Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojans and worms


  • This topic is locked This topic is locked
62 replies to this topic

#1 Ugex HustleHudge

Ugex HustleHudge

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 26 February 2015 - 11:22 PM

Hello..

 

my problem was that i have applications on my PC disguised as shortcuts, a random webpage that opens every time i open my computer, back ground processes disguised like system process, and that my system reboots on it is own when i try to download something or watch you tube

 

BC advisor (buddy215) in the: Am I infected? What do I do? fourm told me to use some tools and he helped me removing some of the shortcuts and solving the back ground process problem.. and he advised me to post my problem on this fourm

 

the tools i used previuosly are: CCleaner, Malwarebytes' Anti-Malware, Junkware Removal Tool, and ESET online scan 

 

FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Ugex (administrator) on UGEX-PC on 27-02-2015 07:02:14
Running from C:\Users\Ugex\Desktop
Loaded Profiles: Ugex (Available profiles: Ugex)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(MPC-HC Team) C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Ugex\Desktop\FRST64_2.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3878480 2014-09-03] (Tonec Inc.)
HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit)
HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\...\MountPoints2: {9d8a9d72-3f8c-11e4-b0ba-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\...\MountPoints2: {c5bfac76-45f3-11e4-8cf6-e840f20a551d} - F:\SISetup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ar-sa/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2108125665-3578209175-1559368474-1000 -> DefaultScope {9F6940BB-5F8F-471C-B0B3-A5E689DCA599} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2108125665-3578209175-1559368474-1000 -> {9F6940BB-5F8F-471C-B0B3-A5E689DCA599} URL = http://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
Hosts: HTML script in Hosts detected. See Hosts section of Addition.txt <==== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ugex\AppData\Roaming\Mozilla\Firefox\Profiles\i0bs6qh3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Ugex\AppData\Roaming\Mozilla\Firefox\Profiles\i0bs6qh3.default\Extensions\iobitascsurfingprotection@iobit.com [2015-02-11]
FF HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ugex\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Ugex\AppData\Roaming\IDM\idmmzcc5 [2014-09-18]
FF HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ugex\AppData\Roaming\IDM\idmmzcc5
FF Extension: No Name - C:\Users\Ugex\Desktop\Tor Browser\Browser\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
StartMenuInternet: FIREFOX.EXE - C:\Users\Ugex\Desktop\Tor Browser\Browser\firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://sa.hao123.com/?tn=bbl_pay_hp_02_hao123_sa
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-18]
CHR Extension: (Angry Birds) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-09-18]
CHR Extension: (Theme Creator) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2014-09-18]
CHR Extension: (Google Docs) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-18]
CHR Extension: (Google Drive) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-18]
CHR Extension: (Flick & Share) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bacfadidbmokocppcbhdnkoljdfaiinj [2014-09-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-18]
CHR Extension: (YouTube) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-18]
CHR Extension: (Adblock Plus) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-21]
CHR Extension: (Phantom Seeds) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinggomlpbhmhlpjbphbniocljocmdkg [2014-09-18]
CHR Extension: (Google Search) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-18]
CHR Extension: (Dangerous Hands) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfiolepojknoifmfmaooacpopandonoc [2014-09-18]
CHR Extension: (The Flower Shop - Summer in Fairbrook) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhpcacgginliblljanhdgnkohkffaekp [2014-09-18]
CHR Extension: (Stardoll) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkaepijclibocpmckgabmkoglbgmlk [2014-09-18]
CHR Extension: (Princess Coloring) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpigdgeheinhhjlcafpkhdojibfhmpnh [2014-09-18]
CHR Extension: (EffectyGram) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbeahpjkbdfilaomikdffcambkgfgkoe [2014-09-18]
CHR Extension: (Google Sheets) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-18]
CHR Extension: (ButtonBass Dubstep Piano) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiejnmbkpbdancllfaneekiijkgapeac [2014-09-18]
CHR Extension: (Fashionista Diaries) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\flknknnahiobcoanhfgmgkfiiahpfifl [2014-09-18]
CHR Extension: (Hello Kitty City Adventure) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbilgebifomflmopkhmgamhemlnbaec [2014-09-18]
CHR Extension: (Monster High Draculaura) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gionmcgllfpiihdimnaifklnjeligheg [2014-09-18]
CHR Extension: (CandyDash) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\glojkngcaeoenbcikfdicahjnaggkcbf [2014-09-18]
CHR Extension: (Fireboy & Watergirl 4 Crystal Temple) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbioademamgcidpknbkilibejpjhhoak [2014-09-18]
CHR Extension: (FabCam) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hejilffmihldhlfocnabcgndjjpgadfl [2014-09-18]
CHR Extension: (The Elementals) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfhfehlnocjpbnbcabcjjnemkkkghaak [2014-09-18]
CHR Extension: (Can you Draw) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpgmhiehgolljnnnohpdnfiedijbcdaj [2014-09-18]
CHR Extension: (Coloring Pages) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhcehgkaccjiljllpejjekibagmonki [2014-09-18]
CHR Extension: (Fire Boy And Water Girl) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iogblfbfoldfgammcabomglfajocfpea [2014-09-18]
CHR Extension: (Fruity Annie) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbacnfobpliffdmiickfhceamljbcnjf [2014-09-18]
CHR Extension: (IDM Integration Module) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-09-18]
CHR Extension: (Pixect) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgdeoagndhabdnoenpdcagbkkmjeibmh [2014-09-18]
CHR Extension: (Ninja mouse) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnpgcalemojfompgcdgbinecbeaelgob [2014-09-18]
CHR Extension: (Allah Names) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\khoabpgajaddoglckeodhifmdgfambec [2014-09-18]
CHR Extension: (Sand 2) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\klicmgamjpclmbhppmdeamffedflmkcn [2014-09-18]
CHR Extension: (Webcam Toy) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2014-09-18]
CHR Extension: (Premiumize.me) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm [2014-09-18]
CHR Extension: (Look Girl) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlbepchjnfhacainddoiijhboceljjgm [2014-09-18]
CHR Extension: (Hello Kitty Decoration) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllimkbmjpgdmlmccfllikdiidmponfj [2014-09-18]
CHR Extension: (Google Wallet) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-18]
CHR Extension: (NetStagram) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojclphfkljfgdbggobfllbnochlnlhei [2014-09-18]
CHR Extension: (Rollip - Photo Effects) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooikhmcdpofogemaldinihdhidaokcmp [2014-09-18]
CHR Extension: (cronsync) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbngjmgfclegmldmnjbfbgpphbaakjnk [2014-09-18]
CHR Extension: (Fireboy and Watergirl) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcegldchfjakjnbjjndmjnbnhapnoohc [2014-09-18]
CHR Extension: (Janvas - The Online Vector Graphics Editor) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pihdjhjonjklikinhbobeogngllgcmoh [2014-09-18]
CHR Extension: (Gmail) - C:\Users\Ugex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-18]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-09-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-12-12] (Electronic Arts)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-08-28] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-26] (Malwarebytes Corporation)
R3 MTKSCVAD; C:\Windows\System32\drivers\mtkvadx.sys [44544 2012-07-16] (Ralink Technology, Corp.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-27 07:02 - 2015-02-27 07:02 - 00022669 _____ () C:\Users\Ugex\Desktop\FRST.txt
2015-02-27 07:01 - 2015-02-27 07:02 - 00000000 ____D () C:\FRST
2015-02-27 07:00 - 2015-02-27 06:59 - 02087936 _____ (Farbar) C:\Users\Ugex\Desktop\FRST64_2.exe
2015-02-27 05:47 - 2015-02-27 05:47 - 00510731 _____ () C:\Users\Ugex\Desktop\ESETScan.txt
2015-02-27 00:02 - 2015-02-27 00:02 - 02347384 _____ (ESET) C:\Users\Ugex\Downloads\esetsmartinstaller_enu.exe
2015-02-27 00:02 - 2015-02-27 00:02 - 02347384 _____ (ESET) C:\Users\Ugex\Desktop\esetsmartinstaller_enu.exe
2015-02-27 00:02 - 2015-02-27 00:02 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-26 23:55 - 2015-02-26 23:55 - 00000628 _____ () C:\Users\Ugex\Desktop\JRT.txt
2015-02-26 23:41 - 2015-02-26 23:41 - 00060286 _____ () C:\Windows\PFRO.log
2015-02-26 23:32 - 2015-02-26 23:32 - 00000000 _____ () C:\Users\Ugex\Desktop\New Text Document (2).txt
2015-02-26 23:24 - 2015-02-26 23:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-26 23:24 - 2015-02-26 23:24 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-26 23:24 - 2015-02-26 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-26 23:24 - 2015-02-26 23:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-26 23:24 - 2015-02-26 23:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-26 23:24 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-26 23:24 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-26 23:24 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-26 23:22 - 2015-02-26 23:22 - 00030135 _____ () C:\Users\Ugex\AppData\Local\Update.9.Bron.Tok.bin
2015-02-26 22:59 - 2015-02-26 22:59 - 00030135 _____ () C:\Users\Ugex\AppData\Local\Bron.tok.A9.em.bin
2015-02-26 22:47 - 2015-02-26 23:41 - 00000504 _____ () C:\Windows\setupact.log
2015-02-26 22:47 - 2015-02-26 22:47 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-26 22:42 - 2015-02-26 22:43 - 02126848 _____ () C:\Users\Ugex\Desktop\AdwCleaner.exe
2015-02-26 22:37 - 2015-02-26 22:37 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-26 22:37 - 2015-02-26 22:37 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-26 20:38 - 2015-02-26 20:38 - 00000360 _____ () C:\Windows\Tasks\At2.job
2015-02-26 16:20 - 2015-02-26 22:47 - 00000000 ____D () C:\AdwCleaner
2015-02-26 16:18 - 2015-02-26 16:19 - 02126848 _____ () C:\Users\Ugex\Downloads\adwcleaner_4.111.exe
2015-02-26 15:07 - 2015-02-26 15:07 - 00000000 ____D () C:\Users\Ugex\Desktop\45327_thewalkingdeadfourthseasonarabic887805
2015-02-26 14:23 - 2015-02-26 14:23 - 00014890 _____ () C:\Users\Ugex\Downloads\[kickass.to]the.walking.dead.s03e16.hdtv.nl.subs.dutchreleaseteam.torrent
2015-02-26 14:09 - 2015-02-26 14:09 - 00107227 _____ () C:\Users\Ugex\Downloads\[kickass.to]the.walking.dead.s03e16.720p.web.dl.aac2.0.h.264.cyphanix.torrent
2015-02-25 23:59 - 2015-02-26 23:15 - 00000000 _____ () C:\Users\Ugex\AppData\Local\BronFoldNetDomList.txt
2015-02-22 19:09 - 2015-02-22 19:09 - 00057707 _____ () C:\Users\Ugex\Downloads\67165_serena.2014.BRRip.XViDjuggsETRG.torrent
2015-02-21 20:48 - 2015-02-21 20:48 - 00020589 _____ () C:\Users\Ugex\Downloads\77353_TheWalkingDeadTheCompleteSeason4HDTV.torrent
2015-02-21 20:47 - 2015-02-21 20:47 - 00017073 _____ () C:\Users\Ugex\Downloads\89993_The_Walking_Dead_-_The_Complete_Season_3_[HDTV].torrent
2015-02-21 16:36 - 2015-02-21 16:36 - 00390237 _____ () C:\Users\Ugex\Downloads\92506_The_Walking_Dead_-_Season_2_Complete_HDTV_(XviD_MP3_x264)___Webi.torrent
2015-02-21 11:28 - 2015-02-21 11:28 - 00049057 _____ () C:\Users\Ugex\Downloads\81531_TheWalkingDeadS05E09HDTVx264KILLERSettv.torrent
2015-02-21 10:31 - 2015-02-21 10:31 - 00057611 _____ () C:\Users\Ugex\Downloads\32665_Big.Eyes.2014.DVDSCR.X264PLAYNOW.torrent
2015-02-21 10:31 - 2015-02-21 10:31 - 00017994 _____ () C:\Users\Ugex\Downloads\51909_TheVampireDiariesS06E15HDTVx264LOLettv.torrent
2015-02-20 16:21 - 2015-02-20 16:21 - 00000497 _____ () C:\fixfolder.vbs
2015-02-20 16:18 - 2014-12-06 05:33 - 00021995 _____ () C:\Trojorm Removal Tool v1.5.bat
2015-02-20 16:17 - 2015-02-22 21:48 - 00000000 ____D () C:\Users\Ugex\Desktop\Fixfolder & Trojorm tool
2015-02-20 16:17 - 2015-02-20 16:17 - 00004148 _____ () C:\Users\Ugex\Desktop\Fixfolder & Trojorm tool.zip
2015-02-20 07:44 - 2015-02-20 07:44 - 00035523 _____ () C:\Users\Ugex\Downloads\45865_TheMentalistS07E12E13HDTVx264LOLettv.torrent
2015-02-19 22:51 - 2015-02-19 22:51 - 00007782 _____ () C:\Users\Ugex\Downloads\[kickass.to]honeymoon.2014.720p.brrip.x264.yify.torrent
2015-02-17 23:16 - 2015-02-17 23:16 - 00018561 _____ () C:\Users\Ugex\Downloads\31176_TheOriginalsS02E13HDTVx264LOLettv (2).torrent
2015-02-17 23:15 - 2015-02-17 23:15 - 00018561 _____ () C:\Users\Ugex\Downloads\31176_TheOriginalsS02E13HDTVx264LOLettv (1).torrent
2015-02-17 21:55 - 2015-02-17 21:55 - 00016354 _____ () C:\Users\Ugex\Downloads\73766_TheOriginalsS02E14HDTVx264LOLettv.torrent
2015-02-17 21:55 - 2015-02-17 21:55 - 00008343 _____ () C:\Users\Ugex\Downloads\[kickass.to]laggies.2014.720p.brrip.x264.yify.torrent
2015-02-17 17:27 - 2015-02-17 17:27 - 00114174 _____ () C:\Users\Ugex\Downloads\44543_Horns.2013.HDRip.XViD.AC3juggsETRG.torrent
2015-02-17 17:18 - 2015-02-17 17:18 - 00019831 _____ () C:\Users\Ugex\Downloads\56095_TheHungerGamesMockingjayPart12014720pWEBDL950MBMMKV.torrent
2015-02-15 21:32 - 2015-02-15 21:32 - 00014198 _____ () C:\Users\Ugex\Downloads\93683_The_Walking_Dead_-_The_Complete_Season_1_[HDTV].torrent
2015-02-15 14:21 - 2015-02-15 14:21 - 00000000 __SHD () C:\found.000
2015-02-14 07:06 - 2015-02-14 07:06 - 00017297 _____ () C:\Users\Ugex\Downloads\26562_TheVampireDiariesS06E14HDTVx264LOLettv.torrent
2015-02-14 07:06 - 2015-02-14 07:06 - 00000000 ____D () C:\Users\Ugex\.swt
2015-02-14 07:03 - 2015-02-26 23:39 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\Azureus
2015-02-14 07:03 - 2015-02-14 07:03 - 00001798 _____ () C:\Users\Public\Desktop\Vuze.lnk
2015-02-14 07:03 - 2015-02-14 07:03 - 00001798 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2015-02-14 07:03 - 2015-02-14 07:03 - 00000000 ____D () C:\Program Files\Vuze
2015-02-14 07:00 - 2015-02-14 07:00 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Ugex\Downloads\VuzeBittorrentClientInstaller.exe
2015-02-14 06:54 - 2015-02-14 06:54 - 00030041 _____ () C:\Users\Ugex\AppData\Local\ListHost9.txt
2015-02-14 06:54 - 2015-02-14 06:54 - 00000360 _____ () C:\Windows\Tasks\At1.job
2015-02-14 06:53 - 2015-02-14 06:53 - 00064048 _____ () C:\Users\Ugex\Downloads\11339_The.Vampire.Diaries.S06E14.720p.HDTV.X264DIMENSIONrartv.torrent
2015-02-13 16:55 - 2015-02-13 17:15 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Mentalist.S07E11.720p.HDTV.X264-DIMENSION[brassetv]
2015-02-13 16:54 - 2015-02-13 16:54 - 00000849 _____ () C:\Users\Ugex\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-02-13 16:53 - 2015-02-26 23:39 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\BitTorrent
2015-02-13 16:51 - 2015-02-13 16:51 - 00064286 _____ () C:\Users\Ugex\Downloads\94931_TheMentalistS07E11720pHDTVX264DIMENSION.torrent
2015-02-13 08:25 - 2015-02-13 11:21 - 00000000 ____D () C:\Program Files (x86)\Tor Browser
2015-02-13 08:25 - 2015-02-13 08:25 - 00001069 _____ () C:\Users\Ugex\Desktop\Tor Browser.lnk
2015-02-13 08:23 - 2015-02-13 08:24 - 34324222 _____ () C:\Users\Ugex\Desktop\torbrowser-install-4.0.3_en-US.exe
2015-02-12 16:24 - 2015-02-13 16:05 - 00000000 ____D () C:\Users\Ugex\Desktop\General
2015-02-12 16:09 - 2015-02-13 16:06 - 00000000 ____D () C:\Users\Ugex\Downloads\Game.of.Thrones.S05E00.A.Day.in.the.Life.720p.HDTV.x264-BATV[rarbg]
2015-02-12 15:57 - 2015-02-12 15:57 - 00074888 _____ () C:\Users\Ugex\Downloads\37602_Game.of.Thrones.S05E00.A.Day.in.the.Life.720p.HDTV.x264BATVrartv.torrent
2015-02-12 15:54 - 2015-02-12 15:54 - 00011191 _____ () C:\Users\Ugex\Downloads\29191_game.of.thrones.s05e00.a.day.in.the.life.hdtv.x264.batv.eztv.torrent
2015-02-12 15:53 - 2015-02-23 23:31 - 00000118 _____ () C:\Users\Ugex\Desktop\بودج نيكس.txt
2015-02-11 22:23 - 2015-02-11 22:23 - 00000051 _____ () C:\Users\Ugex\AppData\Local\Kosong.Bron.Tok.txt
2015-02-11 21:48 - 2015-02-11 21:48 - 43868160 _____ () C:\Windows\system32\config\COMPONENTS.iobit
2015-02-11 21:48 - 2015-02-11 21:48 - 104972288 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2015-02-11 21:48 - 2015-02-11 21:48 - 05054464 _____ () C:\Windows\system32\config\DEFAULT.iobit
2015-02-11 21:48 - 2015-02-11 21:48 - 00028672 _____ () C:\Windows\system32\config\SAM.iobit
2015-02-11 21:48 - 2015-02-11 21:48 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2015-02-11 21:45 - 2015-02-26 23:39 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\ProductData
2015-02-11 21:44 - 2015-02-26 23:39 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-11 21:44 - 2015-02-11 21:44 - 00063480 _____ () C:\Users\Ugex\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-11 21:44 - 2015-02-11 21:44 - 00001232 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-02-11 21:44 - 2015-02-11 21:44 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-02-11 21:44 - 2015-02-11 21:44 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-11 21:43 - 2015-02-26 23:39 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\IObit
2015-02-11 21:43 - 2015-02-26 23:39 - 00000000 ____D () C:\ProgramData\IObit
2015-02-11 21:43 - 2015-02-26 14:03 - 00002185 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-02-11 21:43 - 2015-02-14 06:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-02-11 21:43 - 2015-02-11 21:44 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-02-11 21:31 - 2015-02-11 21:31 - 00018561 _____ () C:\Users\Ugex\Downloads\31176_TheOriginalsS02E13HDTVx264LOLettv.torrent
2015-02-09 23:48 - 2015-02-09 23:48 - 00003656 _____ () C:\Windows\System32\Tasks\{329BDF80-694A-4140-85A1-718A565DEA9F}
2015-02-09 20:22 - 2015-02-09 23:41 - 00000000 ____D () C:\Users\Ugex\Downloads\Cake.2014.DVDScr.XVID.AC3.HQ.Hive-CM8
2015-02-09 20:21 - 2015-02-09 20:21 - 00119361 _____ () C:\Users\Ugex\Downloads\18630_Cake.2014.DVDScr.XVID.AC3.HQ.HiveCM8.torrent
2015-02-09 20:20 - 2015-02-09 20:20 - 00000032 _____ () C:\Users\Ugex\Desktop\New Text Document.txt
2015-02-08 22:45 - 2015-02-09 23:42 - 00000000 ____D () C:\Users\Ugex\Downloads\Whiplash (2014)
2015-02-08 22:45 - 2015-02-08 22:45 - 00008925 _____ () C:\Users\Ugex\Downloads\57767_whiplash.2014.720p.brrip.x264.yify.torrent
2015-02-08 21:50 - 2015-02-08 21:50 - 00000000 ____D () C:\Users\Ugex\AppData\Local\Ok-SendMail-Bron-tok
2015-02-08 21:42 - 2015-02-26 23:39 - 00000000 ____D () C:\Users\Ugex\AppData\Local\Loc.Mail.Bron.Tok
2015-02-08 21:42 - 2015-02-25 23:52 - 00001019 ____N () C:\Users\Ugex\AppData\Local\NetMailTmp.bin
2015-02-07 09:55 - 2015-02-10 23:38 - 00000000 ____D () C:\Users\Ugex\Downloads\The Violation of Brianna Lee - A Lesbian Gangbang (1997) XXX
2015-02-07 08:59 - 2015-02-08 21:50 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Vampire.Diaries.S06E13.HDTV.x264-LOL[ettv]
2015-02-07 08:59 - 2015-02-07 08:59 - 00018260 _____ () C:\Users\Ugex\Downloads\7824_the.vampire.diaries.s06e13.hdtv.x264.lol.ettv.torrent
2015-02-06 12:04 - 2015-02-06 12:04 - 00019727 _____ () C:\Users\Ugex\Downloads\[kickass.so]team.skeet.extras.francheska.a.euro.teen.classic.new.team.skeet.february.28.2014.new.torrent
2015-02-06 12:02 - 2015-02-06 12:02 - 00119212 _____ () C:\Users\Ugex\Downloads\[kickass.so]caprice.and.francheska.you.gonna.like.this.hd.1080p.torrent
2015-02-06 12:00 - 2015-02-06 12:00 - 00149712 _____ () C:\Users\Ugex\Downloads\[kickass.so]francheska.a.euro.teen.clasic.1080p.torrent
2015-02-06 10:03 - 2015-02-06 10:03 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-02-06 09:43 - 2015-02-06 09:43 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\Mozilla
2015-02-06 09:43 - 2015-02-06 09:43 - 00000000 ____D () C:\Users\Ugex\AppData\Local\Mozilla
2015-02-06 09:40 - 2015-02-06 09:40 - 00243440 _____ () C:\Users\Ugex\Desktop\Firefox Setup Stub 35.0.1.exe
2015-02-06 07:16 - 2015-02-08 21:50 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Mentalist.S07E10.720p.HDTV.X264-DIMENSION[rarbg]
2015-02-06 07:16 - 2015-02-06 07:16 - 00060658 _____ () C:\Users\Ugex\Downloads\50368_the.mentalist.s07e10.720p.hdtv.x264.dimension.rarbg.torrent
2015-02-05 14:43 - 2015-02-08 21:50 - 00000000 ____D () C:\Users\Ugex\Downloads\Sucker.Punch.Extended.Cut.2011.1080p.BluRay.x264.anoXmous
2015-02-05 14:42 - 2015-02-05 14:42 - 00011563 _____ () C:\Users\Ugex\Downloads\[kickass.so]sucker.punch.2011.extended.cut.1080p.bluray.x264.anoxmous.torrent
2015-02-04 20:07 - 2015-02-08 21:50 - 00000000 ____D () C:\Users\Ugex\Downloads\Rosewater (2014)
2015-02-04 20:06 - 2015-02-04 20:06 - 00008748 _____ () C:\Users\Ugex\Downloads\76821_rosewater.2014.720p.brrip.x264.yify.torrent
2015-02-03 22:58 - 2015-02-08 21:50 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Originals.S02E12.720p.HDTV.X264-DIMENSION[rarbg]
2015-02-03 22:57 - 2015-02-03 22:57 - 00063008 _____ () C:\Users\Ugex\Downloads\90551_the.originals.s02e12.720p.hdtv.x264.dimension.rarbg.torrent
2015-01-31 12:13 - 2015-02-08 21:50 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Vampire.Diaries.S06E12.HDTV.x264-LOL[ettv]
2015-01-31 12:10 - 2015-01-31 12:10 - 00017737 _____ () C:\Users\Ugex\Downloads\96410_TheVampireDiariesS06E12HDTVx264LOLettv.torrent
2015-01-30 21:15 - 2015-01-30 21:15 - 00021284 _____ () C:\Users\Ugex\Downloads\99336_thementalistseventhseasonarabic1054648 (1).zip
2015-01-30 13:27 - 2015-02-08 21:50 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Mentalist.S07E09.720p.HDTV.X264-DIMENSION[rarbg]
2015-01-30 13:27 - 2015-01-30 13:27 - 00066300 _____ () C:\Users\Ugex\Downloads\58585_the.mentalist.s07e09.720p.hdtv.x264.dimension.rarbg.torrent
2015-01-30 13:27 - 2015-01-30 13:27 - 00021284 _____ () C:\Users\Ugex\Downloads\99336_thementalistseventhseasonarabic1054648.zip
2015-01-30 10:27 - 2015-01-30 10:27 - 00000000 ____D () C:\Users\Ugex\Documents\DyingLight
2015-01-30 10:26 - 2015-01-30 10:26 - 00001119 _____ () C:\Users\Ugex\Downloads\[kickass.so]dying.light.crackfix.reloaded.torrent
2015-01-30 09:05 - 2015-01-30 09:05 - 00002597 _____ () C:\Users\Ugex\Downloads\[kickass.so]dying.light.preload.unlocker.ali213.torrent
2015-01-29 18:26 - 2015-02-08 21:50 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Originals.S02E11.HDTV.x264-LOL[ettv]
2015-01-29 18:25 - 2015-01-29 18:25 - 00019354 _____ () C:\Users\Ugex\Downloads\92089_TheOriginalsS02E11HDTVx264LOLettv.torrent
2015-01-29 18:18 - 2015-02-08 21:50 - 00000000 ____D () C:\Users\Ugex\Downloads\John.Wick.2014.RERIP.BDRip.x264-SPARKS[rarbg]
2015-01-29 18:17 - 2015-01-29 18:17 - 00044928 _____ () C:\Users\Ugex\Downloads\84007_john.wick.2014.rerip.bdrip.x264.sparks.rarbg.torrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-27 06:53 - 2014-09-18 20:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-27 04:23 - 2014-12-12 07:40 - 00000000 ____D () C:\Program Files (x86)\Pro Evolution Soccer 2015
2015-02-27 04:23 - 2014-10-03 15:50 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2015-02-27 02:10 - 2014-09-26 23:46 - 00000000 ____D () C:\Users\Ugex\AppData\Local\Adobe
2015-02-26 23:53 - 2014-09-18 20:27 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-26 23:49 - 2009-07-14 07:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-26 23:49 - 2009-07-14 07:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-26 23:48 - 2009-07-14 08:13 - 00781714 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-26 23:41 - 2014-09-18 21:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-26 23:41 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-26 23:40 - 2014-09-18 20:39 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\DMCache
2015-02-26 23:39 - 2014-12-12 13:30 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\Origin
2015-02-26 23:39 - 2014-12-12 13:24 - 00000000 ____D () C:\ProgramData\Origin
2015-02-26 23:39 - 2014-12-02 23:35 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\NuGet
2015-02-26 23:39 - 2014-12-01 21:44 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\Skype
2015-02-26 23:39 - 2014-11-15 22:41 - 00000000 ____D () C:\Users\Ugex\AppData\Local\PAYDAY 2
2015-02-26 23:39 - 2014-10-25 09:19 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\Tunngle
2015-02-26 23:39 - 2014-10-01 18:58 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\TS3Client
2015-02-26 23:39 - 2014-09-19 11:02 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\MPC-HC
2015-02-26 23:39 - 2014-09-19 10:18 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\Sony
2015-02-26 23:39 - 2014-09-18 21:01 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-02-26 23:39 - 2014-09-18 20:39 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\IDM
2015-02-26 23:39 - 2014-09-18 20:33 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\WinRAR
2015-02-26 23:39 - 2014-09-18 18:36 - 00000000 ____D () C:\Users\Ugex
2015-02-26 23:39 - 2010-11-21 10:16 - 00000000 ____D () C:\Windows\ShellNew
2015-02-26 23:39 - 2010-11-21 10:16 - 00000000 ____D () C:\Users\Public\Recorded TV
2015-02-26 21:13 - 2014-11-13 20:30 - 00000000 ____D () C:\Users\Ugex\Documents\Assassin's Creed Unity
2015-02-25 23:53 - 2014-12-01 22:11 - 00000000 ____D () C:\Users\Ugex\Downloads\Beginning Visual C# 2012 Programming V413HAV
2015-02-25 21:56 - 2013-06-17 16:33 - 00000000 ____D () C:\Users\Ugex\Desktop\THE WALKING DEAD S03 SUB
2015-02-25 20:31 - 2014-09-18 20:39 - 00000000 ____D () C:\Users\Ugex\Downloads\Video
2015-02-22 21:48 - 2013-06-17 16:33 - 00000000 ____D () C:\Users\Ugex\Desktop\THE WALKING DEAD S02 SUB
2015-02-22 21:48 - 2013-06-17 16:33 - 00000000 ____D () C:\Users\Ugex\Desktop\THE WALKING DEAD S01 SUB
2015-02-22 19:09 - 2014-09-18 20:39 - 00000000 ____D () C:\Users\Ugex\Downloads\Compressed
2015-02-20 06:55 - 2014-09-18 20:29 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-16 21:21 - 2014-12-02 23:05 - 00000000 ____D () C:\Users\Ugex\Documents\Visual Studio 2013
2015-02-14 06:59 - 2015-01-24 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tales from the Borderlands
2015-02-14 06:59 - 2014-12-12 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-02-14 06:59 - 2014-12-12 07:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
2015-02-14 06:59 - 2014-12-02 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1
2015-02-14 06:59 - 2014-12-02 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
2015-02-14 06:59 - 2014-12-02 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-14 06:59 - 2014-12-02 22:52 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2015-02-14 06:59 - 2014-12-02 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2015-02-14 06:59 - 2014-11-16 20:43 - 00000000 ____D () C:\ProgramData\PAYDAY 2
2015-02-14 06:59 - 2014-11-14 06:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-14 06:59 - 2014-11-10 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2015-02-14 06:59 - 2014-10-09 23:37 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-02-14 06:59 - 2014-10-03 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2015-02-14 06:59 - 2014-10-01 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-02-14 06:59 - 2014-09-20 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-14 06:59 - 2014-09-20 09:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-02-14 06:59 - 2014-09-19 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-02-14 06:59 - 2014-09-19 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DirectX SDK (June 2010)
2015-02-14 06:59 - 2014-09-18 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-14 06:59 - 2014-09-18 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-14 06:59 - 2014-09-18 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-14 06:59 - 2014-09-18 18:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-02-14 06:59 - 2009-07-14 08:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-14 06:59 - 2009-07-14 06:20 - 00000000 __RHD () C:\Users\Default
2015-02-14 06:59 - 2009-07-14 06:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-14 06:59 - 2009-07-14 06:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-14 06:59 - 2009-07-14 06:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-14 06:59 - 2009-07-14 06:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-14 06:59 - 2009-07-14 06:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-14 06:59 - 2009-07-14 06:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-13 08:16 - 2014-09-26 23:48 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-13 08:16 - 2014-09-26 23:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-11 21:51 - 2014-12-19 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed Unity
2015-02-11 21:51 - 2014-12-12 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2015-02-11 21:51 - 2014-11-19 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry 4
2015-02-11 21:51 - 2014-11-16 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PAYDAY 2
2015-02-11 21:51 - 2014-11-13 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassin's Creed Unity
2015-02-11 21:51 - 2014-11-07 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty - Advanced Warfare
2015-02-11 21:51 - 2014-09-27 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metro 2033 Redux
2015-02-11 21:51 - 2014-09-19 03:36 - 00000000 ____D () C:\Windows\Panther
2015-02-11 21:44 - 2014-09-20 09:12 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\Apple Computer
2015-02-08 21:52 - 2014-09-18 18:37 - 00000000 ____D () C:\Users\Ugex\AppData\Local\VirtualStore
2015-02-08 21:50 - 2015-01-27 22:48 - 00000000 ____D () C:\Users\Ugex\Downloads\The Maze Runner (2014)
2015-02-08 21:50 - 2015-01-27 18:14 - 00000000 ____D () C:\Users\Ugex\Downloads\Birdman.2014.DVDSCR.X264-PLAYNOW
2015-02-08 21:50 - 2015-01-26 20:21 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Mentalist.S07E08.720p.HDTV.X264-DIMENSION[rarbg]
2015-02-08 21:50 - 2015-01-25 11:06 - 00000000 ____D () C:\Users\Ugex\Downloads\Gone Girl (2014)
2015-02-08 21:50 - 2015-01-24 23:15 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Vampire.Diaries.S06E11.HDTV.x264-LOL[ettv]
2015-02-08 21:50 - 2015-01-22 19:34 - 00000000 ____D () C:\Users\Ugex\Downloads\Interstellar.2014.DVDScr.XVID.AC3.HQ.Hive-CM8
2015-02-08 21:50 - 2015-01-21 15:43 - 00000000 ____D () C:\Users\Ugex\Downloads\American.Sniper.2014.DVDSCR.X264-PLAYNOW
2015-02-08 21:50 - 2015-01-21 15:40 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Gambler.2014.SCR.AC3.x264-LEGi0N
2015-02-08 21:50 - 2015-01-21 14:00 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Originals.S02E10.HDTV.x264-LOL[ettv]
2015-02-08 21:50 - 2015-01-18 10:14 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Good.Wife.S06E11.HDTV.x264-LOL[ettv]
2015-02-08 21:50 - 2015-01-18 09:25 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Good.Wife.S06E12.720p.HDTV.X264-DIMENSION[rarbg]
2015-02-08 21:50 - 2015-01-17 19:26 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Mentalist.S07E07.720p.HDTV.X264-DIMENSION[rarbg]
2015-02-08 21:50 - 2015-01-14 15:10 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Mentalist.S07E06.720p.HDTV.X264-DIMENSION[rarbg]
2015-02-08 21:50 - 2015-01-09 13:06 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Hobbit.2014.Battle.Of.The.Five.Armies.DVDScr.XVID.AC3.HQ.Hive-CM8
2015-02-08 21:50 - 2015-01-09 10:09 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Imitation.Game.2014.DVDSCR.X264-PLAYNOW
2015-02-08 21:50 - 2015-01-08 16:11 - 00000000 ____D () C:\Users\Ugex\Downloads\Syrup (2013)
2015-02-08 21:50 - 2014-12-26 13:50 - 00000000 ____D () C:\Users\Ugex\Downloads\Cloud Atlas (2012)
2015-02-08 21:50 - 2014-12-23 18:22 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Brass.Teapot.2012 BRRip XViD juggs
2015-02-08 21:50 - 2014-12-20 15:13 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Mentalist.S07E04.720p.HDTV.X264-DIMENSION[rarbg]
2015-02-08 21:50 - 2014-12-20 07:26 - 00000000 ____D () C:\Users\Ugex\Downloads\Nightcrawler 2014 DVDSCR NO WATERMARK XviD-INFERNO
2015-02-08 21:50 - 2014-12-14 20:02 - 00000000 ____D () C:\Users\Ugex\Downloads\Noah (2014) [1080p]
2015-02-08 21:50 - 2014-12-13 08:01 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Mentalist.S07E03.720p.HDTV.X264-DIMENSION[ettv]
2015-02-08 21:50 - 2014-12-12 22:23 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Vampire.Diaries.S06E10.HDTV.x264-LOL[ettv]
2015-02-08 21:50 - 2014-12-09 22:10 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Originals.S02E09.HDTV.x264-LOL[ettv]
2015-02-08 21:50 - 2014-12-06 07:49 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Mentalist.S07E02.HDTV.x264-LOL[ettv]
2015-02-08 21:50 - 2014-12-06 07:48 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Vampire.Diaries.S06E09.HDTV.x264-LOL[ettv]
2015-02-08 21:50 - 2014-12-04 15:25 - 00000000 ____D () C:\Users\Ugex\Downloads\Need for Speed The Run 1.1.0.0 updated  Ultimate unlocker+nodvd
2015-02-08 21:50 - 2014-12-01 23:13 - 00000000 ____D () C:\Users\Ugex\Downloads\Microsoft Visual Studio Ultimate 2013 with Update 3 ISO-TBE
2015-02-08 21:50 - 2014-12-01 22:11 - 00000000 ____D () C:\Users\Ugex\Downloads\Microsoft Visual C# 2013 Step by Step
2015-02-08 21:50 - 2014-11-30 20:13 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Mentalist.S07E01.720p.HDTV.X264-DIMENSION[rarbg]
2015-02-08 21:50 - 2014-11-28 11:56 - 00000000 ____D () C:\Users\Ugex\Downloads\21 & Over (2013)
2015-02-08 21:50 - 2014-11-27 22:37 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Good.Wife.S06E09.HDTV.x264-LOL[ettv]
2015-02-08 21:50 - 2014-11-27 22:35 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Good.Wife.S06E10.HDTV.x264-LOL[ettv]
2015-02-08 21:50 - 2014-11-21 20:01 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Vampire.Diaries.S06E08.HDTV.x264-LOL[ettv]
2015-02-08 21:50 - 2014-11-21 19:47 - 00000000 ____D () C:\Users\Ugex\Downloads\The Vampire Diaries S06E07 HDTV x264-LOL[ettv]
2015-02-08 21:50 - 2014-11-18 20:31 - 00000000 ____D () C:\Users\Ugex\Downloads\The.Originals.S02E07.720p.HDTV.X264-DIMENSION[rarbg]
2015-02-08 21:50 - 2014-11-15 23:08 - 00000000 ____D () C:\Users\Ugex\Downloads\The Good Wife S06E08 HDTV x264-LOL[ettv]
2015-02-08 21:50 - 2014-11-12 19:44 - 00000000 ____D () C:\Users\Ugex\Downloads\The Originals S02E06 HDTV x264-LOL[ettv]
2015-02-08 21:50 - 2014-11-12 19:43 - 00000000 ____D () C:\Users\Ugex\Downloads\The Good Wife S06E07 HDTV x264-LOL[ettv]
2015-02-08 21:50 - 2014-11-08 10:28 - 00000000 ____D () C:\Users\Ugex\Downloads\Left.Behind.2014.HDRip.XviD-SaM[ETRG]
2015-02-08 21:50 - 2014-11-07 23:28 - 00000000 ____D () C:\Users\Ugex\Downloads\The Vampire Diaries S06E06 HDTV x264-LOL[ettv]
2015-02-08 21:50 - 2014-11-07 09:53 - 00000000 ____D () C:\Users\Ugex\Downloads\english
2015-02-08 21:50 - 2014-10-31 22:04 - 00000000 ____D () C:\Users\Ugex\Downloads\Sherlock.Holmes.Crimes.and.Punishments-CODEX
2015-02-08 21:50 - 2014-10-09 22:41 - 00000000 ____D () C:\Users\Ugex\Downloads\Adobe Photoshop CC 2014 (64 bit) (Crack) [ChingLiu]
2015-02-08 21:50 - 2014-09-19 10:07 - 00000000 ____D () C:\Users\Ugex\Downloads\Sony Vegas Pro 13.0 build 290 (64 bit) Multilingual [ChingLiu]
2015-02-08 21:50 - 2014-09-19 09:38 - 00000000 ____D () C:\Users\Ugex\Downloads\Mirillis Action Pro 1.18.0 + Crack [danhuk]
2015-02-08 21:49 - 2014-12-12 22:38 - 00000000 ____D () C:\Users\Ugex\Documents\Assassin's Creed IV Black Flag
2015-02-08 21:49 - 2014-11-08 16:24 - 00000000 ____D () C:\Users\Ugex\Documents\FLiNGTrainer
2015-02-08 21:47 - 2014-12-22 18:37 - 00000000 ____D () C:\Users\Ugex\Desktop\AC_UNITY+12Tr-LNG_v1.4.0-Multi
2015-02-08 21:46 - 2014-10-12 22:45 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recursion
2015-02-08 21:46 - 2014-09-19 10:50 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2015-02-08 21:46 - 2014-09-18 20:39 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-08 21:46 - 2014-09-18 20:33 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-08 21:46 - 2014-09-18 18:36 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-08 21:46 - 2014-09-18 18:36 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-08 21:42 - 2009-07-14 06:20 - 00000000 ____D () C:\Users\Public\Libraries
2015-02-05 23:48 - 2014-09-18 20:28 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 23:48 - 2014-09-18 20:28 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2015-02-26 22:59 - 2015-02-26 22:59 - 0030135 _____ () C:\Users\Ugex\AppData\Local\Bron.tok.A9.em.bin
2015-02-25 23:59 - 2015-02-26 23:15 - 0000000 _____ () C:\Users\Ugex\AppData\Local\BronFoldNetDomList.txt
2015-02-11 22:23 - 2015-02-11 22:23 - 0000051 _____ () C:\Users\Ugex\AppData\Local\Kosong.Bron.Tok.txt
2015-02-14 06:54 - 2015-02-14 06:54 - 0030041 _____ () C:\Users\Ugex\AppData\Local\ListHost9.txt
2015-02-08 21:42 - 2015-02-25 23:52 - 0001019 ____N () C:\Users\Ugex\AppData\Local\NetMailTmp.bin
2015-02-26 23:22 - 2015-02-26 23:22 - 0030135 _____ () C:\Users\Ugex\AppData\Local\Update.9.Bron.Tok.bin
 
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
 
 
Some content of TEMP:
====================
C:\Users\Ugex\AppData\Local\Temp\Quarantine.exe
C:\Users\Ugex\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-27 04:47
 
==================== End Of Log ============================

Attached Files


Edited by Ugex HustleHudge, 27 February 2015 - 06:21 AM.


BC AdBot (Login to Remove)

 


m

#2 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 27 February 2015 - 09:45 AM

Hello Ugex HustleHudge ,and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
:hello:
 
Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 27 February 2015 - 12:30 PM

Hi Ugex HustleHudge,

C:\Users\Ugex\Downloads\Adobe Photoshop CC 2014 (64 bit) (Crack) [ChingLiu]
C:\Users\Ugex\Downloads\Mirillis Action Pro 1.18.0 + Crack [danhuk]
C:\Users\Ugex\Downloads\[kickass.so]dying.light.crackfix.reloaded.torrent

P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • You have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

---------------------------------------------------------------------------------------------------------------------------------------------------
 
Uninstall/remove all entries related to 10Bit or Advanced System Care, that program has dubious history..

Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product. Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

IOBit Steals Malwarebytes' Intellectual Property
IOBit's Denial of Theft Unconvincing
IOBit Theft Conclusion
IObit: Trusting Your Antivirus Vendor
Malwarebytes: IObit Stole Our Signatures Database
IObit accused of stealing from Malwarebytes
http://shanegowland....-sucky-company/
 
Start > Control Panel > Add/Remove Programs.

IObit
IObit Uninstaller
Advanced SystemCare Surfing Protection
Advanced SystemCare


Uninstalling a Program:

  • Click "start" on the taskbar and then click on the "Control Panel" icon.
  • Please double-click the "Add or Remove Programs" icon.
  • A list of programs installed will be "populated", this may take a bit of time.
  • If they exist, uninstall the following by clicking on the following entries and selecting "remove":

PC Restart now.
-----------------------------------------------------------------
Insert the USB memory and external disc on your computer. You are always connected..
 
Step 1:
 
I would suggest you to go through the following steps and check.
 
İE Proxy reset:
a ) Under "Tools" in the browser tool bar select "Internet Options".
b ) In the "Internet Options" Window that pops up, click the "Connections" tab at the top.
c ) Click "LAN Settings" near the bottom of the "Connections" section.
d ) If the "Proxy server" checkbox is marked with a check, click it to deselect/uncheck it.
e ) Click "Ok" to close the "Local Area Network (LAN) Settings" window.
f ) Click "Ok" to close the "Internet Options" Window.
 
Now check if you are able to connect to Internet Explorer.
 
Firefox proxy reset:
http://How to reset the proxy infirefox
 
 To check your Firefox proxy settings:

  • Click the menu button 2014-01-10-13-08-08-f52b8c.png and choose Options
  • Select the Advanced panel.
  • Select the Network tab.
  • In the Connection section, click Settings....
  • Change your proxy settings:
    • If you don't connect to the Internet through a proxy (or don't know whether you connect through a proxy), select No Proxy.
  • Click OK to close the Connection Settings window.
  • Click OK to close the Options window
  • Chrome proxy reset:
    • Click "Customize and Control Google Chrome" menu.
    • Click "Options" button.
    • Under "Google Chrome Options" window select 'Under the Hood" tab
    • In the 'Network' section, click the "Change proxy settings" button.
    • Under "Internet Properties" window click "Lan settings" button.
    • Under "Local Area Network (LAN) Settings" window click on the Proxy server for your LAN"
    • If you don't connect to the Internet through a proxy (or don't know whether you connect through a proxy), select No Proxy. (unticked)
    • Click OK and Apply to save the settings.
    Step 2:
    FRST Script:
    Please download this attached txt.gif  fixlist.txt   6.25KB  0 downloads  and save it in the same directory as FRST.NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
    and fixlist.txt are in the same location or the fix will not work.
    • Start FRST with Administrator privileges.
    • Press the Fix button.
    • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
      Please copy and paste its contents in your next reply.
    Step 3:
    Scan with Malwarebytes Antimalware:

    Please download Malwarebytes Anti-Malware to your desktop.
    • Double-click the downloaded setup file and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    If the program is already installed:
    • Run Malwarebytes Antimalware
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply

Attached Files


Edited by olgun52, 27 February 2015 - 12:31 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 Ugex HustleHudge

Ugex HustleHudge
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 27 February 2015 - 04:58 PM

Hello Yılmaz..and thanks for responding :D

 

i apologize if i gave you the wrong impression about me.. i live in saudi arabia and the only way to acquire software is by torrents.. i hope you would understand

i have deleted my P2P program, and all cracked software on my PC..

i would also like to mention that i didn't know about that whole IObit theft thing... i deleted thier software also..

 

as for the first step i did every thing and i didn't find any of my browsers running a proxy

 

FRST log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01

Ran by Ugex at 2015-02-28 00:36:30 Run:1
Running from C:\Users\Ugex\Desktop\New folder
Loaded Profiles: Ugex (Available profiles: Ugex)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
Hosts: HTML script in Hosts detected. See Hosts section of Addition.txt <==== ATTENTION
HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\...\MountPoints2: {9d8a9d72-3f8c-11e4-b0ba-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\...\MountPoints2: {c5bfac76-45f3-11e4-8cf6-e840f20a551d} - F:\SISetup.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2108125665-3578209175-1559368474-1000 -> DefaultScope {9F6940BB-5F8F-471C-B0B3-A5E689DCA599} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2108125665-3578209175-1559368474-1000 -> {9F6940BB-5F8F-471C-B0B3-A5E689DCA599} URL = http://www.google.com/search?q={searchTerms}
FF ProfilePath: C:\Users\Ugex\AppData\Roaming\Mozilla\Firefox\Profiles\i0bs6qh3.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Ugex\Desktop\Tor Browser\Browser\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HomePage: Default -> hxxp://sa.hao123.com/?tn=bbl_pay_hp_02_hao123_sa
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
S3 VGPU; System32\drivers\rdvgkmd.sys 
2015-02-20 16:18 - 2014-12-06 05:33 - 00021995 _____ () C:\Trojorm Removal Tool v1.5.bat
2015-02-20 16:17 - 2015-02-22 21:48 - 00000000 ____D () C:\Users\Ugex\Desktop\Fixfolder & Trojorm tool
2015-02-20 16:17 - 2015-02-20 16:17 - 00004148 _____ () C:\Users\Ugex\Desktop\Fixfolder & Trojorm tool.zip
2015-02-26 23:22 - 2015-02-26 23:22 - 00030135 _____ () C:\Users\Ugex\AppData\Local\Update.9.Bron.Tok.bin
2015-02-26 22:59 - 2015-02-26 22:59 - 00030135 _____ () C:\Users\Ugex\AppData\Local\Bron.tok.A9.em.bin
2015-02-11 22:23 - 2015-02-11 22:23 - 00000051 _____ () C:\Users\Ugex\AppData\Local\Kosong.Bron.Tok.txt
2015-02-08 21:50 - 2015-02-08 21:50 - 00000000 ____D () C:\Users\Ugex\AppData\Local\Ok-SendMail-Bron-tok
2015-02-08 21:42 - 2015-02-26 23:39 - 00000000 ____D () C:\Users\Ugex\AppData\Local\Loc.Mail.Bron.Tok
2015-02-08 21:42 - 2015-02-25 23:52 - 00001019 ____N () C:\Users\Ugex\AppData\Local\NetMailTmp.bin
2015-02-25 23:59 - 2015-02-26 23:15 - 0000000 _____ () C:\Users\Ugex\AppData\Local\BronFoldNetDomList.txt
2015-02-14 06:54 - 2015-02-14 06:54 - 0030041 _____ () C:\Users\Ugex\AppData\Local\ListHost9.txt
2015-02-26 23:22 - 2015-02-26 23:22 - 0030135 _____ () C:\Users\Ugex\AppData\Local\Update.9.Bron.Tok.bin
2015-02-14 06:54 - 2015-02-14 06:54 - 00030041 _____ () C:\Users\Ugex\AppData\Local\ListHost9.txt
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At1.job
C:\Users\Ugex\AppData\Local\Temp\Quarantine.exe
C:\Users\Ugex\AppData\Local\Temp\sqlite3.dll
2015-02-14 06:59 - 2014-09-20 09:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-02-11 21:44 - 2015-02-11 21:44 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
Task: C:\Windows\Tasks\At1.job => C:\Users\Ugex\AppData\Roaming\Microsoft\Windows\Templates\WowTumpeh.com
Task: C:\Windows\Tasks\At2.job => C:\Users\Ugex\AppData\Roaming\Microsoft\Windows\Templates\WowTumpeh.com
HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\...\Policies\system: [DisableCMD] 0
C:\Users\Ugex\Downloads\Adobe Photoshop CC 2014 (64 bit) (Crack) [ChingLiu]
C:\Users\Ugex\Downloads\Mirillis Action Pro 1.18.0 + Crack [danhuk]
C:\Users\Ugex\Downloads\[kickass.so]dying.light.crackfix.reloaded.torrent
HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Ugex\AppData\Roaming\Mozilla\Firefox\Profiles\i0bs6qh3.default\Extensions\iobitascsurfingprotection@iobit.com [2015-02-11]
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
2015-02-11 21:48 - 2015-02-11 21:48 - 43868160 _____ () C:\Windows\system32\config\COMPONENTS.iobit
2015-02-11 21:48 - 2015-02-11 21:48 - 104972288 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2015-02-11 21:48 - 2015-02-11 21:48 - 05054464 _____ () C:\Windows\system32\config\DEFAULT.iobit
2015-02-11 21:48 - 2015-02-11 21:48 - 00028672 _____ () C:\Windows\system32\config\SAM.iobit
2015-02-11 21:48 - 2015-02-11 21:48 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2015-02-11 21:44 - 2015-02-11 21:44 - 00001232 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-02-11 21:43 - 2015-02-26 23:39 - 00000000 ____D () C:\Users\Ugex\AppData\Roaming\IObit
2015-02-11 21:43 - 2015-02-26 23:39 - 00000000 ____D () C:\ProgramData\IObit
2015-02-11 21:43 - 2015-02-26 14:03 - 00002185 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-02-11 21:43 - 2015-02-14 06:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-02-11 21:43 - 2015-02-11 21:44 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-02-11 21:43 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Hosts:
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
"HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d8a9d72-3f8c-11e4-b0ba-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{9d8a9d72-3f8c-11e4-b0ba-806e6f6e6963} => Key not found. 
"HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5bfac76-45f3-11e4-8cf6-e840f20a551d}" => Key deleted successfully.
HKCR\CLSID\{c5bfac76-45f3-11e4-8cf6-e840f20a551d} => Key not found. 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9F6940BB-5F8F-471C-B0B3-A5E689DCA599}" => Key deleted successfully.
HKCR\CLSID\{9F6940BB-5F8F-471C-B0B3-A5E689DCA599} => Key not found. 
C:\Windows\System32\Drivers\etc\hosts => Should not be moved.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader" => Key deleted successfully.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll => Moved successfully.
C:\Users\Ugex\Desktop\Tor Browser\Browser\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
Chrome HomePage deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
VGPU => Service deleted successfully.
C:\Trojorm Removal Tool v1.5.bat => Moved successfully.
"C:\Users\Ugex\Desktop\Fixfolder & Trojorm tool" => File/Directory not found.
C:\Users\Ugex\Desktop\Fixfolder & Trojorm tool.zip => Moved successfully.
C:\Users\Ugex\AppData\Local\Update.9.Bron.Tok.bin => Moved successfully.
C:\Users\Ugex\AppData\Local\Bron.tok.A9.em.bin => Moved successfully.
C:\Users\Ugex\AppData\Local\Kosong.Bron.Tok.txt => Moved successfully.
C:\Users\Ugex\AppData\Local\Ok-SendMail-Bron-tok => Moved successfully.
C:\Users\Ugex\AppData\Local\Loc.Mail.Bron.Tok => Moved successfully.
C:\Users\Ugex\AppData\Local\NetMailTmp.bin => Moved successfully.
C:\Users\Ugex\AppData\Local\BronFoldNetDomList.txt => Moved successfully.
C:\Users\Ugex\AppData\Local\ListHost9.txt => Moved successfully.
"C:\Users\Ugex\AppData\Local\Update.9.Bron.Tok.bin" => File/Directory not found.
"C:\Users\Ugex\AppData\Local\ListHost9.txt" => File/Directory not found.
C:\Windows\Tasks\At2.job => Moved successfully.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Users\Ugex\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Ugex\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 => Moved successfully.
C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} => Moved successfully.
C:\Windows\Tasks\At1.job not found.
C:\Windows\Tasks\At2.job not found.
HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value deleted successfully.
"C:\Users\Ugex\Downloads\Adobe Photoshop CC 2014 (64 bit) (Crack) [ChingLiu]" => File/Directory not found.
"C:\Users\Ugex\Downloads\Mirillis Action Pro 1.18.0 + Crack [danhuk]" => File/Directory not found.
"C:\Users\Ugex\Downloads\[kickass.so]dying.light.crackfix.reloaded.torrent" => File/Directory not found.
HKU\S-1-5-21-2108125665-3578209175-1559368474-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 8 => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key not found. 
HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key not found. 
C:\Users\Ugex\AppData\Roaming\Mozilla\Firefox\Profiles\i0bs6qh3.default\Extensions\iobitascsurfingprotection@iobit.com not found.
AdvancedSystemCareService8 => Service not found.
LiveUpdateSvc => Service not found.
C:\Windows\system32\config\COMPONENTS.iobit => Moved successfully.
C:\Windows\system32\config\SOFTWARE.iobit => Moved successfully.
C:\Windows\system32\config\DEFAULT.iobit => Moved successfully.
C:\Windows\system32\config\SAM.iobit => Moved successfully.
C:\Windows\system32\config\SECURITY.iobit => Moved successfully.
"C:\Users\Public\Desktop\IObit Uninstaller.lnk" => File/Directory not found.
C:\Users\Ugex\AppData\Roaming\IObit => Moved successfully.
C:\ProgramData\IObit => Moved successfully.
"C:\Users\Public\Desktop\Advanced SystemCare 8.lnk" => File/Directory not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8 => Moved successfully.
C:\Program Files (x86)\IObit => Moved successfully.
"C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll" => File/Directory not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 567.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 00:37:21 ====
 
Malwarebytes Anti-Malware log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/28/2015
Scan Time: 12:44:13 AM
Logfile: Yilmaz.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.27.08
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ugex
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344355
Time Elapsed: 8 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by Ugex HustleHudge, 27 February 2015 - 05:09 PM.


#5 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 27 February 2015 - 06:07 PM

Hi again,

i apologize if i gave you the wrong impression about me.. i live in saudi arabia and the only way to acquire software is by torrents.. i hope you would understand
i have deleted my P2P program, and all cracked software on my PC..
i would also like to mention that i didn't know about that whole IObit theft thing... i deleted thier software also..

You're welcome. No issues. Thank you.
--------------------------------------------
Step1:
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Step2:
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step3:
Please be sure to run our tools with administrator rights.
 
ComboFix run:
 
* IMPORTAN: 1   Place ComboFix.exe on your Desktop
* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop
  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.
Please provide the contents of the ComboFix report in your reply
 
Have a nice day.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 Ugex HustleHudge

Ugex HustleHudge
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 28 February 2015 - 12:33 AM

Adwcleaner log:

 

# AdwCleaner v4.111 - Logfile created 28/02/2015 at 07:56:47

# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Ugex - UGEX-PC
# Running from : C:\Users\Ugex\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16464
 
 
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
 
 
-\\ Google Chrome v40.0.2214.115
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [3265 bytes] - [26/02/2015 16:21:16]
AdwCleaner[R1].txt - [970 bytes] - [26/02/2015 22:44:20]
AdwCleaner[R2].txt - [1036 bytes] - [28/02/2015 07:53:11]
AdwCleaner[S0].txt - [3383 bytes] - [26/02/2015 16:23:03]
AdwCleaner[S1].txt - [1037 bytes] - [26/02/2015 22:47:06]
AdwCleaner[S2].txt - [965 bytes] - [28/02/2015 07:56:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1023  bytes] ##########
 
Junkware Removal Tool log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by Ugex on Sat 02/28/2015 at  8:07:10.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/28/2015 at  8:10:28.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Combofix log:
 
ComboFix 15-02-16.01 - Ugex 02/28/2015   8:17.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8161.6353 [GMT 3:00]
Running from: c:\users\Ugex\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Crypto\RSA\MachineKeys\MachineKeys.exe
c:\programdata\Microsoft\Crypto\RSA\S-1-5-18\S-1-5-18.exe
c:\programdata\Microsoft\Network\Downloader\Downloader.exe
c:\programdata\Microsoft\User Account Pictures\Default Pictures\Default Pictures.exe
c:\users\Ugex\AppData\Local\Adobe\Acrobat\9.0\Cache\Cache.exe
c:\users\Ugex\AppData\Roaming\Adobe\Acrobat\9.0\9.0`.exe
c:\users\Ugex\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2108125665-3578209175-1559368474-1000\S-1-5-21-2108125665-3578209175-1559368474-1000.exe
c:\users\Ugex\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\_hiddenPbk.exe
c:\users\Ugex\AppData\Roaming\Microsoft\Protect\S-1-5-21-2108125665-3578209175-1559368474-1000\S-1-5-21-2108125665-3578209175-1559368474-1000.exe
c:\users\Ugex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Administrative Tools.exe
c:\users\Ugex\AppData\Roaming\Microsoft\Windows\Themes\Themes.exe
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-28 to 2015-02-28  )))))))))))))))))))))))))))))))
.
.
2015-02-27 04:01 . 2015-02-27 21:37 -------- d-----w- C:\FRST
2015-02-26 21:02 . 2015-02-26 21:02 -------- d-----w- c:\program files (x86)\ESET
2015-02-26 20:24 . 2015-02-27 21:44 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-26 20:24 . 2015-02-26 20:24 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-26 20:24 . 2015-02-26 20:24 -------- d-----w- c:\programdata\Malwarebytes
2015-02-26 20:24 . 2014-11-21 03:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-26 20:24 . 2014-11-21 03:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-26 20:24 . 2014-11-21 03:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-26 19:37 . 2015-02-26 19:37 -------- d-----w- c:\program files\CCleaner
2015-02-26 13:20 . 2015-02-28 04:56 -------- d-----w- C:\AdwCleaner
2015-02-20 13:21 . 2015-02-20 13:21 497 ----a-w- C:\fixfolder.vbs
2015-02-15 11:21 . 2015-02-15 11:21 -------- d-----w- C:\found.000
2015-02-14 04:06 . 2015-02-14 04:06 -------- d-----w- c:\users\Ugex\.swt
2015-02-14 04:03 . 2015-02-27 21:23 -------- d-----w- c:\users\Ugex\AppData\Roaming\Azureus
2015-02-13 13:53 . 2015-02-27 21:23 -------- d-----w- c:\users\Ugex\AppData\Roaming\BitTorrent
2015-02-11 18:45 . 2015-02-26 20:39 -------- d-----w- c:\users\Ugex\AppData\Roaming\ProductData
2015-02-11 18:44 . 2015-02-26 20:39 -------- d-----w- c:\programdata\ProductData
2015-02-11 18:43 . 2015-02-11 18:43 -------- d-----w- c:\program files (x86)\Common Files\IObit
2015-02-06 07:03 . 2015-02-06 07:03 -------- d-----w- c:\windows\SysWow64\Adobe
2015-02-06 06:43 . 2015-02-06 06:43 -------- d-----w- c:\users\Ugex\AppData\Local\Mozilla
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-27 21:24 . 2014-12-02 20:06 2126688 ----a-w- c:\programdata\Microsoft\VisualStudio\12.0\1033\ResourceCache.dll
2015-02-13 05:16 . 2014-09-26 20:48 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-13 05:16 . 2014-09-26 20:48 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-02-19 7416088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE OC_GURU.lnk - c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe [2014-10-20 23576576]
Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe -s [2014-12-12 15621008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GPCIDrv;GPCIDrv;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MTKSCVAD;Ralink Virtual Audio device;c:\windows\system32\drivers\mtkvadx.sys;c:\windows\SYSNATIVE\drivers\mtkvadx.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 03:54 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-18 17:27]
.
2015-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-18 17:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-06 2464072]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-11-06 2800296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{F0DEF3E8-F478-4918-BC22-3D72DF367BEE}_is1 - c:\program files (x86)\Conquer Online 2.0\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2108125665-3578209175-1559368474-1000_Classes\Wow6432Node\CLSID\{6bc57809-44a6-4aee-8fb7-6ed6221e81dc}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000011
"Therad"=dword:0000000b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2108125665-3578209175-1559368474-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8d,e9,0f,d7,36,c4,82,b8,28,64,d4,b7,2e,2c,e7,4b,c0,31,d3,62,1a,
   77,d1,16,33,2c,f8,0f,b1,13,17,ae,b8,f4,25,e9,5b,f4,fd,bc,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Ralink\Common\RaRegistry.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-02-28  08:27:03 - machine was rebooted
ComboFix-quarantined-files.txt  2015-02-28 05:27
.
Pre-Run: 402,302,545,920 bytes free
Post-Run: 401,957,982,208 bytes free
.
- - End Of File - - 97DCF6D3882EB28421C10CD25B29E2F3
 


#7 Ugex HustleHudge

Ugex HustleHudge
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 28 February 2015 - 12:46 PM

one thing i notised that after doing all of theese tools, when i start my computer.. a note pad opens and is written inside it:

 

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
 
the note pad opens each and every time i start my computer.. i don't know after which tool did this happened.


#8 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 28 February 2015 - 04:16 PM

ComboFix may have incorrect deletion.

I'm gonna consult it with some experts, give me some time. Please  not a worry.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 28 February 2015 - 05:12 PM

Please try the following directives:

 

Start> Open the Run window.
 
CMD: attrib +h +s "C:\Users\Gerda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini"
CMD: attrib +h +s "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini"


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 Ugex HustleHudge

Ugex HustleHudge
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 01 March 2015 - 06:09 AM

Hi Yılmaz!!

 

Thanks for the solution.. the note pad doesn't show up any more :D



#11 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 01 March 2015 - 08:46 AM

Hi Yılmaz!!

 

Thanks for the solution.. the note pad doesn't show up any more :D

Glad to hear that.

-----------------------------------

 

Step 1:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.07.0.1009.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

Step 2:

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

Step 3:
Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Sincerely.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 Ugex HustleHudge

Ugex HustleHudge
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 01 March 2015 - 10:46 AM

Hello Yılmaz!...Thanks for the quick replay

 

RogueKiller log:

 

RogueKiller V10.4.3.0 [Feb 23 2015] by Adlice Software

 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ugex [Administrator]
Mode : Scan -- Date : 03/01/2015  18:30:52
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 8 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command | (default) : "C:\Users\Ugex\Desktop\Tor Browser\Browser\firefox.exe"  -> Found
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command | (default) : "C:\Users\Ugex\Desktop\Tor Browser\Browser\firefox.exe"  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command | (default) : "C:\Users\Ugex\Desktop\Tor Browser\Browser\firefox.exe" -safe-mode  -> Found
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command | (default) : "C:\Users\Ugex\Desktop\Tor Browser\Browser\firefox.exe" -safe-mode  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZRX-00A8LB0 +++++
--- User ---
[MBR] 1abd928583861976ec82b611e4876dd3
[BSP] 139a48b9b3a9bae44baf160be654c710 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: General USB Flash Disk USB Device +++++
--- User ---
[MBR] 30041879296279f17f70142eba838dc9
[BSP] 640be1cd87e0335a1374ad2581c88c59 : Unknown MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_SCN_03012015_181939.log
 
SecurityCheck log:
 
 Results of screen317's Security Check version 0.99.97  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
  Java 64-bit 8 Update 31
 Adobe Flash Player 16.0.0.305  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox 35.0.1 Firefox out of Date!
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log``````````````````````
 
 

Attached Files



#13 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 01 March 2015 - 04:36 PM

Hi again,

 

Step1:

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 11.0.00 (XI) to your PC's desktop.
 

  • Uninstall Adobe Reader 9 (IX) via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.

Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.
mcafee-ssp.jpg

-----------

 

 Mozilla Firefox 35.0.1 Firefox out of Date! -------->>>Update

 

------------------------------------------

 

Step2:
Run Eset Online Scan

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option "Scan Archives" and Remove found threats is ticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 Ugex HustleHudge

Ugex HustleHudge
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 02 March 2015 - 09:41 AM

Hello..

 

i uninstalled Adobe Reader 9 (IX).. and when i try to install Adobe Reader 11.0.00 (XI) afterwards... the installation stops at 86% and i get the following error messege:

 

Untitled.jpg

 

----------------------------------------------------------

 

Firefox upgrade went smoothly...i will start ESET online scan now..


Edited by Ugex HustleHudge, 02 March 2015 - 09:44 AM.


#15 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:31 AM

Posted 02 March 2015 - 12:34 PM

Hıım.

I guess, adobe reader could not be removed. For this reason,does not install  the new version.Us can be cause a lot of work.

Before you try again in safe mode with networking support. Not loaded, FRST send logs. (Frst.txt and Additional.txt)


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users