##########
AdwCleaner[C2].txt
1 of 3 items
AdwCleaner[C2].txtFRST.txtAddition.txtDisplaying AdwCleaner[C2].txt.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-12-2015
Ran by Shahar Ben-Porath (administrator) on SHAHARBEN-PORAT (21-12-2015 07:32:29)
Running from C:\Users\Shahar Ben-Porath\Desktop
Loaded Profiles: Shahar Ben-Porath (Available Profiles: Shahar Ben-Porath)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerResearchParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe
(Lavasoft Limited) C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATINGE.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Shahar Ben-Porath\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Farbar) C:\Users\Shahar Ben-Porath\Desktop\FRST (1).exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-11-17] (Intel Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [Power Manager Power Agenda] => C:\Program Files\ThinkPad\Utilities\DPMHost.EXE [75064 2010-12-14] ()
HKLM\...\Run: [ROC_ROC_NT] => "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\Run: [Google Update] => C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Shahar Ben-Porath\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5c331a67e17647d1a646957ea0dfaa80-f60f1bc55ce20c250fa1c1a05d7706fc14e0d932 --CMPID 0913b
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\Run: [GoogleChromeAutoLaunch_B1CFEE270F926F92FBAC5A26A0459617] => C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\Run: [Dropbox Update] => C:\Users\Shahar Ben-Porath\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-13] (Dropbox, Inc.)
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [1447696 2015-12-11] (Lavasoft)
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATINGE.EXE [262208 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\MountPoints2: {4e2a9246-801b-11e0-8eda-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\MountPoints2: {53a33d7b-aee7-11e0-ae3a-4437e63b4373} - D:\unlock.exe autoplay=true
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\MountPoints2: {a7955d14-4373-11e5-9270-4437e63b4373} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\MountPoints2: {ef54b470-a16a-11e3-9101-4437e63b4373} - D:\LGAutoRun.exe
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shahar Ben-Porath\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shahar Ben-Porath\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shahar Ben-Porath\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shahar Ben-Porath\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shahar Ben-Porath\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shahar Ben-Porath\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shahar Ben-Porath\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shahar Ben-Porath\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-07-16]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Shahar Ben-Porath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Shahar Ben-Porath\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.117.235.235 62.219.186.7
Tcpip\..\Interfaces\{A68E97FE-3021-4C69-AB0D-F919893DC660}: [DhcpNameServer] 192.117.235.235 62.219.186.7
Tcpip\..\Interfaces\{F64C6EC5-5E94-4367-97B9-C4EB5204B9AA}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={8EF4AC3F-B710-440B-80A5-E852EC322E5C}&mid=5c331a67e17647d1a646957ea0dfaa80-f60f1bc55ce20c250fa1c1a05d7706fc14e0d932&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-11-18 08:42:40&v=4.2.1.951&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.maxiwe.com
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {B8E692D0-F495-489E-AF82-B4D6EEC83649} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {B8E692D0-F495-489E-AF82-B4D6EEC83649} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001 -> {1EFCA477-C0E8-4EAF-934A-9DC8BA388DC7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO: ActiveMail Add-on -> {2BBC8EDB-3D27-4FD3-9F9F-DFDC5B4A27A4} -> C:\Program Files\ActivePath\AddOn\apieinbodyBHO.dll [2012-05-03] (ActivePath Ltd.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-05] (RealDownloader)
BHO: No Name -> {54B02808-B60E-44CD-A72D-9865117E4E62} -> No File
BHO: AGFormHelperObj Class -> {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} -> C:\Program Files\agat\AGForm\AGFormsHelper.dll [2012-09-06] (Agat software solutions)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files\WinZip Courier\wzwmcie.dll [2011-05-19] (WinZip Computing, S.L.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
Toolbar: HKLM - AGForms Toolbar - {8fe28f46-37ad-47b2-8258-34c128636ace} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default
FF DefaultSearchEngine: Bing®
FF SelectedSearchEngine: Bing®
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2012-03-22] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=18.0.1.6 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2015-06-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=18.0.1.6 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2015-06-16] (RealTimes)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @winzip.com/Winzip Courier -> C:\Program Files\WinZip Courier\npwzwmc.dll [2011-05-19] (WinZip Computing, S.L.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1822029042-3454664663-1861086420-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Shahar Ben-Porath\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-20] (Citrix Online)
FF Plugin HKU\S-1-5-21-1822029042-3454664663-1861086420-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1822029042-3454664663-1861086420-1001: @talk.google.com/O1DPlugin -> C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1822029042-3454664663-1861086420-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-1822029042-3454664663-1861086420-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Shahar Ben-Porath\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Shahar Ben-Porath\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: IE Tab Plus - C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\extensions\[email protected] [2015-11-30] [not signed]
FF Extension: ActiveMail Add-on - C:\Program Files\ActivePath\AddOn\FFExtension [2012-07-05] [not signed]
FF Extension: Greasemonkey - C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2015-11-30] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-09-05] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-08-14] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-08-31] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-19] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM\...\Firefox\Extensions: [{74c841e3-b59f-479e-8d7a-e26a942a87c8}] - C:\Program Files\WinZip Courier\FFExt
FF Extension: WinZip Courier - C:\Program Files\WinZip Courier\FFExt [2011-07-16] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-07-16] [not signed]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\ActivePath\AddOn\FFExtension
FF HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-10-08]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.facebook.com/
CHR StartupUrls: Default -> "hxxps://www.facebook.com/shahar.benporath/media_set?set=a.10153236857188395.1073741842.814038394&type=1"
CHR Plugin: (Native Client) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (Babylon Chrome Plugin) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (WinZip Courier) - C:\Program Files\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll => No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll => No File
CHR Profile: C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Duolingo on the Web) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-01-11]
CHR Extension: (YouTube) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08]
CHR Extension: (Google Search) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (ClickOnce for Google Chrome) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeifaoomkminpbeebjdmdojbhmagnncl [2015-11-29]
CHR Extension: (Invite All (for Facebook)) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih [2015-05-22]
CHR Extension: (Facebook Unseen) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjpoahaombpolfifdahikhbdnjjeifk [2012-08-18]
CHR Extension: (Facebook Invite All) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2015-11-12]
CHR Extension: (Social Fixer) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm [2014-10-11] [UpdateUrl: hxxp://SocialFixer.com/chrome_update.xml] <==== ATTENTION
CHR Extension: (Skype) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-18]
CHR Extension: (Facebook Invite To Page 2015) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\moggjmmebclphlbbdliodpanlakbdadn [2015-10-08]
CHR Extension: (Google Hangouts) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Profile: C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (YouTube) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-07]
CHR Extension: (חיפוש Google) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-07]
CHR Extension: (ActivePath Extension) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkokfoglafppmogbnpfggdhlicdcbogg [2012-08-07]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-08-07]
CHR Extension: (AVG Safe Search) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-08-07]
CHR Extension: (AVG Do Not Track) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-08-07]
CHR Extension: (Gmail) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-07]
CHR HKLM\...\Chrome\Extension: [dkokfoglafppmogbnpfggdhlicdcbogg] - C:\Program Files\ActivePath\AddOn\ChromeExtension\ActivePathAddOn.crx [2012-05-03]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
StartMenuInternet: Google Chrome - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [862632 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [593392 2015-06-25] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE [143424 2013-04-15] (SEIKO EPSON CORPORATION)
R2 HiSuiteOuc.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe [117552 2015-05-20] ()
R2 HuaweiHiSuiteService.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe [154928 2015-05-20] ()
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [319568 2010-10-26] (Logitech, Inc.)
R2 LavasoftTcpService; C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-11] (Lavasoft Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1115224 2015-06-16] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-05] ()
S2 RealTimes Desktop Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1115224 2015-06-16] (RealNetworks, Inc.)
R2 SearchProtectionService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-12-11] ()
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [166456 2012-11-21] (Soluto)
R2 SolutoService; C:\Program Files\Soluto\SolutoService.exe [644152 2012-11-21] (Soluto)
R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2010-11-25] (Lenovo Group Limited) [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-09-16] (Lenovo Group Limited) [File not signed]
S3 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
S3 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-16] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2011-09-06] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2011-09-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2011-09-06] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [73728 2011-09-16] (LG Electronics Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [149936 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [255920 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [231344 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [193968 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [36784 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [26984 2012-11-09] (AVG Technologies)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [238760 2010-10-28] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-21] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R0 Soluto; C:\Windows\System32\DRIVERS\Soluto.sys [51144 2012-11-21] (Soluto LTD.)
R3 VAD_DEV; C:\Windows\System32\drivers\vad.sys [16256 2010-11-18] (Windows (R) DDK provider) [File not signed]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x32.sys [X]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2015-05-07] (Huawei Technologies Co., Ltd.)
S3 PCDSRVC{3037D694-FD904ACA-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-21 07:32 - 2015-12-21 07:34 - 00035922 _____ C:\Users\Shahar Ben-Porath\Desktop\FRST.txt
2015-12-21 07:28 - 2015-12-21 07:28 - 00005877 _____ C:\Users\Shahar Ben-Porath\Desktop\AdwCleaner[C2].txt
2015-12-20 21:28 - 2015-12-20 21:28 - 00000641 _____ C:\Users\Shahar Ben-Porath\Desktop\kahuna.txt
2015-12-20 21:25 - 2015-12-20 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-20 21:25 - 2015-12-20 21:25 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-12-20 21:00 - 2015-12-20 21:00 - 01721344 _____ (Farbar) C:\Users\Shahar Ben-Porath\Desktop\FRST (1).exe
2015-12-20 20:59 - 2015-12-20 21:00 - 01740288 _____ C:\Users\Shahar Ben-Porath\Desktop\AdwCleaner (1).exe
2015-12-18 20:47 - 2015-12-18 20:47 - 00025942 _____ C:\Users\Shahar Ben-Porath\Desktop\DDS1812.txt
2015-12-18 20:46 - 2015-12-18 20:46 - 00025942 _____ C:\Users\Shahar Ben-Porath\Desktop\dds.txt
2015-12-18 20:46 - 2015-12-18 20:46 - 00013594 _____ C:\Users\Shahar Ben-Porath\Desktop\Attach1812.txt
2015-12-18 20:36 - 2015-12-18 20:37 - 00688992 ____R (Swearware) C:\Users\Shahar Ben-Porath\Downloads\dds.scr
2015-12-13 09:05 - 2015-12-13 09:05 - 07883707 _____ C:\Users\Shahar Ben-Porath\Downloads\New Doc 25.pdf
2015-12-12 21:14 - 2015-12-12 21:14 - 00001040 _____ C:\Users\Shahar Ben-Porath\Downloads\חשבוניות.csv
2015-12-12 10:26 - 2015-12-12 10:26 - 00000000 ____D C:\Users\Shahar Ben-Porath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-09 19:17 - 2015-11-11 20:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 19:17 - 2015-11-11 20:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 19:16 - 2015-11-11 22:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 19:16 - 2015-11-11 18:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 19:16 - 2015-11-11 17:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-09 19:16 - 2015-11-11 17:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 19:16 - 2015-11-11 17:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 19:16 - 2015-11-11 16:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 19:16 - 2015-11-10 20:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 19:16 - 2015-11-10 20:39 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 19:16 - 2015-11-10 20:39 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 19:16 - 2015-11-10 19:40 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 19:16 - 2015-11-10 02:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-09 19:16 - 2015-11-10 02:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-09 19:16 - 2015-11-10 02:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 19:16 - 2015-11-10 02:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-09 19:16 - 2015-11-10 02:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-09 19:16 - 2015-11-10 02:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-09 19:16 - 2015-11-10 02:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-09 19:16 - 2015-11-10 02:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 19:16 - 2015-11-10 02:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-09 19:16 - 2015-11-10 02:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-09 19:16 - 2015-11-10 02:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 19:16 - 2015-11-10 02:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-09 19:16 - 2015-11-10 02:03 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-09 19:16 - 2015-11-10 02:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 19:16 - 2015-11-10 02:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-09 19:16 - 2015-11-10 01:57 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-09 19:16 - 2015-11-10 01:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-09 19:16 - 2015-11-10 01:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-09 19:16 - 2015-11-10 01:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 19:16 - 2015-11-10 01:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-09 19:16 - 2015-11-10 01:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 19:16 - 2015-11-10 01:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 19:16 - 2015-11-10 01:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 19:16 - 2015-11-10 01:36 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 19:16 - 2015-11-10 01:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-09 19:16 - 2015-11-10 01:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 19:16 - 2015-11-10 01:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 19:16 - 2015-11-10 01:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-09 19:16 - 2015-11-05 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-09 19:15 - 2015-11-20 20:34 - 02956800 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 19:15 - 2015-11-20 20:34 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 19:15 - 2015-11-20 20:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 19:15 - 2015-11-20 20:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 19:15 - 2015-11-20 20:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 19:15 - 2015-11-20 20:34 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-09 19:15 - 2015-11-20 20:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 19:15 - 2015-11-20 20:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-09 19:15 - 2015-11-20 20:33 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 19:15 - 2015-11-20 20:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 19:15 - 2015-11-20 20:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-09 19:15 - 2015-11-05 21:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-09 19:15 - 2015-11-05 11:48 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 19:15 - 2015-11-03 20:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-09 19:15 - 2015-11-03 20:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-09 19:15 - 2015-10-09 01:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-09 19:15 - 2015-10-09 01:13 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-09 19:15 - 2015-10-09 01:13 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-09 19:15 - 2015-10-09 01:13 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-09 19:15 - 2015-10-08 21:13 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-09 07:30 - 2015-12-09 07:30 - 09498816 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-12-08 11:38 - 2015-12-08 11:38 - 00036266 _____ C:\Users\Shahar Ben-Porath\Downloads\FaxIn_2015-12-08_11-36-23_03-7177200_7c909174.pdf
2015-12-04 13:46 - 2015-12-04 13:46 - 00000000 _____ C:\Windows\EEventManager.INI
2015-12-04 10:07 - 2015-12-04 10:07 - 00228748 _____ C:\Windows\ntbtlog.txt
2015-12-03 17:53 - 2015-12-03 17:53 - 00000000 ____D C:\Users\Shahar Ben-Porath\AppData\Roaming\Epson
2015-12-03 15:38 - 2015-12-03 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-12-03 15:38 - 2015-12-03 17:52 - 00000000 ____D C:\Program Files\EPSON Software
2015-12-03 12:32 - 2015-12-21 07:32 - 00000917 _____ C:\Windows\Tasks\EPSON L455 Series Update {FB7D193A-3D0E-4B62-AF60-51476AC5F3D8}.job
2015-12-03 12:28 - 2014-03-05 04:06 - 00142848 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TLMBNGE.DLL
2015-12-03 12:28 - 2011-03-15 03:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TD4BNGE.DLL
2015-12-03 12:28 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL
2015-12-03 12:22 - 2015-12-03 12:23 - 28721152 _____ C:\Users\Shahar Ben-Porath\Downloads\epson513344eu.exe
2015-12-03 12:21 - 2015-12-07 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-12-03 12:17 - 2015-12-03 12:18 - 25857544 _____ C:\Users\Shahar Ben-Porath\Downloads\epson514319eu.exe
2015-12-01 08:19 - 2015-12-21 07:25 - 00008192 _____ C:\Windows\system32\WDPABKP.dat
2015-11-25 14:15 - 2015-11-25 14:15 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-23 14:28 - 2015-11-23 14:28 - 00114371 _____ C:\Users\Shahar Ben-Porath\Downloads\שריגים1115.pdf
2015-11-23 14:27 - 2015-11-23 14:27 - 00000709 _____ C:\Users\Shahar Ben-Porath\Downloads\mgrqispi94.htm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-21 07:32 - 2015-10-29 08:43 - 00000000 ____D C:\FRST
2015-12-21 07:30 - 2014-12-13 13:52 - 00000000 ____D C:\Users\Shahar Ben-Porath\AppData\Local\6960E56F-5E91-43AA-B8F4-ADFF4F6BF46D.aplzod
2015-12-21 07:30 - 2012-04-07 23:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-21 07:30 - 2011-07-18 11:38 - 00000000 ____D C:\Users\Shahar Ben-Porath\Documents\קבצי Outlook
2015-12-21 07:29 - 2011-08-09 23:01 - 00000000 ___RD C:\Users\Shahar Ben-Porath\Dropbox
2015-12-21 07:29 - 2011-08-09 22:58 - 00000000 ____D C:\Users\Shahar Ben-Porath\AppData\Roaming\Dropbox
2015-12-21 07:28 - 2015-10-18 23:15 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-21 07:27 - 2011-11-21 15:22 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-21 07:27 - 2011-07-31 08:09 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-12-21 07:27 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-21 07:25 - 2015-10-29 08:27 - 00000000 ____D C:\AdwCleaner
2015-12-21 07:25 - 2011-07-16 07:23 - 00000000 ____D C:\ProgramData\MFAData
2015-12-21 07:24 - 2009-07-14 06:34 - 00030688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-21 07:24 - 2009-07-14 06:34 - 00030688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-21 07:22 - 2011-11-21 15:22 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-21 07:18 - 2014-04-16 09:16 - 00000000 ____D C:\Users\Shahar Ben-Porath\AppData\Roaming\Skype
2015-12-21 07:18 - 2011-10-25 14:44 - 00000986 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822029042-3454664663-1861086420-1001UA.job
2015-12-21 07:17 - 2015-06-13 16:35 - 00000966 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1822029042-3454664663-1861086420-1001UA.job
2015-12-20 21:25 - 2014-04-16 09:16 - 00000000 ___RD C:\Program Files\Skype
2015-12-20 21:25 - 2014-04-16 09:16 - 00000000 ____D C:\Users\Shahar Ben-Porath\AppData\Local\Skype
2015-12-20 21:25 - 2014-04-16 09:15 - 00000000 ____D C:\ProgramData\Skype
2015-12-20 21:22 - 2013-08-24 20:32 - 00000000 ____D C:\Users\Shahar Ben-Porath\Documents\חופש להרגיש
2015-12-20 20:19 - 2011-10-25 14:44 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1822029042-3454664663-1861086420-1001Core.job
2015-12-20 09:14 - 2015-06-13 16:35 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1822029042-3454664663-1861086420-1001Core.job
2015-12-20 08:35 - 2010-11-20 23:01 - 00786514 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-20 08:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2015-12-18 21:01 - 2015-04-04 10:48 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-18 20:46 - 2015-10-18 20:48 - 00013594 _____ C:\Users\Shahar Ben-Porath\Desktop\attach.txt
2015-12-17 08:04 - 2011-07-16 07:24 - 00000000 ____D C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla
2015-12-16 16:56 - 2015-11-18 08:41 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2015-12-15 20:34 - 2012-08-10 14:26 - 00000000 ____D C:\Users\Shahar Ben-Porath\תקשורים
2015-12-15 11:01 - 2011-07-15 17:26 - 00000000 ____D C:\Users\Shahar Ben-Porath\Documents\טוהר
2015-12-11 12:01 - 2014-02-15 23:04 - 00000000 ____D C:\Windows\rescache
2015-12-11 11:19 - 2011-07-31 08:09 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-12-10 08:16 - 2009-07-14 06:33 - 03884840 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 21:09 - 2011-07-15 17:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 21:08 - 2011-05-17 02:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 21:08 - 2011-05-17 02:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 21:05 - 2013-08-15 08:49 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 20:58 - 2011-07-21 18:20 - 137798368 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-09 18:37 - 2015-11-18 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-12-09 18:30 - 2015-05-21 08:35 - 00000000 ____D C:\Users\Shahar Ben-Porath\AppData\Local\Avg
2015-12-09 07:30 - 2012-04-07 23:30 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-12-09 07:30 - 2011-07-18 11:10 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-12-08 12:49 - 2011-07-15 17:26 - 00000000 ____D C:\Users\Shahar Ben-Porath\Documents\עיתונאות
2015-12-08 08:36 - 2011-07-15 15:41 - 00145936 _____ C:\Users\Shahar Ben-Porath\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-07 23:18 - 2013-08-13 18:40 - 00000000 ____D C:\Program Files\epson
2015-12-07 23:14 - 2015-10-17 18:27 - 00000000 ____D C:\Program Files\TeamViewer
2015-12-04 13:46 - 2009-07-14 04:37 - 00000000 ____D C:\Windows
2015-12-03 17:52 - 2013-08-13 19:37 - 00000000 ____D C:\ProgramData\EPSON
2015-12-03 17:52 - 2011-05-17 02:24 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-12-02 13:25 - 2015-10-18 20:37 - 00247976 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-01 12:00 - 2011-05-17 02:27 - 00000000 ____D C:\swshare
2015-11-28 13:41 - 2015-11-03 13:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-25 14:15 - 2011-02-15 09:38 - 00000000 ____D C:\Windows\Panther

==================== Files in the root of some directories =======

2014-03-30 18:02 - 2014-03-30 18:02 - 6000640 _____ () C:\Program Files\GUTA2A7.tmp
2015-07-16 07:07 - 2015-07-16 07:07 - 6420480 _____ () C:\Program Files\GUTAD7B.tmp
2011-07-16 07:49 - 2011-12-22 16:07 - 0001106 _____ () C:\Users\Shahar Ben-Porath\AppData\Roaming\ConvAPIPlugin.log
2012-11-03 23:17 - 2012-11-03 23:17 - 0038440 _____ () C:\Users\Shahar Ben-Porath\AppData\Roaming\Microsoft Excel 97-2003.ADR
2012-08-11 09:48 - 2012-08-11 09:48 - 0038454 _____ () C:\Users\Shahar Ben-Porath\AppData\Roaming\ערכים מופרדים באמצעות טאבים (DOS).ADR
2012-11-03 23:21 - 2012-11-03 23:21 - 0038455 _____ () C:\Users\Shahar Ben-Porath\AppData\Roaming\ערכים מופרדים באמצעות פסיקים (Windows).ADR
2013-05-24 19:47 - 2014-08-02 13:35 - 0010240 _____ () C:\Users\Shahar Ben-Porath\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-16 07:37 - 2013-09-10 08:37 - 0002906 _____ () C:\ProgramData\hpzinstall.log
2011-07-18 09:45 - 2012-03-20 23:43 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
C:\Users\Shahar Ben-Porath\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn5wtho.dll
C:\Users\Shahar Ben-Porath\AppData\Local\Temp\lupa.exe
C:\Users\Shahar Ben-Porath\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-20 12:09

==================== End of FRST.txt ============================
FRST.txt
2 of 3 items
AdwCleaner[C2].txtFRST.txtAddition.txtDisplaying AdwCleaner[C2].txt.
Attached Files
File Type: txt Addition.txt (74.1 KB, 24 views)
sagybp is offline  
Sponsored Links
Advertisement
 
Old 12-21-2015, 09:22 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello sagybp. If it's always the same browser, it may be easier to uninstall, then reinstall that browser.

Have you tried reinstalling Chrome?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up your files - Windows Help

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

You can also download recovery software if you don't have an installation DVD:

https://www.microsoft.com/en-us/soft...nload/windows7

------------------------------------------------------

I noticed you have AVG Web TuneUp installed.

Please read this and decide if you want to keep it >> SystemLookup - 95b7759c-8c7f-4bf1-b163-73684a933233

I highly suggest you uninstall it via Programs and Features in your Control Panel.

If you decide to uninstall it, please delete the following Folders if they still exist:

C:\Program Files\AVG Web TuneUp

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
    C:\Program Files\AVG Secure Search
    HKLM\...\Run: [ROC_ROC_NT] => "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Shahar Ben-Porath\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5c331a67e17647d1a646957ea0dfaa80-f60f1bc55ce20c250fa1c1a05d7706fc14e0d932 --CMPID 0913b
    HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\MountPoints2: {4e2a9246-801b-11e0-8eda-806e6f6e6963} - Q:\LenovoQDrive.exe
    HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\MountPoints2: {53a33d7b-aee7-11e0-ae3a-4437e63b4373} - D:\unlock.exe autoplay=true
    HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\MountPoints2: {a7955d14-4373-11e5-9270-4437e63b4373} - F:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\MountPoints2: {ef54b470-a16a-11e3-9101-4437e63b4373} - D:\LGAutoRun.exe
    HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={8EF4AC3F-B710-440B-80A5-E852EC322E5C}&mid=5c331a67e17647d1a646957ea0dfaa80-f60f1bc55ce20c250fa1c1a05d7706fc14e0d932&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-11-18 08:42:40&v=4.2.1.951&pid=wtu&sg=&sap=hp
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: No Name -> {54B02808-B60E-44CD-A72D-9865117E4E62} -> No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
    FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext => not found
    CHR Plugin: (Native Client) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
    CHR Plugin: (Babylon Chrome Plugin) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll => No File
    CHR Plugin: (AVG Internet Security) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
    CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll => No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
    CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => No File
    CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll => No File
    CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll => No File
    CHR Extension: (Social Fixer) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm [2014-10-11] [UpdateUrl: hxxp://SocialFixer.com/chrome_update.xml] <==== ATTENTION
    CHR Extension: (AVG Safe Search) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-08-07]
    CHR Extension: (AVG Do Not Track) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-08-07]
    Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPLTarget" /f
    Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HF_G_Jul" /f
    Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_roc_dec12" /f
    EmptyTemp:
    end
  • Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-25-2015, 01:36 AM   #5
Registered Member
 
Join Date: Mar 2005
Posts: 22
OS: XP



I had a bit of a problem removing the web TuneUp. Couldn't do it through the control panel.
When pressing the uninstall link in the program directory I get a webpage with an option to uninstall, but when clicking it the system keeps loading for hours and hours saying it is uninstalling. I quitted that after 6 hours... Did the same thing second time with same results.

I think the problem is gone now.
Here is the log:

Fix result of Farbar Recovery Scan Tool (x86) Version:20-12-2015
Ran by Shahar Ben-Porath (2015-12-22 15:22:43) Run:1
Running from C:\Users\Shahar Ben-Porath\Desktop
Loaded Profiles: Shahar Ben-Porath (Available Profiles: Shahar Ben-Porath)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
C:\Program Files\AVG Secure Search
HKLM\...\Run: [ROC_ROC_NT] => "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Shahar Ben-Porath\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5c331a67e17647d1a646957ea0dfaa80-f60f1bc55ce20c250fa1c1a05d7706fc14e0d932 --CMPID 0913b
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\MountPoints2: {4e2a9246-801b-11e0-8eda-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\MountPoints2: {53a33d7b-aee7-11e0-ae3a-4437e63b4373} - D:\unlock.exe autoplay=true
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\MountPoints2: {a7955d14-4373-11e5-9270-4437e63b4373} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\...\MountPoints2: {ef54b470-a16a-11e3-9101-4437e63b4373} - D:\LGAutoRun.exe
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={8EF4AC3F-B710-440B-80A5-E852EC322E5C}&mid=5c331a67e17647d1a646957ea0dfaa80-f60f1bc55ce20c250fa1c1a05d7706fc14e0d932&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-11-18 08:42:40&v=4.2.1.951&pid=wtu&sg=&sap=hp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {54B02808-B60E-44CD-A72D-9865117E4E62} -> No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext => not found
CHR Plugin: (Native Client) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (Babylon Chrome Plugin) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => No File
CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll => No File
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll => No File
CHR Extension: (Social Fixer) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm [2014-10-11] [UpdateUrl: hxxp://SocialFixer.com/chrome_update.xml] <==== ATTENTION
CHR Extension: (AVG Safe Search) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-08-07]
CHR Extension: (AVG Do Not Track) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-08-07]
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPLTarget" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HF_G_Jul" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_roc_dec12" /f
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => key removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully.
"C:\Program Files\AVG Secure Search" => not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_NT => value removed successfully.
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0913b => value removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e2a9246-801b-11e0-8eda-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{4e2a9246-801b-11e0-8eda-806e6f6e6963} => key not found.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53a33d7b-aee7-11e0-ae3a-4437e63b4373}" => key removed successfully.
HKCR\CLSID\{53a33d7b-aee7-11e0-ae3a-4437e63b4373} => key not found.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7955d14-4373-11e5-9270-4437e63b4373}" => key removed successfully.
HKCR\CLSID\{a7955d14-4373-11e5-9270-4437e63b4373} => key not found.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef54b470-a16a-11e3-9101-4437e63b4373}" => key removed successfully.
HKCR\CLSID\{ef54b470-a16a-11e3-9101-4437e63b4373} => key not found.
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54B02808-B60E-44CD-A72D-9865117E4E62}" => key removed successfully.
HKCR\CLSID\{54B02808-B60E-44CD-A72D-9865117E4E62} => key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => key removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4} => value removed successfully.
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => not found.
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\47.0.2526.106\pdf.dll => not found.
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => not found.
C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll => not found.
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll => not found.
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll => not found.
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files\QuickTime\plugins\npqtplugin6.dll => not found.
C:\Program Files\QuickTime\plugins\npqtplugin7.dll => not found.
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll => not found.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => not found.
C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll => not found.
c:\program files\real\realplayer\Netscape6\nprpjplug.dll => not found.
c:\program files\real\realplayer\Netscape6\nprjplug.dll => not found.
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm <==== ATTENTION => not found.
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla => moved successfully
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => moved successfully

========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPLTarget" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HF_G_Jul" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_roc_dec12" /f =========

The operation completed successfully.



========= End of Reg: =========

EmptyTemp: => 2.8 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 15:25:37 ====
sagybp is offline  
Old 12-25-2015, 10:57 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, sagybp. Are you saying the main problem(chrome popups) is gone, but Web TuneUp is still installed?
  • Double-click SystemLook.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :folderfind
    *TuneUp*
    
    :regfind
    TuneUp
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-27-2015, 04:19 AM   #7
Registered Member
 
Join Date: Mar 2005
Posts: 22
OS: XP



Sorry for the late response. Christmas and all...

Eventually I was able to uninstall the TuneUp. I didn't do what you asked me in the last post, since I couldn't find the SystemLook.exe. Where is that file?

Anyway, the popups in chrome are completely gone now.

I have some banner that shows up now and then on the facebook webpage. I'm attaching a screenshot of it. I have a feeling I clicked it by mistake before all that mess began and that it has something to do with the popups. Maybe it is some kind of malware?
Attached Thumbnails
Click image for larger version

Name:	0.jpg
Views:	70
Size:	21.9 KB
ID:	267194  
sagybp is offline  
Old 12-27-2015, 03:34 PM   #8
Registered Member
 
Join Date: Mar 2005
Posts: 22
OS: XP



ok, I have to update.
The problem did not go away.
Pop ups keep popping up in chrome :(
sagybp is offline  
Old 12-28-2015, 06:40 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Never mind the SystemLook since TuneUp is gone.

Sorry, I don't do Facebook. Do you use Friend Manager?

How to Bypass Facebook Event Invite Limits | Friend Manager

What do the Chrome popups say?

Please run FRST64.exe again and post/attach the FRST.txt/Addition.txt logs as before. Thanks.

Make sure you tick the Addition.txt box before clicking 'Scan'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-05-2016, 01:46 PM   #10
Registered Member
 
Join Date: Mar 2005
Posts: 22
OS: XP



Again sorry for the late response. I was on holiday for a week.

I'm attaching screenshots of the pop ups. They have 2 ways of appearing - the first is on top of websites I'm visiting (first two screenshots). Those are regular websites and the banners are not part of the website. I marked them in a red circle. The second type is new tabs that are popping up (third screenshot).

I'm attaching the three screenshots and the 2 scan files.
Attached Thumbnails
Click image for larger version

Name:	pop-up1.jpg
Views:	71
Size:	276.3 KB
ID:	268209   Click image for larger version

Name:	pop-up2.jpg
Views:	80
Size:	207.4 KB
ID:	268217   Click image for larger version

Name:	pop-up3.jpg
Views:	67
Size:	232.9 KB
ID:	268225  

Attached Files
File Type: txt Addition (1).txt (66.7 KB, 15 views)
File Type: txt FRST.txt (49.4 KB, 16 views)
sagybp is offline  
Old 01-06-2016, 06:19 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, sagybp. I thought you said AVG Web TuneUp was gone?

Download the Google Chrome installer and save it to your desktop:

Chrome

Uninstall Google Chrome via Programs and Features in your Control Panel.

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome"

A DOS window will open and close again, this is normal.

------------------------------------------------------

Reboot your computer. Re-install Google Chrome using the installer you downloaded earlier.

Are the popups gone in Chrome now?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-09-2016, 05:23 AM   #12
Registered Member
 
Join Date: Mar 2005
Posts: 22
OS: XP



It seems like everything is ok now!

No pop-ups as far as I can see.

Thank you so much!
I hope they won't return...
sagybp is offline  
Old 01-09-2016, 11:54 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, sagybp. You're very welcome. Glad to hear it. Still a bit to do though.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Your Java is out of date.

Java(TM) 8 Update 31 can be updated from the Java Control Panel. Go Start > Control Panel > Programs > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it. Also, let Java remove older versions if prompted.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-11-2016, 08:43 AM   #14
Registered Member
 
Join Date: Mar 2005
Posts: 22
OS: XP



At some point I uninstalled Malwarebytes' Anti-Malware.
Do you want me to install it again?
sagybp is offline  
Old 01-11-2016, 09:57 PM   #15
Registered Member
 
Join Date: Mar 2005
Posts: 22
OS: XP



I updated JAVA, and here is the ESET report.
Tell me if I need to install Malwarebytes' again and I'll do it.


C:\Program Files\NCH Software\PhotoPad\photopad.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files\NCH Software\PhotoPad\ppadsetup_v2.26.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files\NCH Software\PhotoPad\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application
C:\ProgramData\{5D8C51A8-12EA-4A70-BAD7-ECD400F1CDF4}\iMesh_V12_en_Setup.res Win32/Toolbar.SearchSuite.Y potentially unwanted application
C:\Users\All Users\{5D8C51A8-12EA-4A70-BAD7-ECD400F1CDF4}\iMesh_V12_en_Setup.res Win32/Toolbar.SearchSuite.Y potentially unwanted application
C:\Users\Shahar Ben-Porath\AppData\LocalLow\Sun\Java\jre1.7.0_65\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Users\Shahar Ben-Porath\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.00\agent\stub_data\askrt_en.cab a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Shahar Ben-Porath\Desktop\cbsidlm-cbsi134-Free_WMA_to_MP3_Converter-ORG-10494267.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Shahar Ben-Porath\Desktop\ppadsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Shahar Ben-Porath\Documents\ccsetup502.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Shahar Ben-Porath\Downloads\ccsetup510.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Shahar Ben-Porath\Downloads\FreeStudio.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\Shahar Ben-Porath\Downloads\FreeVideoFlipAndRotate(1).exe Win32/OpenCandy potentially unsafe application
C:\Users\Shahar Ben-Porath\Downloads\FreeVideoFlipAndRotate.exe Win32/Spigot.A potentially unwanted application
C:\Users\Shahar Ben-Porath\Downloads\MP3AudioEditor.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Windows\Installer\cc67c.msi a variant of Win32/Systweak.L potentially unwanted application
D:\documents copy\ccsetup502.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
F:\Documents\ccsetup502.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
eset.txt
Displaying eset.txt.
sagybp is offline  
Old 01-12-2016, 05:11 AM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Yes, please re-install MBAM, as it is an extremely good anti-malware scanner. Update and use it weekly.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-19-2016, 02:27 AM   #17
Registered Member
 
Join Date: Mar 2005
Posts: 22
OS: XP



Here is the MBAM log.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 18/01/2016
Scan Time: 15:12
Logfile: MB1.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.18.03
Rootkit Database: v2016.01.09.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Shahar Ben-Porath

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344957
Time Elapsed: 1 hr, 0 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
sagybp is offline  
Old 01-19-2016, 08:16 AM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, sagybp. How is the machine behaving?

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Program Files\NCH Software\PhotoPad\photopad.exe"
"C:\Program Files\NCH Software\PhotoPad\ppadsetup_v2.26.exe"
"C:\Program Files\NCH Software\PhotoPad\uninst.exe"
"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
"C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
"C:\ProgramData\{5D8C51A8-12EA-4A70-BAD7-ECD400F1CDF4}\iMesh_V12_en_Setup.res"
"C:\Users\All Users\{5D8C51A8-12EA-4A70-BAD7-ECD400F1CDF4}\iMesh_V12_en_Setup.res"
"C:\Users\Shahar Ben-Porath\AppData\LocalLow\Sun\Java\jre1.7.0_65\java_sp.dll"
"C:\Users\Shahar Ben-Porath\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.00\agent\stub_data\askrt_en.cab"
"C:\Users\Shahar Ben-Porath\Desktop\cbsidlm-cbsi134-Free_WMA_to_MP3_Converter-ORG-10494267.exe"
"C:\Users\Shahar Ben-Porath\Desktop\ppadsetup.exe"
"C:\Users\Shahar Ben-Porath\Documents\ccsetup502.exe"
"C:\Users\Shahar Ben-Porath\Downloads\ccsetup510.exe"
"C:\Users\Shahar Ben-Porath\Downloads\FreeStudio.exe"
"C:\Users\Shahar Ben-Porath\Downloads\FreeVideoFlipAndRotate(1).exe"
"C:\Users\Shahar Ben-Porath\Downloads\FreeVideoFlipAndRotate.exe"
"C:\Users\Shahar Ben-Porath\Downloads\MP3AudioEditor.exe"
"C:\Windows\Installer\cc67c.msi"
"D:\documents copy\ccsetup502.exe"
"F:\Documents\ccsetup502.exe"


) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-19-2016, 09:48 AM   #19
Registered Member
 
Join Date: Mar 2005
Posts: 22
OS: XP



The system is working perfectly. No pop-ups or any weird windows.

I got:
Deleted successfully

Press any key
sagybp is offline  
Old 01-20-2016, 01:24 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Congratulations. Well done! Your logs appear clean. You should be good to go.
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the Delete button in the confirm deletion window.
  • Click OK, then click the 'Delete Files' button in the confirm deletion window.
This will remove all but the most recent Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Support - Windows Help

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Random browser issues
When I mean 'random', I mean that I have been noticing that my browsers would, only now and again, try to pop up a random webpage. Stated a while ago after I let someone hold my laptop for a bit, only to come back to something called 'SpringFiles'. I know this is likely similar to Kazza or...
Hazarath Inactive Malware Help Topics 8 11-28-2015 02:37 AM
After MalwareBytes, Inernet, PC SystemRestore Will Not Work.
PC was running slow. I ran MalwareBytes in Chmeleon Mode. I deleted all the MB Quarantined files, as I wanted to Uninstall MB, and I thot it will "dump-back" all the quarantined fiels... My PC is just a metal box now and am desperate. The Internet, Chrome Google will not work, "This web page is...
mg222 Virus/Trojan/Spyware Help 31 04-21-2015 06:34 PM
[SOLVED] Computer screen has no signal when booting
Hi My computer would seem like it is starting up (fans turning and lights blinking) but my computer screen doesn't receive any signal. When the screen display comes back, a Windows Error Recovery menu would show up. Any form of help will be appreciated. :smile: Thank you.
karhn Windows 7 , Windows Vista Support 8 09-27-2014 12:17 AM
Weird Connection Problem
Current Situation: I have 3 Computers on 1 Network. 2/3 of the computer work flawlessly. This is about the third computer. I've reformed, and installed windows vista home, and now I have the weirdest connection problem. Currently using a Lynksys Wireless G Wi-Fi adapter WUSB54GC. (I have tested...
medalmonkey Windows 7 , Windows Vista Support 14 04-21-2012 01:23 AM
c:\windows\system32\net.exe pop ups
Hello, Hope you can help me with this one as it's making my life miserable. I'm getting constant C:\windows\system32\net.exe dos windows pop ups. On startup I get windows installer starting and then one first pop up announcing Norton Ghost services are being closed. After this I have...
trodat Windows XP Support 2 01-20-2012 02:23 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:31 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts