Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Go Save Malware


  • This topic is locked This topic is locked
8 replies to this topic

#1 kirontanvir11

kirontanvir11

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 27 September 2014 - 03:27 PM

Like many others I have been infected with the GoSave adware on Google Chrome. May I receive assistance in removing this issue?

 

I've read posts with the same adware infection and have therefore already downloaded and scanned my computer using Farbar

Here is the FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2014
Ran by Sofia (administrator) on SOFIA-HP on 27-09-2014 13:18:21
Running from C:\Users\Sofia\Downloads
Loaded Profile: Sofia (Available profiles: Sofia & mkhan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(BitTorrent Inc.) C:\Users\Sofia\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Acute Angle Solutions) C:\ProgramData\TMkUVvNS\hHHHGTOs.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Wajam Internet Technologies Inc.) C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Users\Sofia\AppData\Local\Temp\nhpmonitor.exe
(Wajam Internet Technologies Inc.) C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-26] (Hewlett-Packard Company)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2011-01-06] (Atheros Commnucations)
HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-02-09] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2014-06-04] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2014-06-04] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-04-05] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HPQuickWebProxy] => c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [76344 2011-02-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [839384 2014-09-16] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [ospd_us_161] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [addbytes] => [X]
HKLM-x32\...\RunOnce: [Search Extensions Program Files Data Uninstall] => cmd /C rd /Q /S "C:\Program Files (x86)\Search Extensions"
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1096011246-1542537856-1278724791-1001\...\Run: [cdloader] => C:\Users\Sofia\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-1096011246-1542537856-1278724791-1001\...\Run: [uTorrent] => C:\Users\Sofia\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-09-26] (BitTorrent Inc.)
HKU\S-1-5-21-1096011246-1542537856-1278724791-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1096011246-1542537856-1278724791-1001\...\Run: [Facebook Update] => C:\Users\Sofia\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-15] (Facebook Inc.)
HKU\S-1-5-21-1096011246-1542537856-1278724791-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1096011246-1542537856-1278724791-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2014-05-19] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [224704 2014-09-23] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [181696 2014-09-23] (Client Connect LTD)
Lsa: [Notification Packages] DPPassFilter EpePcNp64 scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
BootExecute: autocheck autochk * sasnative64
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6DDC5D0FB1D9CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fixsearch.info/?pid=3458&r=2014/09/14&hid=3153381455800397170&lg=EN&cc=US&unqvl=61
StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKCU - {1BC37B85-A69C-483B-9020-3299EAC97766} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 
SearchScopes: HKCU - {EA264526-726F-452B-8BE0-529C531A45CD} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.75.76
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Sofia\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Sofia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFF
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFF [2014-06-11]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2014-09-26]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-06-04]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M7F64D724-6152-446F-9D6A-EC488265C128&SearchSource=55&CUI=&UM=6&UP=SP2736609C-B9D9-4733-9604-7605A287B752&SSPV=SP21715VC_sp_ch
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-16]
CHR Extension: (Google Drive) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-16]
CHR Extension: (Google Search) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-16]
CHR Extension: (GoSavve) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplapaaokeiieeaffknpapkdpieipckl [2014-09-13]
CHR Extension: (Eye Dropper) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2014-06-20]
CHR Extension: (Google Wallet) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-16]
CHR Extension: (Gmail) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-16]
CHR Extension: (Extutil) - C:\Users\Sofia\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-09-27]
CHR Extension: (Managera) - C:\Users\Sofia\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-09-27]
CHR Extension: (GoSavve) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplapaaokeiieeaffknpapkdpieipckl\2.0 [2014-09-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASO3DiskOptimizer; C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [264512 2014-07-02] (Systweak Software, (www.systweak.com))
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-06] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-06] (Atheros Commnucations) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-09-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-09-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-09-16] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3015104 2014-09-23] (Client Connect LTD)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-11-10] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-03] (Hewlett-Packard Company)
R2 hHHHGTOs; C:\ProgramData\TMkUVvNS\hHHHGTOs.exe [2319744 2014-09-27] (Acute Angle Solutions)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-28] (Hewlett-Packard Company)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] () [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Orbiter; C:/Program Files (x86)/ORBTR/orbiter.dll [492496 2014-09-27] (Client Connect LTD)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2014-06-04] (IDT, Inc.) [File not signed]
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
R2 Wajam Internet Enhancer Service; C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [305152 2014-09-25] (Wajam Internet Technologies Inc.) [File not signed]
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation)
S2 d0e87c27; "C:\windows\system32\rundll32.exe" "c:\progra~2\sw-boo~1\AssistantSvc.dll",service
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-09-16] (BlueStack Systems)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-15] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20140808.002\IDSvia64.sys [525016 2014-06-11] (Symantec Corporation)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20140810.001\ENG64.SYS [126040 2014-06-11] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20140810.001\EX64.SYS [2099288 2014-06-11] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-07-15] (Duplex Secure Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2014-05-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
R1 {6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64; C:\Windows\System32\drivers\{6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64.sys [44688 2014-09-15] (StdLib)
U3 ae6pqsb8; C:\Windows\System32\Drivers\ae6pqsb8.sys [0 ] (Advanced Micro Devices)
R4 nethfdrv; \??\C:\windows\system32\drivers\nethfdrv.sys [X]
R3 SPPD; \??\C:\windows\system32\drivers\SPPD.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-27 13:18 - 2014-09-27 13:20 - 00029382 _____ () C:\Users\Sofia\Downloads\FRST.txt
2014-09-27 13:18 - 2014-09-27 13:18 - 00000000 ____D () C:\FRST
2014-09-27 13:17 - 2014-09-27 13:17 - 02108928 _____ (Farbar) C:\Users\Sofia\Downloads\FRST64.exe
2014-09-27 13:16 - 2014-09-27 13:16 - 01100288 _____ (Farbar) C:\Users\Sofia\Downloads\FRST.exe
2014-09-27 13:07 - 2014-09-27 13:07 - 00004156 _____ () C:\windows\System32\Tasks\RocketTab Update Task
2014-09-27 13:07 - 2014-09-27 13:07 - 00003370 _____ () C:\windows\System32\Tasks\RocketTab
2014-09-27 12:53 - 2014-09-27 12:53 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-27 12:53 - 2014-09-27 12:53 - 00001945 _____ () C:\windows\epplauncher.mif
2014-09-27 12:53 - 2014-09-27 12:53 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-27 12:53 - 2014-09-27 12:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-27 12:52 - 2014-09-27 12:52 - 14087848 _____ (Microsoft Corporation) C:\Users\Sofia\Downloads\mseinstall.exe
2014-09-27 12:41 - 2014-09-27 12:44 - 00000000 ____D () C:\Users\Sofia\AppData\Local\Meteoroids
2014-09-27 12:40 - 2014-09-27 12:50 - 00003894 _____ () C:\windows\System32\Tasks\ISpeedPC_Daily
2014-09-27 12:40 - 2014-09-27 12:40 - 00000937 _____ () C:\Users\Public\Desktop\iSpeedPC.lnk
2014-09-27 12:40 - 2014-09-27 12:40 - 00000000 ____D () C:\Users\Sofia\AppData\Roaming\ISpeedPC
2014-09-27 12:40 - 2014-09-27 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-09-27 12:40 - 2014-09-27 12:40 - 00000000 ____D () C:\Program Files (x86)\predm
2014-09-27 12:39 - 2014-09-27 12:40 - 00000000 ____D () C:\ProgramData\TMkUVvNS
2014-09-27 12:39 - 2014-09-27 12:40 - 00000000 ____D () C:\ProgramData\Meteoroids
2014-09-27 12:39 - 2014-09-27 12:40 - 00000000 ____D () C:\Program Files (x86)\Wajam
2014-09-27 12:39 - 2014-09-27 12:39 - 00000000 ____D () C:\Program Files (x86)\ORBTR
2014-09-27 12:37 - 2014-09-27 12:41 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-09-27 12:37 - 2014-09-27 12:37 - 00003460 _____ () C:\windows\System32\Tasks\ProPCCleaner_Popup
2014-09-27 12:37 - 2014-09-27 12:37 - 00003196 _____ () C:\windows\System32\Tasks\ProPCCleaner_Start
2014-09-27 12:37 - 2014-09-27 12:37 - 00000148 _____ () C:\windows\setupact.log
2014-09-27 12:37 - 2014-09-27 12:37 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-09-27 12:37 - 2014-09-27 12:37 - 00000000 ____D () C:\Users\Sofia\Documents\ProPCCleaner
2014-09-27 12:37 - 2014-09-27 12:37 - 00000000 ____D () C:\Users\Sofia\AppData\Local\Pro_PC_Cleaner
2014-09-27 12:37 - 2014-09-27 12:37 - 00000000 _____ () C:\windows\setuperr.log
2014-09-27 12:35 - 2014-09-27 12:42 - 00000000 ____D () C:\Users\Sofia\AppData\Roaming\OAS
2014-09-27 12:33 - 2014-09-27 12:34 - 00000000 ____D () C:\Users\Sofia\Downloads\Norton Internet Security 2014 [ENG] [Trial Reset] [180]
2014-09-27 12:11 - 2014-09-27 12:16 - 00000000 ____D () C:\Users\mkhan\AppData\Roaming\Systweak
2014-09-27 07:39 - 2014-09-27 07:39 - 00111104 _____ () C:\windows\SysWOW64\installd.exe
2014-09-26 22:36 - 2014-09-26 22:36 - 00000000 ____D () C:\Program Files (x86)\GoSavE
2014-09-25 16:26 - 2014-09-25 16:26 - 00002117 _____ () C:\Users\Public\Desktop\WinDS PRO.lnk
2014-09-23 15:47 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-09-23 15:47 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-09-22 14:57 - 2014-09-22 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-21 23:17 - 2014-09-21 23:17 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-09-21 23:17 - 2014-09-21 23:17 - 00001780 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-09-21 23:17 - 2014-09-21 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-09-21 23:17 - 2014-09-21 23:17 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-09-21 23:17 - 2014-09-21 23:17 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-09-21 23:15 - 2014-09-21 23:38 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-09-21 23:15 - 2014-09-21 23:15 - 00000000 ____D () C:\Users\Sofia\AppData\Local\Bluestacks
2014-09-21 23:14 - 2014-09-21 23:15 - 13309928 _____ (BlueStack Systems Inc.) C:\Users\Sofia\Downloads\BlueStacks-SplitInstaller_native.exe
2014-09-21 23:14 - 2014-09-21 23:15 - 07416523 _____ () C:\Users\Sofia\Downloads\apk-install-6714074.apk
2014-09-17 10:34 - 2014-09-22 10:34 - 00000460 _____ () C:\windows\Tasks\ASO-System Protector.job
2014-09-17 10:34 - 2014-09-17 10:34 - 00003330 _____ () C:\windows\System32\Tasks\ASO-System Protector
2014-09-16 23:27 - 2014-09-16 23:27 - 01030656 _____ () C:\Users\Sofia\Documents\Grylloblatodea.ppt
2014-09-16 00:31 - 2014-09-16 00:37 - 00001660 _____ () C:\windows\system32\ASOROSet.bin
2014-09-15 23:17 - 2014-09-15 23:18 - 00001119 _____ () C:\Users\Public\Desktop\Rosetta Stone TOTALe.lnk
2014-09-15 23:16 - 2014-09-15 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2014-09-15 23:15 - 2014-09-15 23:15 - 00000000 ____D () C:\ProgramData\RosettaStoneLtdServices
2014-09-15 23:15 - 2014-09-15 23:15 - 00000000 ____D () C:\Program Files (x86)\RosettaStoneLtdServices
2014-09-15 22:19 - 2014-09-16 10:10 - 00000000 ____D () C:\Users\Sofia\Desktop\Pet Project
2014-09-15 22:18 - 2014-09-15 22:18 - 00001057 _____ () C:\Users\Sofia\Desktop\Notepad++.lnk
2014-09-15 22:18 - 2014-09-15 22:18 - 00001057 _____ () C:\Users\mkhan\Desktop\Notepad++.lnk
2014-09-15 22:18 - 2014-09-15 22:18 - 00000000 ____D () C:\Users\Sofia\AppData\Roaming\Notepad++
2014-09-15 22:18 - 2014-09-15 22:18 - 00000000 ____D () C:\Users\Sofia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-09-15 22:18 - 2014-09-15 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-09-15 22:18 - 2014-09-15 22:18 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-09-15 22:07 - 2014-09-15 22:08 - 07945210 _____ () C:\Users\Sofia\Downloads\npp.6.6.9.Installer.exe
2014-09-15 21:58 - 2014-09-27 12:17 - 00003108 _____ () C:\windows\System32\Tasks\ASO-System Protector_startup
2014-09-15 21:49 - 2014-09-22 21:49 - 00000460 _____ () C:\windows\Tasks\ASO-AutoCheckUpdate7Days.job
2014-09-15 21:49 - 2014-09-17 23:43 - 00000430 _____ () C:\windows\Tasks\ASO-OneClickCare.job
2014-09-15 21:49 - 2014-09-15 21:58 - 00000000 ____D () C:\Users\Sofia\AppData\Roaming\Systweak
2014-09-15 21:49 - 2014-09-15 21:49 - 00003330 _____ () C:\windows\System32\Tasks\ASO-AutoCheckUpdate7Days
2014-09-15 21:49 - 2014-09-15 21:49 - 00003302 _____ () C:\windows\System32\Tasks\ASO-OneClickCare
2014-09-15 21:49 - 2014-09-15 21:49 - 00000000 ____D () C:\windows\Repair
2014-09-15 21:48 - 2014-09-15 22:11 - 00000000 ____D () C:\Program Files (x86)\Advanced System Optimizer 3
2014-09-15 21:48 - 2014-09-15 21:51 - 00000000 ____D () C:\ProgramData\Systweak
2014-09-15 21:48 - 2014-09-15 21:48 - 00001502 _____ () C:\Users\Public\Desktop\Smart PC Care.lnk
2014-09-15 21:48 - 2014-09-15 21:48 - 00001470 _____ () C:\Users\Public\Desktop\Advanced System Optimizer.lnk
2014-09-15 21:48 - 2014-09-15 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Optimizer 3
2014-09-15 21:48 - 2014-07-02 17:44 - 00019776 _____ (Systweak Inc., (www.systweak.com)) C:\windows\system32\roboot64.exe
2014-09-15 21:48 - 2008-11-21 00:08 - 00016896 _____ () C:\windows\system32\sasnative64.exe
2014-09-15 21:39 - 2014-09-27 12:39 - 00000000 ____D () C:\Users\Sofia\AppData\Local\SearchProtect
2014-09-15 21:25 - 2014-09-15 21:25 - 00000000 ____D () C:\Users\Sofia\AppData\Roaming\TeamViewer
2014-09-15 21:24 - 2014-09-15 21:24 - 06588560 _____ (TeamViewer GmbH) C:\Users\Sofia\Downloads\TeamViewer_Setup_en.exe
2014-09-15 21:21 - 2014-09-15 21:21 - 00367432 _____ () C:\Users\Sofia\Downloads\SoftonicDownloader_for_showmypc.exe
2014-09-15 21:19 - 2014-09-15 21:19 - 02146552 _____ () C:\Users\Sofia\Downloads\ShowMyPC3160 (1).exe
2014-09-15 21:09 - 2014-09-15 21:18 - 00000000 ____D () C:\Program Files (x86)\ShowMyPCService
2014-09-15 21:09 - 2014-09-15 21:09 - 02146552 _____ () C:\Users\Sofia\Downloads\ShowMyPC3160.exe
2014-09-15 21:00 - 2014-09-15 16:25 - 00044688 _____ (StdLib) C:\windows\system32\Drivers\{6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64.sys
2014-09-15 20:59 - 2014-09-15 20:59 - 00003402 _____ () C:\windows\System32\Tasks\PastaQuotes
2014-09-15 20:58 - 2014-09-16 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream
2014-09-15 20:58 - 2014-09-15 21:05 - 00000000 ____D () C:\ProgramData\pastaleads
2014-09-15 20:53 - 2014-09-15 21:37 - 00000000 ____D () C:\Users\Sofia\AppData\Local\WeatherAlerts
2014-09-15 20:52 - 2014-09-27 12:39 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-09-15 20:51 - 2014-09-15 20:51 - 00570216 _____ () C:\Users\Sofia\Downloads\Installation.exe
2014-09-15 19:46 - 2014-09-27 10:51 - 00000928 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1096011246-1542537856-1278724791-1001UA.job
2014-09-15 19:46 - 2014-09-26 19:51 - 00000906 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1096011246-1542537856-1278724791-1001Core.job
2014-09-15 19:46 - 2014-09-15 19:47 - 00000000 ____D () C:\Users\Sofia\AppData\Local\Facebook
2014-09-15 19:46 - 2014-09-15 19:46 - 00501248 _____ (Facebook Inc.) C:\Users\Sofia\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2014-09-15 19:46 - 2014-09-15 19:46 - 00003904 _____ () C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1096011246-1542537856-1278724791-1001UA
2014-09-15 19:46 - 2014-09-15 19:46 - 00003536 _____ () C:\windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1096011246-1542537856-1278724791-1001Core
2014-09-15 13:01 - 2014-09-15 13:02 - 06057862 _____ (Tim Kosse) C:\Users\Sofia\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-15 11:51 - 2014-09-15 11:51 - 00263032 _____ (Fusion Install ) C:\Users\Sofia\Downloads\Setup (2).exe
2014-09-14 17:28 - 2014-09-14 17:28 - 00048046 _____ () C:\Users\Sofia\Downloads\76b12fd276c608aeb41577e92a543ae0c8c8920a.zip
2014-09-14 14:32 - 2014-09-14 14:32 - 00044754 _____ () C:\Users\Sofia\Downloads\jodhaa-akbar-2008_english-703738.zip
2014-09-13 20:35 - 2014-09-27 11:52 - 00000476 ____H () C:\windows\Tasks\SW-Booster-S-792098896.job
2014-09-13 20:35 - 2014-09-26 22:40 - 00000000 ____D () C:\ProgramData\GoSavE
2014-09-13 20:35 - 2014-09-26 22:36 - 00000000 ____D () C:\ProgramData\8b6ba9cd185f6772
2014-09-13 20:35 - 2014-09-16 00:33 - 00000000 ____D () C:\Program Files (x86)\SW-Booster
2014-09-13 20:35 - 2014-09-13 20:35 - 00002722 _____ () C:\windows\System32\Tasks\SW-Booster-S-792098896
2014-09-13 20:35 - 2014-09-13 20:35 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-13 20:35 - 2014-09-13 20:35 - 00000000 ____D () C:\Users\Sofia\AppData\Local\Torch
2014-09-13 20:35 - 2014-09-13 20:35 - 00000000 ____D () C:\Users\Sofia\AppData\Local\Comodo
2014-09-13 20:35 - 2014-09-13 20:35 - 00000000 ____D () C:\Users\Sofia\AppData\Local\Chromatic Browser
2014-09-13 20:35 - 2014-09-13 20:35 - 00000000 ____D () C:\Users\mkhan\AppData\Local\Torch
2014-09-13 20:35 - 2014-09-13 20:35 - 00000000 ____D () C:\Users\mkhan\AppData\Local\Comodo
2014-09-13 20:35 - 2014-09-13 20:35 - 00000000 ____D () C:\Users\mkhan\AppData\Local\Chromatic Browser
2014-09-13 20:35 - 2014-09-13 20:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-09-13 20:35 - 2014-09-13 20:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-09-13 20:35 - 2014-09-13 20:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-09-13 20:35 - 2014-09-13 20:35 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-09-13 20:35 - 2014-09-13 20:35 - 00000000 ____D () C:\Users\Guest
2014-09-13 20:35 - 2014-09-13 20:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-13 20:35 - 2014-09-13 20:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-13 20:35 - 2014-09-13 20:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-13 20:35 - 2014-09-13 20:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-13 20:35 - 2014-09-13 20:35 - 00000000 ____D () C:\Users\Administrator
2014-09-13 20:35 - 2014-09-13 20:35 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-09-13 20:34 - 2014-09-13 20:34 - 00872448 _____ (Sweetish Of) C:\Users\Sofia\Downloads\Daemon Tools Pro Advanced 5.5 Crack is Here !.exe
2014-09-13 20:32 - 2014-09-13 20:32 - 00371928 _____ () C:\Users\Sofia\Downloads\Daemon_Tools_Pro.full.exe
2014-09-13 20:26 - 2014-09-13 20:26 - 00003294 _____ () C:\windows\System32\Tasks\{A831F846-ACAF-4FD4-B54A-036A53DB5090}
2014-09-11 03:04 - 2014-08-16 21:00 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-11 03:04 - 2014-08-16 21:00 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-11 03:04 - 2014-08-16 20:59 - 19280384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-11 03:04 - 2014-08-16 20:59 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-11 03:04 - 2014-08-16 20:59 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-11 03:04 - 2014-08-16 20:59 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-11 03:04 - 2014-08-16 20:59 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-11 03:04 - 2014-08-16 20:58 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-11 03:04 - 2014-08-16 20:58 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-11 03:04 - 2014-08-16 20:58 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-11 03:04 - 2014-08-16 20:58 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-11 03:04 - 2014-08-16 20:58 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-09-11 03:04 - 2014-08-16 20:58 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-11 03:04 - 2014-08-16 20:58 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-11 03:04 - 2014-08-16 20:58 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-11 03:04 - 2014-08-16 20:58 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-11 03:04 - 2014-08-16 20:58 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-09-11 03:04 - 2014-08-16 20:58 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-11 03:04 - 2014-08-16 20:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-11 03:04 - 2014-08-16 20:58 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-11 03:04 - 2014-08-16 20:57 - 14369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-11 03:04 - 2014-08-16 20:57 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-11 03:04 - 2014-08-16 20:57 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-11 03:04 - 2014-08-16 20:57 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-11 03:04 - 2014-08-16 20:57 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-11 03:04 - 2014-08-16 20:57 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-11 03:04 - 2014-08-16 20:57 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-11 03:04 - 2014-08-16 20:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-09-11 03:04 - 2014-08-16 20:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-11 03:04 - 2014-08-16 20:57 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-11 03:04 - 2014-08-16 20:57 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-11 03:04 - 2014-08-16 20:57 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-11 03:04 - 2014-08-16 20:57 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-11 03:04 - 2014-08-16 20:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-11 03:04 - 2014-08-16 20:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-09-11 03:04 - 2014-08-16 20:57 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-11 03:04 - 2014-08-16 20:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-11 03:04 - 2014-08-16 20:57 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-11 03:04 - 2014-08-16 20:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-11 03:04 - 2014-08-16 00:25 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-11 03:04 - 2014-08-15 23:43 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-11 03:04 - 2014-08-15 23:34 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-09-11 03:04 - 2014-08-15 22:53 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-09-11 03:01 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-11 03:01 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 19:15 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-10 19:15 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-10 19:15 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-10 19:15 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-10 19:15 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-10 19:15 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-10 19:15 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-10 19:15 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-10 19:15 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-10 19:14 - 2014-09-04 19:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-10 19:14 - 2014-09-04 19:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-10 08:15 - 2014-09-10 08:15 - 00000000 ____D () C:\Users\mkhan\AppData\Local\Hewlett-Packard
2014-09-09 17:22 - 2014-09-11 09:04 - 00000000 ____D () C:\Users\mkhan\AppData\Roaming\Skype
2014-09-09 17:22 - 2014-09-09 17:22 - 00000000 ____D () C:\Users\mkhan\AppData\Local\Skype
2014-09-09 16:55 - 2014-09-09 16:56 - 00009217 _____ () C:\Users\Sofia\Documents\emailman express keywords.xlsx
2014-09-05 12:01 - 2014-09-05 12:16 - 00000000 ____D () C:\Users\Sofia\Downloads\Rich Hill (2014) 1080p WEB-DL x264 AAC
2014-09-04 21:36 - 2014-09-04 21:36 - 02502804 _____ () C:\Users\Sofia\Downloads\Attachments_201494.zip
2014-09-03 10:40 - 2014-09-03 10:40 - 00049173 _____ () C:\Users\Public\Documents\Ranking_Analysis_XOF_9.3.14.xls
2014-09-02 23:55 - 2014-09-02 23:55 - 2073034752 _____ () C:\Users\Sofia\Downloads\Photoshop.dmg
2014-09-02 23:50 - 2014-09-02 23:50 - 03185496 _____ () C:\Users\Sofia\Downloads\Adobe CS6 Master Collection amtlib.rar
2014-09-02 22:29 - 2014-09-02 22:29 - 00018850 _____ () C:\Users\Sofia\Downloads\my_config.php
2014-09-02 21:42 - 2014-09-02 21:43 - 00763448 _____ ( ) C:\Users\Sofia\Downloads\FileZilla_3.9.0.3_win32-setup (1).exe
2014-08-30 12:09 - 2014-08-30 12:58 - 00000000 ____D () C:\Users\Sofia\Downloads\Night.At.The.Museum.Duology.2006-2009.1080p.BluRay.x264.anoXmous
2014-08-30 11:39 - 2014-08-30 11:47 - 00000000 ____D () C:\Users\Sofia\Downloads\Mrs.Doubtfire.1993.720p.BluRay.x264.anoXmous
2014-08-30 11:38 - 2014-08-30 11:49 - 00000000 ____D () C:\Users\Sofia\Downloads\Patch.Adams.1998.720p.HDDVD.x264.anoXmous
2014-08-29 10:39 - 2014-09-27 12:48 - 00000000 ____D () C:\Users\Sofia\AppData\Roaming\ArcSoft
2014-08-29 10:39 - 2014-08-29 10:39 - 00000000 ____D () C:\Users\Sofia\Documents\ArcSoft
2014-08-29 10:34 - 2014-08-29 10:35 - 170510458 ____R () C:\Users\Sofia\Downloads\Enrique Iglesias - Bailando 1080p (English Version) ft. Sean Paul, Descemer Bueno, Gente De Zona.mkv
2014-08-28 12:27 - 2014-08-28 12:53 - 01035762 _____ () C:\Users\Sofia\Desktop\page4.psd
2014-08-28 10:56 - 2014-08-27 11:10 - 21805907 _____ () C:\Users\Sofia\Desktop\AANDI_BACK.eps
2014-08-28 10:56 - 2014-08-27 11:06 - 12894587 _____ () C:\Users\Sofia\Desktop\AANDI_FRONT.eps
2014-08-28 04:41 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 04:41 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-28 04:41 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-27 13:18 - 2014-05-16 21:07 - 00000000 ____D () C:\Users\Sofia\AppData\Roaming\uTorrent
2014-09-27 13:12 - 2009-07-13 21:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-27 13:12 - 2009-07-13 21:45 - 00022704 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-27 13:02 - 2014-05-16 08:49 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-27 12:57 - 2014-05-15 16:42 - 01367587 _____ () C:\windows\WindowsUpdate.log
2014-09-27 12:48 - 2014-05-15 16:54 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-09-27 12:46 - 2014-05-17 20:56 - 00000000 ____D () C:\Users\Sofia\AppData\Local\CrashDumps
2014-09-27 12:32 - 2014-05-15 17:02 - 00000000 ____D () C:\Users\Sofia\AppData\Roaming\Skype
2014-09-27 12:31 - 2014-05-16 08:46 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-09-27 12:31 - 2014-05-15 16:46 - 00000000 ____D () C:\Users\Sofia\Documents\Bluetooth Folder
2014-09-27 12:30 - 2014-08-11 20:12 - 00000000 ____D () C:\Users\Public\Documents\WinDS PRO
2014-09-27 12:29 - 2014-06-05 10:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-27 12:21 - 2014-08-20 13:55 - 00000562 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-1096011246-1542537856-1278724791-1001.job
2014-09-27 11:52 - 2014-07-31 03:49 - 00000000 ____D () C:\Users\mkhan\Documents\Bluetooth Folder
2014-09-27 11:52 - 2014-05-16 08:49 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 23:36 - 2014-05-15 16:41 - 00000000 ____D () C:\windows\rescache
2014-09-26 22:42 - 2011-05-04 17:54 - 00000000 ____D () C:\ProgramData\PDFC
2014-09-26 22:40 - 2014-05-21 09:57 - 00000332 _____ () C:\windows\Tasks\HPCeeScheduleForSofia.job
2014-09-26 22:40 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-26 13:37 - 2014-05-21 09:57 - 00003186 _____ () C:\windows\System32\Tasks\HPCeeScheduleForSofia
2014-09-26 13:37 - 2014-05-15 16:43 - 00000000 ____D () C:\Users\Sofia
2014-09-26 11:01 - 2014-06-20 08:36 - 00003218 _____ () C:\windows\System32\Tasks\HPCeeScheduleForSOFIA-HP$
2014-09-26 11:01 - 2014-06-20 08:36 - 00000342 _____ () C:\windows\Tasks\HPCeeScheduleForSOFIA-HP$.job
2014-09-25 16:26 - 2014-08-11 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDS PRO
2014-09-25 16:23 - 2014-08-19 23:36 - 00000000 ____D () C:\Users\Sofia\Desktop\Nintendo
2014-09-24 08:10 - 2014-05-28 08:38 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-24 08:10 - 2014-05-21 08:40 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-09-24 06:29 - 2014-06-05 10:08 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 06:29 - 2014-06-05 10:08 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 06:29 - 2014-06-05 10:08 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-22 14:57 - 2014-05-16 17:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-22 14:57 - 2014-05-15 17:02 - 00000000 ____D () C:\ProgramData\Skype
2014-09-22 14:54 - 2009-07-13 22:08 - 00032644 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-09-21 23:42 - 2014-05-16 09:01 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-21 23:17 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-17 23:13 - 2014-08-20 13:55 - 00003588 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1096011246-1542537856-1278724791-1001
2014-09-16 21:25 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2014-09-16 00:37 - 2009-07-13 19:34 - 83886080 _____ () C:\windows\system32\config\SOFTWARE.bak
2014-09-16 00:37 - 2009-07-13 19:34 - 17301504 _____ () C:\windows\system32\config\SYSTEM.bak
2014-09-16 00:37 - 2009-07-13 19:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
2014-09-16 00:32 - 2009-07-13 19:34 - 00262144 _____ () C:\windows\system32\config\SAM.bak
2014-09-16 00:30 - 2014-05-16 21:08 - 00000000 ____D () C:\Users\Sofia\AppData\Roaming\Search Protection
2014-09-15 23:44 - 2014-05-16 16:17 - 00000000 ____D () C:\windows\Minidump
2014-09-15 23:44 - 2009-07-27 08:04 - 00000000 ____D () C:\windows\Panther
2014-09-15 23:39 - 2014-08-08 21:14 - 00000000 ____D () C:\Users\Sofia\AppData\Roaming\FileZilla
2014-09-15 23:18 - 2011-05-04 17:50 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-09-15 23:15 - 2014-07-15 09:06 - 00000000 ____D () C:\Program Files (x86)\Rosetta Stone
2014-09-15 23:11 - 2014-07-15 09:07 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-09-15 22:51 - 2014-08-27 08:55 - 00010185 _____ () C:\Users\Sofia\Downloads\key.xlsb
2014-09-15 21:00 - 2009-07-13 19:34 - 00000580 _____ () C:\windows\win.ini
2014-09-15 11:32 - 2014-07-08 10:19 - 00000000 ____D () C:\Users\Public\Documents\A&I General Cleaning
2014-09-15 08:55 - 2014-05-16 08:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-13 20:35 - 2014-07-31 03:48 - 00000000 ____D () C:\Users\mkhan\AppData\Local\Google
2014-09-13 20:35 - 2014-05-16 08:49 - 00000000 ____D () C:\Users\Sofia\AppData\Local\Google
2014-09-13 20:35 - 2009-07-13 20:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-09-13 20:35 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-09-11 03:09 - 2014-05-16 08:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 03:03 - 2011-05-04 17:25 - 00775084 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-11 03:02 - 2009-07-13 22:13 - 00775084 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-11 03:00 - 2014-05-22 09:40 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-10 21:06 - 2014-05-16 08:50 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-06 00:11 - 2014-06-11 22:37 - 00000000 ____D () C:\Users\Sofia\AppData\Roaming\vlc
2014-09-05 11:06 - 2014-05-21 13:31 - 00000000 ____D () C:\Users\Sofia\Documents\A&I
2014-09-03 10:39 - 2014-07-08 10:23 - 00000000 ____D () C:\Users\Public\Documents\Xpress Office Furniture
2014-09-02 21:43 - 2014-08-08 21:14 - 00002004 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-09-02 21:43 - 2014-08-08 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-09-02 21:43 - 2014-08-08 21:14 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-30 03:19 - 2009-07-13 21:45 - 00411280 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-29 10:39 - 2014-05-15 16:55 - 00000000 ___HD () C:\ProgramData\ArcSoft
2014-08-28 01:07 - 2014-08-27 21:44 - 00000000 ____D () C:\Users\Sofia\Downloads\Rosetta.Stone.V.3.3.5.Plus.Language.Packs
 
Some content of TEMP:
====================
C:\Users\Sofia\AppData\Local\Temp\7z920.exe
C:\Users\Sofia\AppData\Local\Temp\biclient.exe
C:\Users\Sofia\AppData\Local\Temp\bytes.exe
C:\Users\Sofia\AppData\Local\Temp\ClientToMobilePlatform.exe
C:\Users\Sofia\AppData\Local\Temp\ctmpua.exe
C:\Users\Sofia\AppData\Local\Temp\FrdI6.exe
C:\Users\Sofia\AppData\Local\Temp\gcadapter.dll
C:\Users\Sofia\AppData\Local\Temp\ms.exe
C:\Users\Sofia\AppData\Local\Temp\nhpmonitor.exe
C:\Users\Sofia\AppData\Local\Temp\nsa7769.exe
C:\Users\Sofia\AppData\Local\Temp\nsaC0D7.exe
C:\Users\Sofia\AppData\Local\Temp\nsf1B80.exe
C:\Users\Sofia\AppData\Local\Temp\nsf6FE9.exe
C:\Users\Sofia\AppData\Local\Temp\nsfB86D.exe
C:\Users\Sofia\AppData\Local\Temp\nsk1BEC.exe
C:\Users\Sofia\AppData\Local\Temp\nsk2253.exe
C:\Users\Sofia\AppData\Local\Temp\nsp146D.exe
C:\Users\Sofia\AppData\Local\Temp\QMSLibrary.dll
C:\Users\Sofia\AppData\Local\Temp\qms_new.exe
C:\Users\Sofia\AppData\Local\Temp\Setup.exe
C:\Users\Sofia\AppData\Local\Temp\Setup1.exe
C:\Users\Sofia\AppData\Local\Temp\setup_ISpeedPC_SO_UN.exe
C:\Users\Sofia\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sofia\AppData\Local\Temp\SxWo5.dll
C:\Users\Sofia\AppData\Local\Temp\SxWo5.exe
C:\Users\Sofia\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Sofia\AppData\Local\Temp\System.Data.SQLite36286.dll
C:\Users\Sofia\AppData\Local\Temp\System.Data.SQLite45109.dll
C:\Users\Sofia\AppData\Local\Temp\Update__7376_il154.exe
C:\Users\Sofia\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-26 01:33
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:44 PM

Posted 27 September 2014 - 04:04 PM

:welcome:

Hello kirontanvir11,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 kirontanvir11

kirontanvir11
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 28 September 2014 - 01:11 AM

[Security Check checkup.txt]
 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
Norton Internet Security        
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome 37.0.2062.103  
 Google Chrome 37.0.2062.120  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#4 kirontanvir11

kirontanvir11
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 28 September 2014 - 01:13 AM

[Malwarebytes Anti-Rootkit MBAR-log-***.txt]

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.17089
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 4226146304, free: 2069012480
 
Downloaded database version: v2014.09.28.02
Downloaded database version: v2014.09.19.01
=======================================
Initializing...
------------ Kernel report ------------
     09/27/2014 22:38:28
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\Drivers\MfeEpePc.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\{6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
\??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1207020.003\Ironx64.SYS
\SystemRoot\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20140808.002\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20140801.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\SystemRoot\System32\Drivers\aa552986.SYS
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\ArcSoftVCapture.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\snp2uvc.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\sncduvc.SYS
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_MfeEpeHb.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004de3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004b30050
Lower Device Driver Name: \Driver\iaStor\
IRP handler 0 of \Driver\iaStor is hooked
IRP handler 2 of \Driver\iaStor is hooked
IRP handler 14 of \Driver\iaStor is hooked
IRP handler 15 of \Driver\iaStor is hooked
IRP handler 16 of \Driver\iaStor is hooked
IRP handler 22 of \Driver\iaStor is hooked
IRP handler 23 of \Driver\iaStor is hooked
IRP handler 27 of \Driver\iaStor is hooked
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004de3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004b30050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004de3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004de3a40, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004de4040, DeviceName: Unknown, DriverName: \Driver\MfeEpePc\
DevicePointer: 0xfffffa8004de3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004c64a90, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004b2ca40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004b30050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\MfeEpePc\
Upper DeviceData: 0xfffff8a005d92a50, 0xfffffa8004de3060, 0xfffffa800bff85b0
Lower DeviceData: 0xfffff8a00f7ced70, 0xfffffa8004b30050, 0xfffffa80047f8ba0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4166D6A8
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 614400
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 616448  Numsec = 578797568
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 579414016  Numsec = 35235840
 
    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 614649856  Numsec = 10489856
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Infected: C:\Program Files (x86)\SW-Booster\Assistant_x64.dll --> [Trojan.SProtector]
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004de3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004b30050
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xfffffa80047f8ba0
File C:\Windows\System32\drivers\{6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64.sys will be destroyed
Infected: C:\Windows\System32\drivers\{6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64.sys --> [PUP.Optional.Sanbreel.A]
 

 



#5 kirontanvir11

kirontanvir11
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 28 September 2014 - 01:14 AM

[AdwCleaner AdwCleaner[R0].txt]

 

# AdwCleaner v3.310 - Report created 27/09/2014 at 22:59:33
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sofia - SOFIA-HP
# Running from : C:\Users\Sofia\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : d0e87c27
Service Found : {6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\windows\System32\drivers\{6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64.sys
File Found : C:\windows\System32\roboot64.exe
File Found : C:\windows\System32\sasnative64.exe
File Found : C:\windows\SysWOW64\installd.exe
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\sw-booster
Folder Found : C:\ProgramData\pastaleads
Folder Found : C:\ProgramData\Systweak
Folder Found : C:\ProgramData\Trusted Publisher
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\mkhan\AppData\Local\Chromatic Browser
Folder Found : C:\Users\mkhan\AppData\Local\torch
Folder Found : C:\Users\mkhan\AppData\Roaming\Systweak
Folder Found : C:\Users\Sofia\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Sofia\AppData\Local\torch
Folder Found : C:\Users\Sofia\AppData\Local\WeatherAlerts
Folder Found : C:\Users\Sofia\AppData\Roaming\Search Protection
Folder Found : C:\Users\Sofia\AppData\Roaming\Systweak
 
***** [ Scheduled Tasks ] *****
 
Task Found : RocketTab Update Task
Task Found : RocketTab
Task Found : SW-Booster-S-792098896
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\Conduit_Search_Protect
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\RocketTabInstalled
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\BI
Key Found : [x64] HKCU\Software\Conduit_Search_Protect
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\RocketTabInstalled
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\TutoTag
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
Key Found : HKLM\SOFTWARE\NpApp
Key Found : HKLM\SOFTWARE\RocketTab
Key Found : HKLM\SOFTWARE\SW-Booster
Key Found : HKLM\SOFTWARE\systweak
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17088
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fPoqp1GorcadxjjsoExAlQIH0JruBWJeE-UWY8b_vp-X2A2HuxEbZaG33qnCF3WlcR9FHItHMgMf3wLX282KtM4SlI6rmGH8G1azqSC754fCUSxJlApcJLfE27KTBE4MPt5nL-EYck9h5g,,&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.fixsearch.info/?pid=3458&r=2014/09/14&hid=3153381455800397170&lg=EN&cc=US&unqvl=61
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fPoqp1GorcadxjjsoExAlQIH0JruBWJeE-UWY8b_vp-X2A2HuxEbZaG33qnCF3WlcR9FHItHMgMf3wLX282KtM4SlI6rmGH8G1azqSC754fCUSxJlApcJLfE27KTBE4MPt5nL-EYck9h5g,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fPoqp1GorcadxjjsoExAlQIH0JruBWJeE-UWY8b_vp-X2A2HuxEbZaG33qnCF3WlcR9FHItHMgMf3wLX282KtM4SlI6rmGH8G1azqSC754fCUSxJlApcJLfE27KTBE4MPt5nL-EYck9h5g,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQAxQHSlVfcqvikmWF5fPoqp1GorcadxjjsoExAlQIH0JruBWJeE-UWY8b_vp-X2A2HuxEbZaG33qnCF3WlcR9FHItHMgMf3wLX282KtM4SlI6rmGH8G1azqSC754fCUSxJlApcJLfE27KTBE4MPt5nL-EYck9h5g,,&q={searchTerms}
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\mkhan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
[ File : C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M7F64D724-6152-446F-9D6A-EC488265C128&SearchSource=55&CUI=&UM=6&UP=SP2736609C-B9D9-4733-9604-7605A287B752&SSPV=SP21715VC_sp_ch
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R0].txt - [8740 octets] - [27/09/2014 22:59:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8800 octets] ##########


#6 Jo*

Jo*

  • Malware Response Team
  • 3,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:44 PM

Posted 28 September 2014 - 05:39 AM

Hello kirontanvir11,

Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 Jo*

Jo*

  • Malware Response Team
  • 3,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:44 PM

Posted 04 October 2014 - 09:23 AM


Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 kirontanvir11

kirontanvir11
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 05 October 2014 - 12:54 AM

Yes the issue was resolved through a reset of the harddrive due to a malfunction in the hardware.

#9 Jo*

Jo*

  • Malware Response Team
  • 3,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:44 PM

Posted 05 October 2014 - 05:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users