Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vxmclient vista home premium


  • This topic is locked This topic is locked
6 replies to this topic

#1 Arjin

Arjin

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 06 March 2015 - 10:21 PM

 My computer is infected and i get these fake adware pop ups please help me

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by kittycat (administrator) on KITTYCAT-PC on 06-03-2015 21:14:28
Running from C:\Users\kittycat\Documents\Downloads
Loaded Profiles: kittycat (Available profiles: kittycat)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(360.cn) C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(MicroStudio) C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(360.cn) C:\Program Files (x86)\360\360sd\360sd.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(360.cn) C:\Program Files (x86)\360\360sd\360rp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Microsoftware) C:\Program Files (x86)\YouTube-Downloader\G1\youtubeserv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-09-12] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7212576 2009-03-10] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Windows Defender] => %ProgramFiles(x86)%\Windows Defender\MSASCui.exe -hide
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [360Safetray] => C:\Program Files (x86)\360\360Safe\safemon\360Tray.exe [724912 2014-01-24] (360.cn)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3290595269-2303839855-82256591-1000\...\Run: [360sd] => C:\Program Files (x86)\360\360sd\360sdrun.exe [833352 2014-11-16] (360.cn)
HKU\S-1-5-21-3290595269-2303839855-82256591-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3290595269-2303839855-82256591-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3290595269-2303839855-82256591-1000\...\MountPoints2: {592170ad-bdda-11df-8559-001f16f22404} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kittycat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kittycat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kittycat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kittycat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kittycat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kittycat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kittycat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kittycat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [360FileGuardAntiDel] -> {130DA40A-D640-44D7-9CC6-FAA1CD6B3DEA} => C:\Program Files (x86)\360\360sd\ShellIco.dll (360.cn)
ShellIconOverlayIdentifiers: [360UDiskGuard Icon Overlay] -> {CC00F81D-5262-450A-B1FA-D6BEE3406263} => C:\Program Files (x86)\360\360Safe\safemon\360UDiskGuard64.dll (360.cn)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0910&m=sx2800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3290595269-2303839855-82256591-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/110
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360Safe\safemon\safemon64.dll (360.cn)
BHO-x32: 360sdbho Class -> {0F4BF955-A127-41B7-A998-369904AA2578} -> C:\Program Files (x86)\360\360sd\360sdbho.dll (360.cn)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360Safe\safemon\safemon.dll (360.cn)
BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\kittycat\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll No File
Toolbar: HKU\S-1-5-21-3290595269-2303839855-82256591-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {03DF0933-6E10-4D32-9835-B9A815622831} https://gopublic.wspan.com/secure/DLLs/WSSystemInformation.cab
DPF: HKLM-x32 {1E0DFFCF-27FF-4574-849B-55007349FEDA} https://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
DPF: HKLM-x32 {7B72C3FC-34B5-4504-B4BE-EB38971A0888} https://go.worldspan.com/Dlls/WSFileIO3.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @360.cn/npaxlogin -> C:\Program Files (x86)\360\360Safe\Utils\npaxlogin.dll (360.cn)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\7.20.11T\npwangwang.dll ( )
FF Plugin-x32: @alipay.com/NPComBrg701,version=1.0.2011.701 -> C:\Windows\system32\itruscert\NPComBrg701.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @qq.com/npqscall,version=1.0.0 -> %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3290595269-2303839855-82256591-1000: @360.cn/360MMPlugin -> C:\Program Files (x86)\360\360Safe\MobileMgr\np360MMPlugIn.dll (360.cn)
FF Plugin HKU\S-1-5-21-3290595269-2303839855-82256591-1000: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\7.20.25T\npAliSSOLogin.dll (Alibaba software (Shanghai) Corporation.)
FF Plugin HKU\S-1-5-21-3290595269-2303839855-82256591-1000: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\7.20.25T\npwangwang.dll ( )
FF Plugin HKU\S-1-5-21-3290595269-2303839855-82256591-1000: @alipay.com/npalicert -> C:\Users\kittycat\AppData\Roaming\alipay\cf\npalicdo.dll (alipay.com)
FF Plugin HKU\S-1-5-21-3290595269-2303839855-82256591-1000: @nsroblox.roblox.com/launcher -> C:\Users\kittycat\AppData\Local\Roblox\Versions\version-7cb30356092f43ac\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3290595269-2303839855-82256591-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\kittycat\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-08]
 
Chrome: 
=======
CHR Profile: C:\Users\kittycat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\kittycat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\kittycat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kittycat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-15]
CHR Extension: (YouTube) - C:\Users\kittycat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-15]
CHR Extension: (Adblock Plus) - C:\Users\kittycat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-15]
CHR Extension: (Google Search) - C:\Users\kittycat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-15]
CHR Extension: (Google Wallet) - C:\Users\kittycat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-15]
CHR Extension: (Gmail) - C:\Users\kittycat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 360rp; C:\Program Files (x86)\360\360sd\360rps.exe [321096 2014-11-17] (360.cn)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-02-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-02-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-02-03] (BlueStack Systems, Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 scan; C:\Program Files (x86)\360\360sd\Scan.dll [200704 2009-04-22] (S.C. BitDefender S.R.L) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
R2 YouTubeDownload_G1; C:\Program Files (x86)\YouTube-Downloader\G1\youtubeserv.exe [2971736 2015-03-04] (Microsoftware)
R2 ZhuDongFangYu; C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe [235096 2014-02-19] (360.cn)
U2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X]
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77896 2014-04-22] (360.cn)
S3 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305336 2013-10-14] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40120 2013-07-11] (360.cn)
S1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [303440 2014-01-26] (360.cn)
S1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [58048 2013-05-23] (360.cn)
S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180808 2014-11-06] (360.cn)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-02-03] (BlueStack Systems)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 qutmdserv; C:\Windows\System32\drivers\qutmdrv.sys [91184 2010-04-16] (360安全中心)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [340992 2007-12-26] (NETGEAR Inc.)
S1 360SelfProtection; system32\drivers\360SelfProtection.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 EfiMon; System32\Drivers\Efimon.sys [X]
S0 HookPort; System32\Drivers\HookPort.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-02 15:29 - 2015-03-02 15:29 - 00000000 ____D () C:\Program Files (x86)\YouTube Downloader Services
2015-03-01 08:45 - 2015-03-01 08:47 - 00448874 _____ () C:\Windows\dd_vcredistMSI09BD.txt
2015-03-01 08:45 - 2015-03-01 08:47 - 00016862 _____ () C:\Windows\dd_vcredistUI09BD.txt
2015-03-01 08:38 - 2015-03-03 15:50 - 00005064 _____ () C:\Windows\PFRO.log
2015-02-28 12:18 - 2015-02-28 12:18 - 00000000 ____D () C:\Windows\pss
2015-02-28 11:31 - 2015-02-28 11:31 - 00000000 ____D () C:\Users\kittycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-28 11:27 - 2015-02-28 11:27 - 00000000 ____D () C:\Users\kittycat\AppData\Local\Steam
2015-02-28 10:46 - 2015-02-28 10:46 - 00004204 _____ () C:\Users\kittycat\Documents\gfdf.txt
2015-02-28 10:46 - 2015-02-28 10:46 - 00004154 _____ () C:\Users\kittycat\Documents\gfdda.txt
2015-02-28 10:45 - 2015-02-28 13:32 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-28 10:45 - 2015-02-28 10:46 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-28 10:45 - 2015-02-28 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-28 10:05 - 2015-02-28 10:05 - 00001067 _____ () C:\Malwaresss.txt
2015-02-28 01:00 - 2015-02-28 01:01 - 00594014 _____ () C:\Windows\dd_vcredistMSI57C2.txt
2015-02-28 01:00 - 2015-02-28 01:01 - 00021884 _____ () C:\Windows\dd_vcredistUI57C2.txt
2015-02-27 19:57 - 2015-02-27 19:59 - 00621570 _____ () C:\Windows\dd_vcredistMSI6FDA.txt
2015-02-27 19:57 - 2015-02-27 19:59 - 00017600 _____ () C:\Windows\dd_vcredistUI6FDA.txt
2015-02-26 21:10 - 2015-02-26 21:10 - 00000000 ____D () C:\Users\kittycat\AppData\Roaming\ESET
2015-02-26 21:10 - 2015-02-26 21:10 - 00000000 ____D () C:\Users\kittycat\AppData\Local\ESET
2015-02-25 03:04 - 2015-02-25 03:04 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-02-25 03:04 - 2015-02-25 03:04 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-02-24 20:40 - 2015-02-28 10:07 - 00002086 _____ () C:\Windows\epplauncher.mif
2015-02-24 20:40 - 2015-02-24 20:40 - 00001828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-24 20:39 - 2015-02-24 20:40 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-24 20:39 - 2015-02-24 20:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-24 20:39 - 2010-04-06 02:34 - 00345984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-02-24 19:54 - 2015-02-26 17:56 - 00000000 ____D () C:\Program Files (x86)\SpyNoMore
2015-02-24 19:54 - 2015-02-24 19:54 - 00001152 _____ () C:\Windows\SysWOW64\windrv.sys
2015-02-24 19:54 - 2015-02-24 19:54 - 00000000 ____D () C:\Users\kittycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyNoMore
2015-02-24 19:54 - 2015-02-24 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyNoMore
2015-02-22 08:41 - 2015-02-22 08:41 - 00001720 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-02-22 08:40 - 2015-02-25 16:11 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-02-22 08:40 - 2015-02-22 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-02-22 08:40 - 2015-02-22 08:41 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-02-22 08:40 - 2015-02-22 08:41 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-02-22 08:40 - 2015-02-22 08:40 - 00000000 ____D () C:\Users\kittycat\AppData\Local\Bluestacks
2015-02-17 20:50 - 2015-03-03 15:51 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-17 20:22 - 2015-02-19 21:23 - 00000000 ____D () C:\ProgramData\Optimizer
2015-02-17 20:04 - 2015-03-06 21:14 - 00000000 ____D () C:\FRST
2015-02-17 20:03 - 2015-02-25 17:07 - 00000000 ____D () C:\AdwCleaner
2015-02-16 10:07 - 2015-02-16 10:32 - 00000000 ____D () C:\Users\kittycat\VirtualBox VMs
2015-02-16 10:05 - 2015-02-17 18:08 - 00000000 ____D () C:\Users\kittycat\.VirtualBox
2015-02-16 10:04 - 2015-02-12 16:54 - 00921144 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-02-16 10:04 - 2015-02-12 16:53 - 00128592 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-02-15 07:44 - 2015-01-22 22:07 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-15 07:44 - 2015-01-22 21:59 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-15 07:44 - 2015-01-22 21:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-15 07:44 - 2015-01-22 20:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-15 02:23 - 2015-01-08 18:34 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-15 02:23 - 2014-12-07 19:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-15 02:23 - 2014-12-07 19:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-15 02:22 - 2015-01-12 19:51 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-15 02:22 - 2015-01-12 19:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-15 02:22 - 2014-11-25 20:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-15 02:22 - 2014-11-25 19:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-15 02:21 - 2015-01-15 00:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-15 02:21 - 2015-01-14 22:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-15 00:31 - 2015-02-28 09:45 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-15 00:31 - 2015-02-15 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-15 00:21 - 2015-01-13 21:08 - 17878016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-15 00:21 - 2015-01-13 20:59 - 10924032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-15 00:21 - 2015-01-13 20:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-15 00:21 - 2015-01-13 20:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-15 00:21 - 2015-01-13 20:49 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-15 00:21 - 2015-01-13 20:47 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-15 00:21 - 2015-01-13 20:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-15 00:21 - 2015-01-13 20:47 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-15 00:21 - 2015-01-13 20:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-15 00:21 - 2015-01-13 20:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-15 00:21 - 2015-01-13 20:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-15 00:21 - 2015-01-13 20:45 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-15 00:21 - 2015-01-13 20:45 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-15 00:21 - 2015-01-13 20:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-15 00:21 - 2015-01-13 20:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-15 00:21 - 2015-01-13 20:44 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-15 00:21 - 2015-01-13 20:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-15 00:21 - 2015-01-13 20:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-15 00:21 - 2015-01-13 20:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-15 00:21 - 2015-01-13 20:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-15 00:21 - 2015-01-13 19:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-15 00:21 - 2015-01-13 19:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-15 00:21 - 2015-01-13 19:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-15 00:21 - 2015-01-13 19:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-15 00:21 - 2015-01-13 19:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-15 00:21 - 2015-01-13 19:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-15 00:21 - 2015-01-13 19:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-15 00:21 - 2015-01-13 19:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-15 00:21 - 2015-01-13 19:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-15 00:21 - 2015-01-13 19:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-15 00:21 - 2015-01-13 19:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-15 00:21 - 2015-01-13 19:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-15 00:21 - 2015-01-13 19:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-15 00:21 - 2015-01-13 19:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-15 00:21 - 2015-01-13 19:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-15 00:21 - 2015-01-13 19:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-15 00:21 - 2015-01-13 19:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-15 00:21 - 2015-01-13 19:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-15 00:21 - 2015-01-13 19:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-15 00:21 - 2015-01-13 19:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-02-15 00:05 - 2015-03-04 18:17 - 00000000 ____D () C:\Program Files (x86)\YouTube-Downloader
2015-02-14 23:45 - 2015-02-14 23:45 - 00000000 ____D () C:\Users\kittycat\AppData\Local\Deployment
2015-02-14 23:45 - 2015-02-14 23:45 - 00000000 ____D () C:\Users\kittycat\AppData\Local\Apps\2.0
2015-02-12 16:53 - 2015-02-12 16:53 - 00141440 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2015-02-07 08:30 - 2015-02-07 08:36 - 00000000 ____D () C:\Users\kittycat\AppData\Roaming\kingsoft
2015-02-07 08:30 - 2015-02-07 08:36 - 00000000 ____D () C:\Users\kittycat\AppData\Local\kingsoft
2015-02-07 08:27 - 2015-02-24 20:08 - 00000000 ____D () C:\Windows\system32\log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-06 20:35 - 2010-12-01 12:15 - 02012460 _____ () C:\Windows\WindowsUpdate.log
2015-03-06 20:32 - 2006-11-02 09:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-06 20:32 - 2006-11-02 09:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-06 16:50 - 2015-01-16 20:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-03 15:50 - 2015-01-20 18:23 - 00000000 ____D () C:\Users\kittycat\AppData\Local\TSVNCache
2015-03-03 15:50 - 2006-11-02 09:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-03 07:17 - 2010-09-08 21:38 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 21:43 - 2006-11-02 09:42 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-01 19:27 - 2015-01-23 19:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 12:19 - 2015-01-04 23:20 - 00003126 _____ () C:\Windows\System32\Tasks\RPC
2015-02-28 12:19 - 2014-12-09 18:59 - 00003522 _____ () C:\Windows\System32\Tasks\BBQLeads
2015-02-28 12:19 - 2012-01-31 01:23 - 00003234 _____ () C:\Windows\System32\Tasks\{C9AEE347-6663-4976-977E-1BDED040860D}
2015-02-28 12:19 - 2011-04-25 14:52 - 00003080 _____ () C:\Windows\System32\Tasks\{8CC7A1EA-292A-4944-8496-CC88E5DA6B73}
2015-02-28 09:40 - 2015-01-16 18:38 - 00000000 ___RD () C:\Users\kittycat\Dropbox
2015-02-28 09:40 - 2013-10-09 12:39 - 00000000 ____D () C:\Users\kittycat\AppData\Roaming\Dropbox
2015-02-27 20:08 - 2009-04-02 02:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-27 19:45 - 2010-09-08 20:46 - 00081672 _____ () C:\Users\kittycat\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-27 19:42 - 2006-11-02 09:21 - 00376360 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-26 21:09 - 2010-09-08 20:44 - 00000000 ____D () C:\Users\kittycat
2015-02-26 17:56 - 2015-01-04 23:20 - 00000000 __SHD () C:\Program Files (x86)\Lequering
2015-02-26 03:02 - 2014-10-18 19:08 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-25 17:36 - 2006-11-02 06:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-25 16:53 - 2015-01-23 19:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-25 16:12 - 2015-01-23 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-25 16:11 - 2012-02-01 22:30 - 00000000 ____D () C:\Users\kittycat\Tracing
2015-02-25 16:10 - 2012-07-25 19:56 - 00000000 ____D () C:\Windows\Minidump
2015-02-25 16:10 - 2009-04-02 01:28 - 00000000 ____D () C:\Windows\Panther
2015-02-25 03:04 - 2009-04-02 02:39 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2015-02-25 03:04 - 2009-04-02 02:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2015-02-25 03:04 - 2009-04-02 02:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-02-15 11:31 - 2012-01-28 23:01 - 00000000 ____D () C:\Users\kittycat\Documents\New Folder
2015-02-15 11:29 - 2014-10-26 20:21 - 00000000 ____D () C:\Users\kittycat\Desktop\LORA PANG CUATE
2015-02-15 00:31 - 2010-09-08 20:44 - 00000000 ____D () C:\Users\kittycat\AppData\Local\Google
2015-02-15 00:14 - 2015-01-16 18:35 - 00000000 ____D () C:\Users\kittycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-15 00:04 - 2010-09-08 22:39 - 00000000 ____D () C:\Windows\Tasks\360Disabled
2015-02-15 00:04 - 2006-11-02 06:33 - 67895296 _____ () C:\Windows\system32\config\software_previous
2015-02-15 00:04 - 2006-11-02 06:33 - 66846720 _____ () C:\Windows\system32\config\components_previous
2015-02-15 00:04 - 2006-11-02 06:33 - 29622272 _____ () C:\Windows\system32\config\system_previous
2015-02-15 00:04 - 2006-11-02 06:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-02-15 00:04 - 2006-11-02 06:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-02-15 00:04 - 2006-11-02 06:33 - 00262144 _____ () C:\Windows\system32\config\default_previous
2015-02-15 00:03 - 2015-01-20 19:02 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-02-15 00:03 - 2015-01-20 18:56 - 00000000 ____D () C:\Users\kittycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
2015-02-15 00:03 - 2015-01-20 18:56 - 00000000 ____D () C:\Program Files (x86)\Reason
2015-02-15 00:03 - 2015-01-19 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
2015-02-15 00:03 - 2012-07-10 14:45 - 00000000 ____D () C:\Users\kittycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-15 00:03 - 2012-07-10 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-15 00:03 - 2011-04-25 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 100
2015-02-15 00:03 - 2011-04-25 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 90
2015-02-15 00:03 - 2006-11-02 07:34 - 00000000 ____D () C:\Windows\system32\spool
2015-02-15 00:03 - 2006-11-02 07:33 - 00000000 __RSD () C:\Windows\Media
2015-02-15 00:02 - 2006-11-02 07:33 - 00000000 ____D () C:\Windows\registration
2015-02-14 23:46 - 2009-09-30 14:03 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-07 08:31 - 2009-09-30 18:04 - 00000000 ____D () C:\ProgramData\Kingsoft
 
==================== Files in the root of some directories =======
 
2015-02-10 19:27 - 2015-02-10 19:38 - 0000115 _____ () C:\Users\kittycat\AppData\Roaming\LogFile.txt
2014-12-09 19:38 - 2014-12-11 16:38 - 0000140 _____ () C:\Users\kittycat\AppData\Roaming\WB.CFG
2012-02-02 07:32 - 2013-01-05 20:21 - 0000680 _____ () C:\Users\kittycat\AppData\Local\d3d9caps.dat
2010-09-11 23:07 - 2014-04-07 19:44 - 0045056 _____ () C:\Users\kittycat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-16 15:06 - 2014-10-16 15:06 - 0437880 _____ () C:\Users\kittycat\AppData\Local\dd_vcredistMSI2B38.txt
2014-10-16 15:06 - 2014-10-16 15:06 - 0016666 _____ () C:\Users\kittycat\AppData\Local\dd_vcredistUI2B38.txt
2014-12-11 16:38 - 2014-12-11 16:38 - 0000002 _____ () C:\Users\kittycat\AppData\Local\DSI.DAT
2015-01-16 20:17 - 2015-01-16 20:17 - 0000000 ___SH () C:\Users\kittycat\AppData\Local\LumaEmu
2011-07-08 16:25 - 2011-07-08 16:25 - 0000576 _____ () C:\ProgramData\afl.log
2014-12-11 23:30 - 2015-01-04 23:30 - 0001773 _____ () C:\ProgramData\tempimage.bmp
 
Some content of TEMP:
====================
C:\Users\kittycat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdiui2n.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-03 15:56
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:51 AM

Posted 11 March 2015 - 09:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

(Microsoftware) C:\Program Files (x86)\YouTube-Downloader\G1\youtubeserv.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\kittycat\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll No File
Toolbar: HKU\S-1-5-21-3290595269-2303839855-82256591-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin-x32: @alipay.com/NPComBrg701,version=1.0.2011.701 -> C:\Windows\system32\itruscert\NPComBrg701.dll No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @qq.com/npqscall,version=1.0.0 -> %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll No File
R2 YouTubeDownload_G1; C:\Program Files (x86)\YouTube-Downloader\G1\youtubeserv.exe [2971736 2015-03-04] (Microsoftware)
U2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X]
S1 360SelfProtection; system32\drivers\360SelfProtection.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 EfiMon; System32\Drivers\Efimon.sys [X]
S0 HookPort; System32\Drivers\HookPort.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
C:\Program Files (x86)\YouTube-Downloader

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 Arjin

Arjin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 11 March 2015 - 07:12 PM

Its doing great i have not seen the pop up yet 

 

here is the scan result

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by kittycat at 2015-03-11 19:07:05 Run:2
Running from C:\Users\kittycat\Documents\Downloads\FRST-OlderVersion
Loaded Profiles: kittycat (Available profiles: kittycat)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
(Microsoftware) C:\Program Files (x86)\YouTube-Downloader\G1\youtubeserv.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\kittycat\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll No File
Toolbar: HKU\S-1-5-21-3290595269-2303839855-82256591-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin-x32: @alipay.com/NPComBrg701,version=1.0.2011.701 -> C:\Windows\system32\itruscert\NPComBrg701.dll No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @qq.com/npqscall,version=1.0.0 -> %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll No File
R2 YouTubeDownload_G1; C:\Program Files (x86)\YouTube-Downloader\G1\youtubeserv.exe [2971736 2015-03-04] (Microsoftware)
U2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X]
S1 360SelfProtection; system32\drivers\360SelfProtection.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 EfiMon; System32\Drivers\Efimon.sys [X]
S0 HookPort; System32\Drivers\HookPort.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
C:\Program Files (x86)\YouTube-Downloader
 
End
*****************
 
Processes closed successfully.
C:\Program Files (x86)\YouTube-Downloader\G1\youtubeserv.exe => No running process found
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDD362CF-523B-4BC9-8FDC-58F93B6BC945}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DDD362CF-523B-4BC9-8FDC-58F93B6BC945}" => Key deleted successfully.
HKU\S-1-5-21-3290595269-2303839855-82256591-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@alipay.com/NPComBrg701,version=1.0.2011.701" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npqscall,version=1.0.0" => Key deleted successfully.
YouTubeDownload_G1 => Service not found.
iSafeService => Service deleted successfully.
360SelfProtection => Service deleted successfully.
EagleX64 => Service deleted successfully.
EfiMon => Service deleted successfully.
HookPort => Service deleted successfully.
IpInIp => Service deleted successfully.
NAVENG => Service deleted successfully.
NAVEX15 => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
SRTSP => Service deleted successfully.
SRTSPX => Service deleted successfully.
C:\Program Files (x86)\YouTube-Downloader => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:07:37 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:51 AM

Posted 12 March 2015 - 07:58 AM

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#5 Arjin

Arjin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 12 March 2015 - 03:52 PM

Its is doing ok i will report if it appears

 
Results of screen317's Security Check version 0.99.97  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
360杀毒                         
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 SpyNoMore 3.00    
 Java™ 6 Update 5  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
  Adobe Flash Player 15.0.0.152 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 6 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:51 AM

Posted 13 March 2015 - 07:27 AM

Using the Add/Remove programs delete this old version of Java™ 6 Update 5
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:51 AM

Posted 19 March 2015 - 07:18 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users